Date: October 12, 2007
Source: Fox News
Abstract: In recent years, the anonymous nature of the Web has turned it into a boomtown for all sorts of radicalized hate.
"Since the events of 9/11, terrorist presence online has multiplied tenfold," says Hsinchun Chen, director of the University of Arizona's Artificial Intelligence Lab. "Around the year 2000, there were 70 to 80 core terrorist sites online; now there are at least 7000 to 8000."
Those sites are doing everything from spreading militant propaganda to offering insurgency advice to plotting the next wave of attacks, making the net, as Chen also points out: "arguably the most powerful tool for spreading extremist violence around the world."
But thanks to Chen, that tide may be turning. He's the architect behind the newest weapon in the war on terror — a giant, searchable database on extremists known as Dark Web.
Using a bevy of advanced technologies, Dark Web is an attempt to uncover, cross-reference, catalogue and analyze all online terrorist-generated content.
This is a vast amount of material, posted in dozens of languages and often hidden behind the blandest of portals.
The more radical of these forums can host as many as 20,000 members and half a million postings, making the Web an increasing nightmare for the intelligence community, but a perfect prowling ground for a data-mining expert like Chen.
In fact, Dark Web is Chen's second foray into online crime-fighting. The first began in 1997, when he — already an expert at tracking social change online (crime and terrorisms being extreme examples of social change) — teamed up with the Tucson Police Department and the National Science Foundation (NSF) to help develop Coplink, a way for law enforcement forces around the country to link files and consolidate data.
It was Coplink that helped build the case against the Washington, D.C., Beltway snipers, John Muhammad and Lee Boyd Malvo. Because of this and other successes, in early 2002 the NSF asked Chen to try to build a similar system against terrorism.
He began with a modified version of Web-spidering. Typically, Web spiders are keyword-based followers of the hyperlinks between Web pages. This is essentially how search engines like Google and Yahoo do their work.
Unfortunately, a study done by the NEC Research Institute, the research arm of Japan's consumer-electronics giant NEC Corporation, found that existing engines cannot keep up with the Web's growth rate. Each one can only mine 16 percent of the available material.
The recent arrival of meta-search engines, capable of triangulating between several engines at once with a much higher success rate, solved this problem, but unearthed another.
"Information analysis was our goal," says Chen, "and information overload was the biggest hurdle."
To clear this hurdle, Dark Web relies on all sorts of analytical tools. It utilizes existing technologies such as statistical analysis, cluster analysis, content analysis and link analysis, as well as brand new technologies like sentiment analysis, which is capable of scanning documents for emotionally charged keywords such as "that sucks."
This form of analysis has proven effective in gauging the success of new consumer products. But instead of judging the fate of the latest movie, Chen uses sentiment analysis to look for emotions like rage and hate in an attempt to tease apart the social activists from the suicide bombers.
That's merely the beginning. Dark Web also employs social-network analysis to map extremist networks, determining the importance of each member and establishing the organizations' hierarchies.
To do this, Chen uses centrality and structural-equivalence measures to examine social-network components, such as the prestige allotted to any given poster by other members and the "closeness" — a given poster's access to information on the network coupled with his independence from others — among subjects in an attempt to further separate an organization's leaders from its outliers.
Researchers then explore things such as cohesiveness and group density — using a form of pattern analysis called blockmodeling — to help determine the stability of any given organization and, perhaps more importantly, the nodes most vulnerable to attack.
These methods were already in use before Dark Web. Chen and his cohorts also developed a few novel ideas of their own, including a technique called Writeprint which examines structural and semiotic content from anonymous postings in an attempt to determine authorship.
"The Web is a gargantuan series of diffused networks," says NSF spokesman Dana Cruikshank. "Dark Web finds the patterns that make it much less decentralized."
Chen says that if Dark Web had been online before the Iraq war, it could have determined whether the purported links between Al Qaeda and Saddam Hussein were fact or fiction.
Moreover, the database also offers a terrorism knowledge portal, essentially a search engine for extremism, and a terrorism expert finder, a database of the world's best anti-terrorism minds — two things that have been sorely missing in the war against extremism.
Despite all of this tantalizing potential, not everyone is convinced Dark Web is actually a tool for freedom.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, an online civil-liberties group, says "the very same tools that can be used to track terrorists can also be used to track political opponents."
To make sure that doesn't happen, Rotenberg maintains that Dark Web must be used within the confines of our existing privacy laws — an idea that may be better in theory than in practice.
Though Chen strenuously denies it, there are a number of similarities between Dark Web and the Defense Advanced Research Projects Agency's controversial Total Information Awareness (TIA) initiative, for which funding was cut off by Congress in 2003 over civil-liberties concerns.
"Just because someone posts something we don't like on the Internet, doesn't mean they also suspend their First Amendment rights," says Mike German, the ACLU's policy counsel on national security, immigration and privacy. "Things like authorship analysis are particularly tricky. How could you know that someone was really intent on violence before that act of violence was committed?"
German, who spent years on the domestic-terrorism beat for the FBI before coming to work for the ACLU, feels that Dark Web is a great waste of critical resources.
"I know this from my time spent undercover, infiltrating exactly these kinds of organizations: Every terrorist training manual makes it clear that a huge separation should be kept between the bomb-makers and the propagandists. Between the action wing and the political wing. This means, by design, Dark Web is chasing the wrong people."
"By design, we really only look into the contents of the propagandists of the jihadist movement," he says. "I think this is the bigger danger — the ability of the Web to attract and 'infect' young disgruntled men in the world.
"We do not get into the actual operational wings of their groups, as most of the secret operational communications are encrypted and moved off-line," Chen explains. "Tracking those secret member communications is the domain of NSA, not us."
Civil-liberties concerns may continue to dog the technological front of the war on terror, but Dark Web is already producing results.
A recent study by Chen's group of training manuals and methods to build and use improvised explosive devices posted online — including where in the world such manuals have been downloaded — has led to countermeasures that are currently keeping soldiers and civilians alike safer. Which is, after all, the point (Fox News, 2007).
Defending The Data Center: What CIOs Should Do To Prevent Or Mitigate Cyber
Attacks On Data Centers.
Date: August 12, 2009
Abstract: Selected, simultaneous attacks on multiple data centers could paralyze the national and global economy. Recognizing this, the Obama administration is seeking a national cyber security czar to prevent or mitigate these problems.
Cyber attacks are asymmetrical, meaning they can be carried out anonymously by individuals, small groups or nations with relatively little investment. Defending against them is extremely costly. Over the last 10 years, attacks have transitioned from hackers intent on demonstrating their programming competence to organized groups with political or economic motives. The recent denial of service attacks on Twitter, YouTube and others illustrate that terrorism is something IT executives now need to consider.
The oldest cyber frontier is actual physical attack or the threat of attack to disable data centers. This can be done without saboteurs ever gaining access to the interior of the data center. Previously in the realm of science fiction, asymmetrical physical attacks on data centers by explosives, biological agents, electromagnetic pulse, electric utility or other means are now credible. Unlike the hacker who merely wanted publicity, the newest players don't necessarily want the public to know. Criminal extortion to prevent an attack is coming, if not already here.
In the aftermath of 9/11, regulators proposed that the largest financials be required to have physical separation of 500 miles between their primary data centers. This rule was quickly modified to 30 miles due to the distance limitations of then-possible synchronous communications. The 500 mile rule wasn't wrong--30 miles of physical separation isn't enough to preclude terrorist or regional events including weather and shared utility grids from simultaneously affecting both primary and secondary data centers. Since we haven't had any terrorist attacks in the U.S. since 2001, data center physical security has since receded from public and political consciousness. But physical threats remain real and are now becoming even more complex.
We are currently living through the economic chaos caused by a loss of confidence in our banking system. A similar panic could be caused by disabling multiple data centers. The probability of a physical attack against any given data center is extremely low, especially for smaller companies. The risk is much greater for companies with deep financial pockets or those containing sensitive data such as financial institutions.
The likelihood of a physical attack being successful is rising every year, and the cost to the attacker is dropping. In the aftermath of such an attack, regulatory rule changes that the public and politicians would see as merely being common sense would obsolete virtually the entire data center investment of all the top U.S. and world financial companies overnight. So, what is prudent to do now?
Site selection for a new data center is the cheapest way to control future physical risk. Mitigating physical risk for a poorly located existing data center is virtually impossible no matter how much money is spent. This is why the focus must be on correctly siting all new data centers.
Despite exhaustive location studies, data centers have typically been located within convenient driving distance of the CIO's home. This is no longer appropriate because data centers have become highly automated, lights-out factories. Fewer than 30 people are required on-site for even the largest facility. On-site head count and data center reliability are inversely correlated. Keep programmers and other IT people in locations away from the data center.
Data center sites should be selected based on utilities, fiber density, natural and man-made risks, and the ability to physically secure the outside perimeter. One extremely smart real estate executive located his company's new $100 million data center in the middle of 80 acres of farm land. He got almost $20 million in economic and tax incentives to locate in a rural area. This more than offset the $3 million cost for the land.
What did 80 acres buy? No highways, pipelines, canals, airports and so forth within one mile of the site. As a result, the site is not likely to ever be shut down by mandatory fire marshal evacuation for an over-turned gasoline tanker or the derailment of a chemical rail car. Perimeter security is provided around the entire site with empty land making visual control easy. Truck and car access is controlled and is remote from the data center. Equipment and materials for the data center can be remotely screened before being taken to the data center building. Parking is far away from the building. Only two rows of chain link fence are currently being used, but these can easily be upgraded. The building is designed with all air intakes in a single central location that makes biological filters easy to install. Such filters were not initially installed because cyber attacks were not a serious threat at the time, and the engineering maturity of filtering was still in its infancy. Electromagnetic Interference (EMI) and Electromagnetic Pulse (EMP) protection was built into the walls.
Physical security for this data center is already better than virtually any other data center, and it has inexpensive options for further improvements. This center and its associated investment will not be easily obsoleted by regulatory rule changes that can be reasonably anticipated in the future.To recap, data centers are now being recognized by politicians and others as having national security vulnerabilities. Simple and common-sense regulatory changes will wipe out virtually all existing data center investment of major financial institutions. While it is not prudent yet to mitigate physical risk in existing sites, management has an obligation to include the possibility of physical threats in all new data center investment. Done strategically, a highly secure facility need not be expensive (Forbes, 2009).
Title: Al-Qaida, Cyberattacks Top U.S. Threat List
Date: February 10, 2010
Abstract: The nation's top intelligence official told Congress on Tuesday that the U.S. government is making significant progress against al-Qaida's terrorist network, despite several recent high-profile plots, while separately he issued a sharp new warning on an alarming rise in cyberattacks.
Dennis Blair, the director of national intelligence, opened his annual threat assessment by calling recent computer attacks against Google's operations in China "a wake-up call." Computer attacks by nation-states, terrorist networks and criminals against government and private computers are happening "on an unprecedented scale with extraordinary sophistication," he said.
The online threat has moved well beyond simple criminal acts. Instead, it appears to potentially threaten the heart of the strategic advantage long held by the U.S. military and U.S. spy agencies.
"We cannot be certain that our cyberspace infrastructure will remain available and reliable during a time of crisis," Blair warned.
Emphasis On Al-Qaida
But in his testimony before the Senate Intelligence Committee, Blair quickly turned to al-Qaida, which he warned still has the capability to "recruit, train and deploy operatives" for terrorist plots inside the United States.
"Counterterrorism efforts against al-Qaida have put the organization in one of its most difficult positions since the early days of Operation Enduring Freedom in late 2001," Blair said in his prepared statement. "However, while these efforts have slowed the pace of anti-U.S. planning and hindered progress on new external operations, they have not been sufficient to stop them."
Blair's delicate balancing act reflects the difficulty of putting into context the recent series of terrorist plots — including the failed Christmas Day attack on a U.S. airliner, the arrest of a man in Denver for an alleged New York terrorism plot and the Fort Hood massacre in Texas — which have cast some doubt on spy agencies' assessments of al-Qaida.
'Many Unanswered Questions'
"It is natural that we ask ourselves whether these events are evidence of an increase in the threat, a change in the nature of the threat, or both," Blair said, adding that "we have many unanswered questions."
Those unanswered questions, according to Blair, still include the exact targets of the plot allegedly involving Najibullah Zazi, the Denver man accused of training with al-Qaida militants in Pakistan, as well as what other plots may be associated with the Yemeni affiliate of al-Qaida that helped a Nigerian student named Umar Farouk Abdulmutallab allegedly plan the failed Christmas Day bombing of a Detroit-bound trans-Atlantic airliner.
CIA Director Leon Panetta said that while he remains worried about al-Qaida staging another attack inside the United States, he does not necessarily believe it will be another Sept. 11-style attack.
"The greater threat is that al-Qaida is adapting their methods in ways that oftentimes make it difficult to detect," Panetta said.
Indeed, the al-Qaida threat is clearly more diffuse than it was a number of years ago. Blair said that while Zazi was associated with core al-Qaida leaders, Abdulmutallab was tied to an al-Qaida affiliate, and the alleged Fort Hood shooter, Maj. Nidal Hasan, was a homegrown extremist.
This splintering has made it much more difficult for spy agencies to track the various kinds of militants that could pose a threat.
Importance Of Bin Laden
Still, Blair made it clear that al-Qaida's leaders remain a key factor in the group's strength. U.S. officials have usually tried in recent years to avoid talking too much about Osama bin Laden, the al-Qaida leader who remains at large, but Blair was unusually frank about his importance.
"We assess that at least until Osama Bin Laden and Ayman al-Zawahiri are dead or captured, al-Qaida will retain its resolute intent to strike the homeland," Blair said.
It was Blair's comments about the growing cyberthreat, however, that were some of the most surprising conclusions in the threat assessment.
His description of just how common these attacks have become suggests that combating these online intrusions has become an important and daily part of the intelligence community's operations.
"Sensitive information is stolen daily from both government and private-sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey," Blair warned.
"We often find persistent, unauthorized, and at times unattributable presences on exploited networks, the hallmark of an unknown adversary intending to do far more than merely demonstrate skill or mock a vulnerability," he said.
Online attacks are particularly difficult to fight because officials often struggle to identify their origin. Blair's assessment of the cyberthreat was perhaps most notable for not naming a single country or entity, even though China and Russia are widely believed to be sponsoring — or at least encouraging — a growing range of cyberattacks.
In a new report obtained by NPR, the Department of Homeland Security identifies cyber attacks as "one of the homeland security community's most important missions."
"Sophisticated cyber criminals and nation-states, among others, are among the actors in cyberspace who now pose great cost and risk both to our economy and national security," the department says in its first-ever quadrennial strategic review. "They exploit vulnerabilities in cyberspace to steal money and information, and to destroy, disrupt, or threaten the delivery of critical services."
The Homeland Security report also acknowledges that countering cyber threats could pose some tough dilemmas. "Innovation in technology, practice, and policy must further protect — not erode — privacy and civil liberties," the report says (NPR, 2010).
Date: March 4, 2010
Source: Washington Post
Abstract: FBI Director Robert S. Mueller III warned Thursday that the cyberterrorism threat is "real and . . . rapidly expanding."
Terrorists have shown "a clear interest" in pursuing hacking skills, he told thousands of security professionals at the RSA Conference in San Francisco. "They will either train their own recruits or hire outsiders, with an eye toward combining physical attacks with cyberattacks," he said.
"Al-Qaeda's online presence has become as potent as its physical presence" over the last decade, he said. Osama bin Laden long ago identified cyberspace as "a means to damage both our economy and our psyche -- and countless extremists have taken this to heart," he said.
Terror groups are using the Internet to recruit, radicalize and incite terrorism, he said. They are posting videos on how to build backpack bombs and bioweapons. "They are using social networking to link terrorist plotters and plans," he said.
Mueller also used his remarks to stress that the cyber threat cannot be fought by government alone. He urged companies to come forward and tell authorities when their computer systems have been hacked.
"Maintaining a silence will not benefit your or your company in the long run," he said (Washington Post, 2010).
Date: April 20, 2010
Source: Sacramento Press
Abstract: Central Intelligence Agency director Leon Panetta told 300 Sacramento Metro Chamber Cap-to-Cap delegates that the next “Pearl Harbor” is likely to be an attack on the United States’ power, financial, military and other Internet systems. Panetta addressed the Sacramento delegation that includes 43 elected officials and hundreds of business and civic leaders who are in Washington D.C. for the annual program that advocates for the region’s most pressing policy issues. He spoke on Monday, April 19, during the Cap-to-Cap opening breakfast.
“Cyber terrorism” is a new area of concern for the CIA, Panetta said. The United States faces thousands of cyber attacks daily on its Internet networks. The attacks are originating in Russia, China, Iran and from even hackers. “The next Pearl Harbor is likely to be a cyber attacking going after our grid…and that can literally cripple this country,” Panetta said. “This is a whole new area of threat.” But cyber terrorism is just one of four primary missions for Panetta, who took over directing the CIA last year after appointment by President Obama. The CIA is also focusing on counter-terrorism, reducing the proliferation of weapons of mass destruction and fighting narcotics trafficking.
Al Qaeda is becoming a viscous target, and as CIA and military operations tamp it down in Pakistan, Afghanistan and Iraq, the terrorist elements are moving to places like Somalia, Yemen and North Africa—as well changing its tactics, he said. “The president’s direction…is we must dismantle and destroy Al Qaeda and its known elements,” he said. “It’s a fundamental mission….The primary effort takes place in Pakistan and tribal areas. We are now focused on Afghanistan and have increased our presence there.” Meanwhile, CIA is working to help Iraqis fight Al Qaeda. “Even as our military draws down in Iraq, we’ll keep our presence there…to provide intelligence to the Iraqis so they can secure their own country.” Worrisome, he added, is how Al Qaeda is “coming at us in other ways.”
These include using individuals who have clean records and are not being tracked; individuals who are already in the U.S.A. and in contact with Al Qaeda; and individuals who decided to “self-radicalize” and are easily and quickly recruited as terrorists. Previously, Panetta served as a congressional representative from the Monterey area, rising to the House Budget committee chair, and then latter as President Clinton’s Director of the Office of Management and Budget. “I’ve spent most of my life on budget issues,” he said, noting the “work we did eventually produced a balanced budget for the country.” When he’s asked why he took on the job at the CIA, he told the group, “Because considering the size of the federal deficit, I’d rather fight Al Qaeda” (Sacramento Press, 2010).
Title: US Needs Plan For Online Terrorism Recruiting, Expert Says
Date: May 26, 2010
Source: PC World
Abstract: The U.S. government lacks a plan to counter terrorist recruiting efforts online, even though such efforts by jihad groups are growing, one terrorism expert told U.S. lawmakers. The U.S. government doesn't make an effort to engage with people who may be open to terrorist recruiting efforts and dissuade them from joining, Bruce Hoffman, a professor in the School of Foreign Service at Georgetown University, told lawmakers Wednesday. The U.K. government has a program that works with local communities to identify possible targets for terrorism recruiting, said Hoffman, a former scholar in residence at the U.S. Central Intelligence Agency.
"Very clearly, our adversaries have a communications strategy," Hoffman told a subcommittee of the House of Representatives Homeland Security Committee. "Lamentably, we don't." Instead of on-the-ground programs working with potential targets of terrorism recruiting, U.S. agencies have, in some cases, tried to control terrorism communications on the Internet, Hoffman said. "We shouldn't be censoring the Internet," he said. "I think the problem is we default toward these very intrusive approaches." While most witnesses at the hearing agreed that the U.S. government shouldn't be censoring Web sites linked to terrorism, John Philip Mudd , a senior research fellow at the Counterterrorism Strategy Initiative at the New America Foundation, suggested that taking down terrorism recruiting Web sites may be helpful.
Internet service providers should have protection from lawsuits if they take down terrorism-related Web sites, said Mudd, a former counterterrorism official with the CIA and the U.S. Federal Bureau of Investigation. "We're not going to stop Internet recruitment and radicalization," he said. "We can work on it, we can chip away at it, but it's not going to stop." Members of the subcommittee decried the ability of terrorists to recruit followers online, but several lawmakers also said they want to be careful that the U.S. government doesn't trample on free speech rights when it tries to counter terrorism recruiting activity online. There's an active debate in the U.S. security community about whether law enforcement agencies should attempt to take down Web sites recruiting terrorists, but by taking down sites, investigators could lose valuable information, said Representative Michael McCaul , a Texas Republican. Mudd seemed to disagree.
Keeping terrorism Web sites online may give investigators short-term gains, he said. "But in general, I'd say, make sure they can't spread the ideology, because that's spreading the revolution," he said. The U.S. government has, at times, been too heavy-handed in its antiterrorism efforts, but there's also a proliferation of terrorism recruiting materials online, McCaul said. More than 5,000 Jihadist Web sites and discussion forums are online, he said. "I don't think anyone here disputes that the terrorists are successfully using the Internet to help spread their message," he said. "Terrorists once had to travel to terror camps in Pakistan to receive indoctrination and training.
Now, aspiring terrorists only need to open their laptop and connect to the Internet." Representatives of the American Civil Liberties Union (ACLU) and the Center for Democracy and Technology said that U.S. courts have established clear rules for when it's appropriate for government law enforcement agents to take away free speech rights. A 1969 Supreme Court case established that subversive speech was protected by the First Amendment to the U.S. Constitution unless it incited "imminent lawless action," said Anthony Romero , the ACLU's executive director.
In many cases, terrorism Web sites don't rise to that level, Romero suggested. While several lawmakers expressed concerns about terrorism recruiting online, Brian Jenkins , a senior advisor at research and analysis firm The RAND Corp., suggested that terrorism recruiting efforts in the U.S. since the Sept. 11, 2001, attacks have been limited. RAND found that only about 125 people in the U.S. were recruited to terrorism groups between Sept. 11, 2001, and 2009, he said.
"There are veins of extremism, there are handfuls of hotheads, but no apparent deep reservoir from which Al-Qaeda can recruit," he said. Terrorists have gotten to the implementation stage in only three plots, including a failed car bombing in New York City May 1, in the U.S. since Sept. 11, Jenkins said. An online recruitment campaign is "producing very few active terrorists," Jenkins added. "The number of English language Web sites vastly exceeds the number of terrorists it has produced. As a marketing effort, it would be judged a failure” (PC World, 2010).
Title: FBI Warning Of Al Qaeda Hit Lists, Bomb-Making Tips Led To Shutdown Of Blogging Site
Date: July 19, 2010
Source: Fox News
Abstract: A popular website that hosted more than 70,000 bloggers was shut down suddenly last week after the FBI informed its chief technology officer that the site contained hit lists, bomb-making documents and links to Al Qaeda materials, it was reported on Monday. When the WordPress platform Blogetery.com went dead, the initial explanation from the site's host, Burst.net, was that “a law-enforcement agency” had ordered it to shut down, citing a “history of abuse.”
The explanation caused a wave of conspiracy theories in the blogosphere. But according to a report on CNET Monday, Burst.net shut down Blogetery.com when it became spooked by a letter from the FBI, in which the bureau detailed the presence of terrorist materials among the blog posts.
Burst.net CTO Joe Marr explained that the FBI contacted them with a request for voluntary emergency disclosure of information, bringing to their attention that terrorist material presenting a threat to the lives of Americans was found on a server Burst.net hosted. FBI agents said they wanted specific, immediate information about the people who posted the material. Paul Bresson, unit chief for the FBI's national press office, wrote in an email to FoxNews.com Monday that Burst.net shut down the website on its own. "We did not make a request to shut down a website,"
Bresson wrote. Burst.net executives and public relations staffers were not available for comment; answering machines at the office appeared to be disconnected. Bloggers had been theorizing for days about the shutdown, mostly speculating about conspiracies and anti-piracy movements. File-sharing news site TorrentFreak claimed it was most likely the work of anti-piracy authorities. The site speculated that it could be part of a new initiative called "Operation: In Our Sites," designed to crack down on Internet piracy and counterfeiting under the authority of Vice President Joe Biden and U.S. Intellectual Property Enforcement Coordinator Victoria Espinel.
"Operation: In Our Sites" has already targeted numerous sites including TVShack.net, Movies-Links.TV, FilesPump.com, Now-Movies.com, PlanetMoviez.com, ThePirateCity.org, ZML.com, NinjaVideo.net and NinjaThis.net. Others wondered whether this was a step by the government to assert control over the Web. Just weeks ago, a plan giving the President emergency power to turn off the Internet was approved by the Senate.
The reality turns out to be much more serious. A representative for Burst.net said the company had offered Blogetery's operator his money back, but that "should be the least of his concerns." “Simply put: We cannot give him his data nor can we provide any other details," the representative said. "By stating this, most would recognize that something serious is afoot” (Fox News, 2010).
Zeus Trojan Still Active Despite High Profile Arrests
Date: October 4, 2010
Source: Computer World
Abstract: Despite high-profile busts in the US, UK and Ukraine of cybercriminals using Zeus malware to steal from online accounts, Zeus will evolve and remain an effective theft tool for a long time, security experts say.
"There's a community building it and supporting it," says Eric Skinner, CTO of Entrust. "There's no one person to take down. If one person stops updating, somebody else will pick up the task. It's not like when you shut down a software company and the product ceases to be developed."
That about sums up the main strength of Zeus, which experts agree is the major malware framework available today. It's available, it's affordable, it works and its toolkit makes modifying it simple. And the core people who do the major development work have managed to elude capture, hiding behind layers of shifting command and control servers, ISPs, domain registrars and international borders.
“Even if we work with law enforcement, we're still not getting them," says Pedro Bueno, malware research scientist at McAfee Labs. "It takes several hops to get to them. We are real close to them but are never able to get to the final destination where they are."
The Zeus banking Trojan steals usernames and passwords from Windows machines so criminals can use them to illegally transfer money out of victims' accounts. A relatively small group of eastern Europeans are considered to be the main developers responsible for creating new releases of the platform, which has been around since 2007.
For example, researchers recently discovered that a Zeus add-on helps defeat attempts by banks to thwart access by thieves who have used Zeus to steal usernames and passwords of online banking customers. After users login, the banks send SMS messages to their cell phones containing one-time codes that the customers enter.
This two-factor authentication makes it more difficult for criminals to break into accounts, but the developers of Zeus found a way. A mobile Zeus Trojan grabs the one-time code and sends it to a ZeuS command and control server where criminals can use it to break into accounts, says Derek Manky, project manager for cyber-security and threat research at Fortinet. "That's an enhancement," he says.
Another recent development ties instances of the software to particular machines, so purchasers of ZeuS can't copy it endlessly or resell it. So far, there is no known way to break this licensing safeguard, Bueno says.
Developers also sell a ZeuS toolkit that lets purchasers customise it to their uses and modify its look so it can keep ahead of antivirus vendors trying to identify signatures that can be used to block it, Skinner says. They can also tailor the Trojan to the requirements of breaking the security of specific banks, he says.
Plus it's easy to use, Manky says. "It's easy for anybody to pick this up without any sort of qualifications," he says. "There's no need to be very technically adept." As Skinner notes, users of ZeuS can buy technical support for it. "It's pretty professional," he says.
The people behind ZeuS are good at hiding, says Manky. The use multiple ISPs, multiple command and control servers, multiple domains and base this infrastructure in multiple countries, all of which makes it difficult to trace their whereabouts. Compounding the problem, they frequently shift their infrastructure to new providers and new locations to start over, he says.
All of this portends a long life for ZeuS, says Skinner, but there are things that can be done to curb the success of criminals who use it:
- Better educated users can help. Phishing, driveby downloads, email scams and malicious PDF files have all been used to spread the Trojan, says Bueno. More alert users avoiding behaviors that make them susceptible could help, he says.
- Prosecute high profile cases with severe sentences. This will discourage those who might be tempted to create or join a ring, he says.
- More takedowns of servers storing stolen information by putting the squeeze on ISPs hosting the servers. This makes it more difficult for criminals to set up their infrastructure, he says.
- Better cooperation between researchers and banks that discover ZeuS rings and law enforcement agencies. Better cooperation between international law enforcement agencies is also needed so they can act quickly on intelligence about suspicious behaviour.
- Go after criminal middlemen who aren't the ringleaders but who contract to do the technical work of setting up the network needed to carry out the criminal enterprises. Again, this makes it more difficult for the criminals to do business, he says.
- Banks could take measures to blunt the effectiveness of the frauds. For example, they could contact customers via email or text message to confirm they have actually authorised suspicious transfers.
- Develop detection systems that can spot ZeuS activity based on events not on malware signatures, Bueno says.
Zeus Hackers Could Be Targetting Corporate Secrets
Date: October 9, 2010
Source: Computer World
Abstract: Criminals who use the Zeus banking crimeware may be working on an new angle - corporate espionage.
That's what worries Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham, who has been closely monitoring the various criminal groups that use Zeus. Zeus typically steals online banking credentials and then uses that information to move money out of Internet accounts. In the past year, however, Warner has seen some Zeus hackers also try to figure out what companies their victims work for.
In some cases, the criminals will pop up a fake online bank login screen that asks the victim for a phone number and the name of his employer. In online forums, he's seen hackers speculate about how they might be able to sell access to computers associated with certain companies or government agencies.
"They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organization."
That's worrisome because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims' computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into corporate systems.
There are other reasons why Zeus's creators might want to know where you work, however. They could simply be trying to figure out whose data is the most valuable, said Paul Ferguson, a security researcher with Trend Micro. "A welding business might make more money, than say, a Girl Scout troop," he said via instant message.
Still, Ferguson believes that the crooks could make money by selling access to computers belonging to employees of certain companies. "I haven't personally seen that, but these guys are pretty devious."
This type of targeted corporate espionage has become a big problem in recent years, and many companies, including Google and Intel, have been hit with this type of attack.
Police arrested more than 100 alleged members of a Zeus gang last week, but that doesn't put an end to the problem. Zeus is widely sold for criminal use, and security experts say that there are dozens of other Zeus gangs out there. The group responsible for last year's Kneber worm outbreak is thought to be the largest Zeus outfit still in operation.
If Zeus operators really do start promoting their crimeware as corporate back-doors -- and Warner believes this is already happening -- that could mean new problems for corporate IT.
The biggest issue would be for home computers and laptops that are outside of corporate firewalls that still have access to company data via the Internet. Those systems could suddenly become a risk for IT staffers, Warner said.
Inside the firewall, a computer that suddenly starts sending data to Russia should be noticed right away. That might not be the case on a home network. "If you are an employee of a place that gives you access to sensitive data, your company needs to care if you have a malware infection at home," Warner said.The problem could be solved by either not letting people work from their home PCs or by providing workers with computers that can only be used for work, Warner said (Computer World, 2010).
Zeus Is Not The Only Threat To Online Banking
Date: October 13, 2010
Source: Computer World
Abstract: Online bank account users should not ignore the threat posed by obscure data-theft Trojans such as ‘Bugat’, ‘SpyEye’, and ‘Carberp’, security company Trusteer has warned.
One example is Bugat, on the face of it not the most frightening bank Trojan in circulation. Its incidence is low, and its incursions seem for the time being to be focussed on banks in the US rather than Europe.
However, according to Trusteer, there are signs that Bugat could now be favoured over the better-known Zeus, starting with a campaign from last week in which LinkedIn users were spammed as a method of spreading a new version further afield.
A similar attack was pioneered only days before that by Zeus, so such targeted Trojans could start to merge into one generalised threat distributing hard-to-block malware using identical channels.
“We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet,” commented Trusteer CEO, Mickey Boodaei.
The threat is that new versions of these Trojans keep appearing, which makes detection trickier. The inherently stealthy nature of such malware means that they can appear to be relatively inactive while doing great damage, as was the case with Zeus.Trusteer’s view is that bank Trojans need to be countered in the browser with tools such as its own Rapport plug-in rather than using conventional antivirus software. Other companies seem keen to jump on this approach with their own plug-ins and tools (Computer World, 2010).
Defence Minister To Highlight Cyber Attack Threat To UK
Date: November 9, 2010
Source: Computer World
Abstract: Defence Minister Nick Harvey will be stressing the significance of the cyber attack threat to the UK in a speech at Chatham House today.
According to the BBC, Harvey is expected to tell the think tank that a laptop could be exploited to become as harmful a weapon as a cruise missile.
Last month, as part of the Strategic Defence and Security Review, prime minister David Cameron confirmed that the government would allocate £650 million over a four-year period to fight against cyber attacks. The government also detailed cybercrime as a ‘tier one’ risk to Britain, alongside terrorism, international crises and natural hazards.
BBC defence correspondent Jonathan Beale said: “Mr Harvey will also outline plans to use cyber warfare to back up Britain’s military capabilities by exploiting an enemy’s weakness.
“He says in future the nation must win the battle in cyberspace as well as the battle on the ground.”Harvey is also expected to say that while the cyberspace can be useful and benefitical to members of the public, governments all over the world will have to protect their countries by establishing laws to govern the use of the internet and digital technology (Computer World, 2010).
Government Spells Out Cyber Warfare Challenge
Date: November 11, 2010
Source: Computer World
Abstract: Cyberattacks should be subject to the same laws, treaties and international conventions as in the physical world, UK defence minister Nick Harvey has said in a Chatham House speech which laid down an important new marker in government attitudes.
Harvey’s speech sounds a warning that as far as the UK is concerned the gloves are about to come off. States will not be allowed to get away with overtly or covertly sponsoring cyberwarfare without the fear of a political response.
In Harvey’s view, the UK and its allies should find ways to apply principles such as NATO’s mutual defence pact, Article V, to acts of aggression in cyberspace. This would apply the concept of deterrence, something that was currently almost non-existent in Internet policy.
“I would argue that the established laws governing the use of force and the conduct of hostilities are equally applicable to cyberspace as they are to traditional domains,” said Harvey.
“Of course the issue of attribution in cyberspace will be difficult. As will the issue of intent. But as I said earlier, just because it will be difficult, doesn’t mean it will be impossible.”
A second layer of threat arose from terrorist and other ideological organisations, which would seek to exploit the Internet’s potential for asymmetric warfare. To counter this, the UK and its allies would need to develop tools and expertise to enable defenders to quickly work out which asset was being attacked and by which entity.
“It can only be a matter of time before terrorists begin to use cyberspace more systematically, not just as a tool for their own organisation, but as a method of attack,” said Harvey.
Harvey’s speech will be seen as an intelligent acknowledgement that the task of cyber-defence will not be easy for the UK or any other government. There is no clear perimeter to defend, attackers have the ability to obscure their real targets while hiding, and accountability is low-to-non-existent. Just throwing money and brains at the problem will not be enough.
But external parties will notice the underlined references to deterrence in his words, and to NATO’s clause V defence agreement, which is still seen as having helped stop Stalin from calling the USA’s nuclear bluff by picking off smaller territories one by one in the 1950s.
If put into effect, such a policy would force countries attacking a NATO state in cyberspace to factor in the detection capabilities and wider response from that country’s allies.“As Clausewitz showed, while the essential nature of conflict is unchanging, its character moves with the times,” concluded Harvey (Computer World, 2010).
Title: How Safe Are Britain's Cyber Borders?
Date: June 26, 2011
Abstract: Deep beneath the palatial headquarters of the Ministry of State Security in central Beijing, a plot is being hatched – and the target is Britain.
Ranked in front of banks of computer screens in the large, fluorescent-lit offices of the Tenth Bureau, the highly secret department responsible for science and technology, thousands of cyber spies are at work. The hackers, mainly graduates in their twenties, work in eight-hour shifts, 24 hours a day, seven days a week, as part of an unrelenting Blitzkrieg against Britain and other Western countries.
This is warfare without boundaries, and its tactics will dictate the way in which future conflicts are fought.
Chinese cyber spies are under strict orders to target any organisation, from government departments to hedge funds, whose secrets may benefit the communist state, launching as many as 1,000 attacks every day against the UK alone.
Britain’s Ministry of Defence, one of the prime targets, was alone the
victim of more than 1,000 cyber attacks last year, and although no official
will admit it publicly, the Chinese are the main culprits.
Much is often made of computer geeks such as 19-year-old Ryan Cleary who is accused of being a “major player” in LulzSec, the group that has been linked with attacks on computer networks belonging to the CIA, the police and the US Senate.
But it is the Chinese and the Russians who are the real worry for MI5 and the cyber warfare chiefs at the Government Communication Headquarters (GCHQ) in Cheltenham.
“The Chinese are after every secret the UK possesses,” one senior security official told The Sunday Telegraph. “The main challenge for the Chinese at the moment is not how to steal the secrets but what to do with all the information they now possess. The Chinese have stolen so much information that it is taking them a long time to sift through it to find what is really useful to them. Some of the attacks are highly precise – with others, it’s just trawling – but that provides a measure of their capability.”
For Britain’s spy chiefs the cyber war with China is more than just an irritating distraction from its main focus of trying to prevent an attack from al-Qaeda. Last year, cyber crime cost the British economy £21billion, according to one industry report. But it is widely accepted that the figure could be much higher.
In 2009, a foreign intelligence agency infiltrated the Pentagon’s £200billion Joint Strike Fighter project, the US defence department’s costliest weapons programme in history. Cyber spies stole data relating to the aircraft’s design and electronic system. Officials said the attacks appeared to originate from China. The Chinese have denied any knowledge of the attack.
Google, the Pentagon, Chinese dissidents, the defence and oil industries and the UN have all had their computer systems hacked. China is believed to be behind most, if not all, of the attacks. While the financial cost is a worry, the real concern is the impact cyber warfare will have in a military conflict. Whether or not the subject will be discussed when Wen Jiabao, the Chinese premier, meets the Prime Minister tomorrow remains to be seen.
Cyber attacks include acts of cyber war, terrorism, espionage, crime, protest, theft and vandalism. Lines between categories are often blurred, and it is difficult to identify the perpetrators or understand their motives. But it is not just the Chinese who dabble in cyber warfare – the Russians are pretty expert, too.
For example, there is still some debate over whether the 2007 cyber attacks that closed down Estonian government networks were acts of cyber warfare by the Russian government, or acts of political protest by hackers. Both Russia and China are known to route their attacks through different states, which makes identifying who is behind a specific attack difficult. Both countries are also known to use the services of sophisticated criminal gangs acting as contract cyber hackers, who, for a fee, will target a government of choice.
One of the classic forms of attack is the use of a bot, a virus embedded into an email sent to attract the attention of a specific individual. Once the email is opened, the laptop becomes “infected” and can be controlled by an outside agency.
One security source told The Sunday Telegraph the story of an arms dealer who unwittingly opened a bot. From that moment on, a foreign spy agency, believed to be the Russians, managed to take control of his computer.
“The hackers had control of his email, diary and stored files. They were able to switch on his computer when he was in a meeting and record entire events.”
Another government security official added: “There have been a lot of UK companies who have been turned over very badly and lost a lot of money. At the moment the Chinese are concentrating on economic targets. They are trying to get access to negotiating positions, economic performance targets, anything that gives them the upper hand, whereas Russia is primarily interested in energy and defence.”
The Government acknowledged the size of the threat to the UK last year when cyber security was finally classified as a “tier one” priority. The move resulted in an extra £650million being allocated to create a national cyber security programme and a new cyber operations group under the command of Major General Jonathan Shaw, who is tasked with making sure that Britain has the same command and control structure for cyber operations as it does for conventional operations.
The UK is also developing a cyber weapons programme that will give ministers an attacking capability to help counter cyber threats to national security.
Whitehall officials have recently revealed that the UK needs a new range of offensive options. The nature of the weapons being developed is top secret, but it is understood that the Cabinet Office and the Cyber Security Operations Centre at GCHQ have taken the lead on the issue.
The rise of cyber warfare has also led to the unlikely consequence of IT becoming “sexy”, according to one security source. Graduate software engineers, mathematicians, communications specialists and even reformed hackers are now in great demand by GCHQ as it begins to develop its own secret army to counter the threat.
And time is running out. The potential damage caused by highly sophisticated computer viruses was underlined last year with the discovery of the Stuxnet virus, which disrupted Iran’s uranium enrichment programme. The Iranians have accused the Israelis and the US of designing and deploying Stuxnet, which set some of their centrifuges spinning out of control. Experts have described the virus as being so technically advanced that is was beyond any threat seen in the past.
The defensive capabilities that cyberspace offers were demonstrated by a hacking team from GCHQ who last month hacked into an al-Qaeda online magazine and replaced bomb-making instructions with a recipe for cupcakes. When followers tried to download the 67-page colour magazine, instead of instructions about how to “Make a bomb in the Kitchen of your Mom” by “The AQ Chef”, they were greeted with garbled computer code. The code, which had been inserted into the original magazine by the British intelligence hackers, was actually a web page of recipes for “The Best Cupcakes in America”.
Strategists believe cyber warfare will play a major role in the early stages of a state-on-state attack. Imagine, for a moment, the advantage to one nation if it could disable an adversary’s electricity network, communication and air traffic control systems in the weeks prior to an attack.
Indeed, the war between Russia and Georgia, in 2008, saw the first use of cyber warfare in a state-on-state conflict. The war began on the night of August 7 after Georgia launched a large-scale military offensive against the separatist state of South Ossetia. Russia intervened on the side of South Ossetia, but prior to the attack, covert cyber units began infiltrating Georgian computer networks. When fighting broke out on August 8, the Russians caused panic in Georgia in a series of “denial of service” attacks that closed down large parts of the country’s computer network. The attacks showed how conventional and asymmetric tactics can complement one another in modern battlefields, setting the template for future conflicts.
Despite the rapidly growing nature of the threat, there is disagreement over which strategy should be adopted to prevent a similar attack against the UK. Nick Harvey, the Liberal Democrat defence minister, recently said: “Digital networks are now at the heart of our transport, power and communications systems, and our economy as a whole. This reliance brings the capacity for warfare to cyberspace. The consequences of a well-planned, well-executed attack against our digital infrastructure could be catastrophic. A single networked laptop might be as effective a weapon as, say, a cruise missile.
“In the military sphere, whenever a new domain opens up, like air and space-flight in the last century, the temptation is to devise wholly separate doctrines to address the new environment,” he continues. “But we must remember that cyber crime, cyber terrorism, cyber espionage, or cyber war, are simply crime, terrorism, espionage or war by other means.”
Lord Reid of Cardowan, the former Labour defence secretary, disagrees. “The nature of cyberspace means that imposing the old doctrines that served our defence will not work. Until we recognise that, we risk succumbing to a dangerous degree of cyber complacency.
“The transnational cyber environment is largely impervious to inherited legal frameworks. For instance, it is a great leap to assume that a cyber attack would fit neatly within the UN charter’s definition of ‘armed attack’. Moreover, the cyber world’s diffuse empowerment of individuals, corporations and non-state actors can render traditional political structures and approaches impotent.”
Whichever strategic approach the UK adopts, one fact is clear: the shock
troops of the first cyber war will not be drawn from the Paras or the Marines
who fought in Helmand, but from the X-Box generation who learnt their hacking
skills in dark bedrooms (Telegraph, 2011).
Banking Warning: SpyEye Trojan Can Evade Security Systems To Steal Cash
Date: July 26, 2011
Source: Computer World
Abstract: Banks are facing more trouble from SpyEye, a piece of malicious Trojan software that steals money from customers' online banking accounts, according to new research from security vendor Trusteer.
SpyEye is a particularly nasty piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.
In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer's chief executive.
Banks are now analysing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.
SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That's a key trigger for banks to block a transaction. So SpyEye's authors are now trying to mimic -- albeit in an automated way -- how a real person would navigate a website.
"They used to pay less attention to the way they execute transactions on the bank's website and now they are really trying to show normal user patterns," Boodai said. "
Boodai said he has little idea of how successful SpyEye's new evasion code is, although Trusteer does collect intelligence from banks that have distributed its browser security tool, Rapport, to their customers. Trusteer has also noticed that SpyEye in recent months has expanded the number of financial institutions it is able to target in an increasing number of countries.
New target countries include Russia, Saudi Arabia, Bahrain, Oman, Venezuela, Belarus, Ukraine, Moldova, Estonia, Latvia, Finland, Japan, Hong Kong and Peru. What that means is that more criminal groups around the world are purchasing the SpyEye toolkit, Boodai said.
Financial institutions continue to increase their security spending to protect online transactions, said Avivah Litan, an analyst at Gartner who regularly consults banks on security issues.
Even to her, financial institutions are coy about revealing how hard they've been hit, but "everyone refers to Zeus or SpyEye -- some as common as the word 'teller'" Litan said.
Police have had some limited successes. In April, a 26-year-old Lithuanian and a 45-year-old Latvian were charged with conspiracy to cause unauthorized modifications to computers, conspiracy to defraud and concealing proceeds from crime for allegedly using SpyEye. A third, 26-year-old man whose nationality was not revealed was bailed pending further questioning.
SpyEye is actually a botnet with a network of command-and-control servers hosted around the world. As of Tuesday, some 46 command-and-control servers were online, according to the SpyEye Tracker, a website dedicated to gathering statistics about the malicious software.
That is sharply up.
In May, there were just 20 or so active servers responding to computers that
were infected with SpyEye, said Roman Hüssy, who runs the site. "SpyEye is
growing quite well," he said (Computer World, 2011).
Hacking Group 'Compromised 72 Large Organisations' In Five Years
Date: August 3, 2011
Source: Computer World
Abstract: Security vendor McAfee has published a detailed report about a hacking group that penetrated 72 companies and organizations in 14 countries since 2006 in a massive operation that stole national secrets, business plans and other sensitive information.
McAfee said the attackers are likely a single group acting on behalf of a government, differing from the recent wave of less sophisticated attacks from cyber activist groups such as Anonymous and LulzSec, according to the report.
McAfee did not say what country might have been working with the hackers, in contrast to companies such as Google, which as recently as last month blamed China for hacking into the Gmail accounts of several high-profile US officials.
The intrusions, which McAfee called Operation Shady RAT, was discovered after the security vendor gained access to a command-and-control server that collected data from the hacked computers and logged the intrusions.
"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," wrote Dmitri Alperovitch, vice president of threat research at McAfee, and author of the report.
Alperovitch wrote that over the past five to six years there has been nothing short of a "historically unprecedented transfer of wealth" due to the hacking operation.
The data stolen consists of everything from classified information on government networks, source code, e-mail archives, exploration details for new oil and gas field auctions, legal contracts, SCADA (supervisory control and data acquisition) configurations, design schematics and more, Alperovitch said.
McAfee declined to name most of the organizations attacked, referring to businesses such as "South Korean Steel Company," "U.S. Defense Contractor #1" and "Taiwanese Electronics Company," among others.
Those that were named include the International Olympic Committee (IOC), the World Anti-Doping Agency, the United Nations and the ASEAN (Association of Southeast Asian Nations) Secretariat. Those organizations, however, were not of economic interest to hackers, and "potentially pointed a finger at a state actor behind the intrusions," Alperovitch wrote.
The hacking group gained access to computers by first sending targeted e-mails to individuals within the companies or organizations. The e-mails contained an exploit that, if executed, would cause the download of a piece of malicious software that communicates with the command-and-control server.
In 2006, eight organizations were attacked, but by 2007 the number jumped to 29 organizations, according to the report. The number of victimized organizations increased to 36 in 2008 and peaked at 38 in 2009 before starting to fall, "likely due to the widespread availability of the countermeasures for the specific intrusion indicators used by this specific actor," Alperovitch wrote.
The duration of the compromises ranged from less than a month to up to more than two years in the case of an attack on the Olympic committee of a unnamed nation in Asia (Computer World, 2011).
Title: 10 Years After 9/11, Cyberattacks Pose National Threat, Committee Says
Date: September 7, 2011
Abstract: Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.
The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that the public sector has made in implementing the security recommendations of the 9/11 Commission. The comments about cybersecurity are part of broader discussion on nine security recommendations that have yet to be implemented.
The report, the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat.
"This is not science fiction," the NSPG said in its report. "It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority."
The report highlights concerns expressed by the Department of Homeland Security (DHS) and the U.S. intelligence community about terrorists using cyberspace to attack the country without physically crossing its borders. "Successive [intelligence chiefs] have warned that the cyber threat to critical infrastructure systems -- to electrical, financial, water, energy, food supply, military, and telecommunications networks -- is grave."
The report makes note of a briefing in which DHS officials described a "nightmare scenario" of terrorists hacking into the U.S. electric grid and shutting down power across large sections of the country for several weeks. "As the current crisis in Japan demonstrates, disruption of power grids and basic infrastructure can have devastating effects on society," the report noted.
The committee's report is sure to reinforce perceptions among many within the security industry that critical infrastructure targets remain woefully underprepared for dealing with cyberattacks. Over the past few years, there have been numerous attacks targeting government and military networks. Most of the attacks are believed to be the work of highly organized, well-funded, state-sponsored groups.
Despite the attacks, some believe that those within government are not taking the threat seriously enough. Just a few weeks ago, for instance, Cofer Black, former director of the CIA's Counterterrorism Center during the Bush administration, warned about cyberthreats not being taken seriously enough.
Though many security experts agree that future conflicts will likely be fought in cyberspace, military and government officials have shown a hesitancy to act until they see a validation of the threats, Black said during a keynote address at the Black Hat conference in August. It was the same sort of skepticism that many government officials had showed toward the alarms sounded prior to the Sept. 11, 2001, Black had noted.
The Bipartisan Policy Center (BPC) is a Washington-based think tank that was established in 2007 by former Senate Majority leaders Howard Baker, Tom Daschle, Bob Dole and George Mitchell. The NSPG is a group that was established by the BPC to monitor the implementation of the 9/11 Commission's recommendations for bolstering national security in the aftermath of the terrorists attacks.
Last week's report offers an assessment of the progress that the government has made in implementing the commission's recommendations. According to the NSPG, the government has made significant progress in addressing many of the 9/11 Commission's 41 recommendations.
However, several crucial ones remain very much a work in progress, the report noted.
One area where little progress has been made has to do with the recommendation to increase the availability of radio spectrum for public safety purposes, the report noted.
"Incompatible and inadequate communications led to needless loss of life" on 9/11, the BPC said in its report. But plans to address the problem by setting aside more radio spectrum for first responders have "languished" because of a political fight over whether to allocate 10MHz of radio spectrum to first responders or to a commercial wireless bidder.
Another area where progress has been limited has been on the civil rights and privacy fronts, the report noted. Surveillance activities and the use of tools such as National Security Letters to search for terrorists has greatly expanded since the 9/11 attacks. But a recommendation for setting up a Privacy and Civil Liberties Oversight Board with the executive branch of the federal government has yet to be fully implemented.
"If we were issuing grades, the implementation of this recommendation would receive a failing mark," the NSPG said (Computerworld, 2011).
Date: September 12, 2011
Source: Fox News
Abstract: A new study warns that the U.S. must develop cyber intelligence as a new and better coordinated government discipline that can predict computer-related threats and deter them.
The report by the Intelligence and National Security Alliance says the dramatic expansion of sophisticated cyber-attacks has moved beyond acceptable losses for government and businesses that simply threaten finances or intellectual property.
"The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown," said the report, which is slated to be released later this month. It adds that it is not clear that the business community understands or accepts that.
The report comes amid growing worries the U.S. is not prepared for a major cyberattack, even as hackers, criminals and nation states continue to probe and infiltrate government and critical business networks millions of times a day.
INSA, a non-partisan national security organization, says the U.S. must develop strategies beyond the current "patch and pray" procedures, create cyber intelligence policies, coordinate and share intelligence better among government agencies and businesses, and increase research on attack attribution and warnings.
And it says the U.S. must develop effective cyber intelligence so officials can assess and mitigate the risks.
Many of the report's observations echo sentiments expressed by Pentagon and Department of Homeland Security officials who have been struggling to improve information sharing between the government and key businesses. But efforts to craft needed cybersecurity legislation have stalled on Capitol Hill.
INSA's report also lays out the growing threats from other nations — including those who are friendly, corrupt or just unable to control hackers within their borders.
While it doesn't name the countries, it notes that failed states provide opportunities for hackers, as they do for criminals and terrorists, while other nations tolerate the criminals as long as they concentrate their activities beyond their borders.
U.S. officials have long pointed to Russia and China, as well as a number of Eastern European nations, as some of the leading safe havens for cybercriminals, or government-sponsored or tolerated hacking.
At the same time, the report warns that the U.S. has also outsourced much of the design and maintenance of computer technology to other countries where potential adversaries can easily insert themselves into the supply chain.
"The present situation is as dangerous as if the United States decided to outsource the design of bridges, electrical grids, and other physical infrastructure to the Soviet Union during the Cold War," said INSA, which is headed by Frances Townsend, who was homeland security adviser in the Bush administration.
Much like the criticism of the overall intelligence community in the aftermath of the Sept. 11 attacks, the INSA report says that cyber intelligence needs better coordination among government agencies, as well as with the private sector (Fox News, 2011).
Title: Cyber Attacks Are Becoming Lethal, Warns US Cyber Commander
Date: September 15, 2011
Source: Computer Weekly
Abstract: Cyber attacks are escalating from large-scale theft and disruption of computer operations to more lethal attacks that destroy systems and physical equipment, according to the head of the US Cyber Command.
"That's our concern about what's coming in cyberspace - a destructive element," General Keith Alexander told a US conference on cyber warfare, according to the Washington Times.
Alexander, who is also the director of the National Security Agency (NSA), said that future computer-based combat is likely to involve cyber strikes that cause widespread power outages and even physical destruction of machinery.
The potential for cyber attacks to do this, he said, is illustrated by the electrical power outage in the Northeast US in 2003 caused by the freezing of software that controlled the power grid after a tree damaged two high-voltage power lines, and the destruction of a water-driven electrical generator at Russia's Sayano-Shushenskaya dam in 2009 that was caused by a computer operator remotely starting the generator while one of the dam's turbines was being serviced.
These events highlight the threat of attackers breaking into electricity grid networks or remotely starting or stopping systems to cause destruction and loss of life, said Alexander.
The US government is adopting an "active defence" strategy aimed at bolstering the readiness of computer networks to respond.
The UK government has come under fire from the Chatham House think-tank for failing to take a strong lead in protecting critical systems such as power and water from cyber attack.
There is no coherent picture of who is targeting what and which systems and services are potentially vulnerable to cyber attack, according to a Chatham House report
The UK government must play "an integral role in informing wider society" and raising levels of awareness, said the report, which is based on a series of interviews with senior figures in companies considered to be part of the critical national infrastructure, such as electricity, oil and gas.
The Chatham House report comes ahead of the government's expected announcement of a revised cyber security plan (Computer Weekly, 2011).
Title: Pentagon To Help Defend Cyber Networks
Date: September 26, 2011
Source: Fox News
Abstract: As hackers and hostile nations launch increasingly sophisticated cyberattacks against U.S. defense contractors, the Pentagon is extending a pilot program to help protect its prime suppliers.
That program could serve as a possible model for other government agencies. It is being evaluated by the Department of Homeland Security, as part of a potential effort to extend similar protections to power plants, the electric grid and other critical infrastructure.
Efforts to better harden the networks of defense contractors come as Pentagon analysts investigate a growing number of cases involving the mishandling or removal of classified data from military and corporate systems. Intrusions into defense networks are now close to 30 percent of the Pentagon's Cyber Crime Center's workload, according to senior defense officials. And they say it continues to increase.
The Pentagon's pilot program represents a key breakthrough in the Obama administration's push to make critical networks more secure by sharing intelligence with the private sector and helping companies better protect their systems. In many cases, particularly for defense contractors, the corporate systems carry data tied to sensitive U.S. government programs and weapons.
So far, the trial program involves at least 20 defense firms. It will be extended through mid-November, amid ongoing discussions about how to expand it to more companies and subcontractors.
"The results this far are very promising," said William Lynn, the deputy secretary of defense who launched the program in May. "I do think it offers the potential opportunity to add a layer of protection to the most critical sectors of our infrastructure."
Lynn, who has just left office, said the government should "move as expeditiously" as it can to expand the protections to other vital sectors.
A senior DHS official said no decisions have been made, but any effort to extend the program -- including to critical infrastructure -- faces a number of challenges.
The official, who spoke on condition of anonymity because the program review is ongoing, said it would be helpful if Congress would pass legislation that explicitly says DHS is responsible for helping private sector companies protect themselves against cyberattack. Also, the legislation should say that companies can be protected from certain privacy and other laws in order to share information with the government for cybersecurity purposes, the official said.
Senior U.S. leaders have been blunt about the escalating dangers of a cyberattack, and have struggled to improve the security of federal networks while also encouraging the public and corporate America to do the same.
"Cyber actually can bring us to our knees," said Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, adding that at some point the Pentagon may need to develop some type of governing structure similar to how the U.S. and allies monitor and limit nuclear weapons.
Data compiled by the Defense Cyber Crime Center shows that the number of investigations handled by analysts there has more than tripled over the past 10 years. And a growing number of them involve defense contractors -- including those participating in the pilot program.
Housed near Fort Meade, Maryland, the so-called DC3 employs about 100 digital examiners who sift through millions of bytes of data in the digital forensics lab. Stacks of hard drives line the shelves, and clear plastic evidence bags are filled with a vast expanse of computer technology -- from cell phones and tiny flash drives to IPads, Wii consoles and Nintendo games.
The analysts dissect intrusions, malware and other attacks that have breached or tried to burrow into the defense contractors' computer systems. And while those investigations are just a small fraction of the lab's work, the number has grown steadily over the past three years.
The caseload includes about 100 in the past year that involve the defense industrial base. Much of the center's work is for criminal cases for the military's investigative branches -- including the Army and Navy criminal investigative services and the Air Force Office of Special Investigations.
Cybersecurity expert James Lewis said there will be some tough hurdles in any effort to expand the pilot program to more military contractors or through DHS to other critical infrastructure companies. But he said it can be done.
The Pentagon has multi-million dollar contracts with companies, making it easier to build on those relationships and, if needed, link cyber threat cooperation to future contracts, said Lewis, who is with the Center for Strategic and International Studies.
DHS, however, doesn't have that type of contracting relationship with electric companies, power generation plants, financial firms or other critical corporations that run vital infrastructure. And the agency would probably need additional Congressional authorities to set up a program similar to the DOD pilot.
"If they move smartly, it could be done in two years. This is not an insolvable problem," said Lewis. "DHS needs more authorities to oversee the process. And they have to work through antitrust, information sharing and privacy issues."
The senior DHS official said that just keeping up with the ever-changing cyberthreats is a challenge, making it more difficult to determine the appropriate roles for the government, the companies and the internet service providers.
Both DHS and defense officials acknowledge that funding is another factor that must be worked out. As yet, they said, they don't know what the exact costs would be and how they would be allocated between the government and the private sector (Fox News, 2011).
Title: Cyber Attacks Mounting Fast In U.S.
Date: September 30, 2011
Source: CBS News
Abstract: U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods, a senior Homeland Security Department official said during the government's first media tour of secretive defense labs intended to protect the U.S. power grid, water systems and other vulnerable infrastructure.
Acting DHS Deputy Undersecretary Greg Schaffer told reporters Thursday that the world's utilities and industries increasingly are becoming vulnerable as they wire their industrial machinery to the Internet.
"We are connecting equipment that has never been connected before to these global networks," Schaffer said. Disgruntled employees, hackers and perhaps foreign governments "are knocking on the doors of these systems, and there have been intrusions."
According to the DHS, Control System Security Program cyber experts based at the Idaho National Laboratory responded to 116 requests for assistance in 2010, and 342 so far this year.
Department officials declined to give details about emergency response team deployments, citing confidentiality agreements with the companies involved. Under current law, the reporting of cyber attacks by private organizations is strictly voluntary.
The Obama administration has proposed making reporting mandatory, but the White House could find the idea difficult to sell at a time when Republicans complain about increased regulation of business.
Officials said they knew of only one recent criminal conviction for corrupting industrial control systems, that of a former security guard at a Dallas hospital whose hacking of hospital computers wound up shutting down the air conditioning system. The former guard was sentenced to 110 months in prison in March.
The Homeland Security Department's control system program includes the emergency response team, a Cyber Analysis Center where systems are tested for vulnerabilities, a malware laboratory for analyzing cyber threats and a classified "watch and warning center" where data about threats are assessed and shared with other cyber security and intelligence offices.
The offices are located at nondescript office buildings scattered around Idaho Falls. No signs announce their presence.
Marty Edwards, chief of the control system security effort, said the malware lab analyzed the Stuxnet virus that attacked the Iranian uranium enrichment facility in Natanz last year. He did not describe the group's findings in detail, except to say that they confirmed that it was "very sophisticated."
Edwards said that several years ago he had asked the German company Siemens to study the same kind of industrial controllers used at Natanz for vulnerabilities to attack, because they were so widely used in industry.
But he said the study was not part of any effort to target the controllers with malware, and said his program's work on the controllers could not have helped Stuxnet's designers.
A senior Homeland Security cyber official, who spoke on condition of anonymity because of the sensitivity of the topic, said the Stuxnet worm exploited well-known design flaws common to many system controllers, vulnerabilities that in general can't be patched.
Many independent experts and former government officials suspect that Stuxnet was created by the United States, perhaps with the help of Israel, Britain and Germany.
The U.S. and other nations believe Iran is building a nuclear weapons program, but Tehran insists it is interested only in the peaceful uses of nuclear technology.
While U.S. officials talk frequently about the threat of cyber attacks to America, they seldom discuss the country's offensive cyber weapons capability. The U.S. is thought to be the world's leader in cyber warfare, both defensive and offensive.
U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.
Foreign nations could also target military control systems, including those used for communications, radar and advanced weaponry.
Because of its advanced industrial base and large number of computer controlled machines connected to the Internet, the U.S. is thought to be highly vulnerable to a cyber attack on its infrastructure.
In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.
A video of the test, called Aurora, still posted on YouTube, shows parts flying off the generator as it shakes, shudders and finally halts in a cloud of smoke.
James Lewis, a former State Department official now with the Center for Strategic and International Studies in Washington, said in an interview that the Aurora test ushered in a new era of electronic warfare.
Before the test, he said, the notion of cyber warfare "was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon."
Homeland Security officials said they have not conducted such a test on that scale since. But they demonstrated Thursday how a hacker could tunnel under firewalls in computer systems to take command of industrial processes.
"All systems deployed have vulnerabilities," Edwards said (CBS News, 2011).
SpyEye Banking Malware Continues To Plague Computers
Date: October 17, 2011
Source: Computer World
Abstract: SpyEye banking malware continues to plague computers across the world and is proving to be a difficult cybercrime to detect and remove from infected Windows PCs, according to two researchers from EMC's RSA security division.
Uri Rivner, who is head of new technologies for consumer identity protection, and Jason Rader, chief security strategist, both donned white lab coats for their session at the RSA security conference in London last week for a technical tear-down and review of SpyEye.
The two researchers also changed their titles: Rivner became part of the dangerous malware department at RSA General Hospital and Rader the head of research for the malware epidemic division of the US CDC (Centers for Disease Control and Prevention).
SpyEye has been around for more than a year and is the successor to the Zeus banking malware. SpyEye emerged after the author of Zeus, who went by the screen name "Slavik," stopped developing it. But another person by the name "Harderman" took over the project, Rivner said.
SpyEye is a kit that is sold to other online criminals. It's easy to use, and people need a high level of technical skills to conduct an attack.
A potential cybercriminal who buys the kit can use the nice graphical interface set up so-called "drop zones," or servers to receive stolen online banking credentials. SpyEye also has configuration files customised for attacking most online banking websites. For example, it can inject extra fields over a bank's website, asking for information other than a login and password, such as the victim's credit card number and PIN.
Those fields appear to be a seamless part of the legitimate website but actually are fake, exporting the entered data to the server in the cybercriminal's drop zone.
People are unlikely to notice they've been infected SpyEye, Rivner said. "Getting infected is very, very easy," he said.
SpyEye uses a variety of tricks to stay hidden, Rader said. It will inject itself in DLLs, or dynamic link libraries - code libraries used by applications - that are legitimate. SpyEye can also delete its own installation files. "It stays persistent," Rader said.
On October 12, Microsoft said it was updating its Malicious Software Removal Tool to detect malware in the SpyEye family.
The move is undoubtedly good for users, but the MSRT might have a hard time: Rader said full-featured antivirus security suites often miss new variants of SpyEye, taking an average of 45 days to add detect for fresh variants.The MSRT also can only detect malware if it is actually running on the machine and also cannot prevent a Windows computer from being infected by SpyEye, which some antivirus suites may be able to stop (Computer World, 2012).
Title: Loss Of Life In Major Computer Attack, Warns Homeland Security
Date: October 27, 2011
Source: ABC News
Abstract: Department of Homeland Security Secretary Janet Napolitano said today that a major computer attack against critical U.S. infrastructure could result in a loss of life and massive economic damages.
“The network intrusion that shuts down the nation’s critical infrastructure .. . could cause loss of life but also a huge economic loss.” Napolitano said at a cybersecurity event sponsored by the Washington Post. “We’ve seen attempts on Wall Street, transportation systems, things of those sorts.”
Cybersecurity experts have long warned that hackers could target electrical grids and power plants, which could affect hospitals and water treatment plants.
Napolitano also said DHS offices had been probed in computer intrusions by hackers attempting to infiltrate the department’s systems, although Napolitano declined to comment on the specifics of the intrusions or specify if the intrusions had specifically targeted her office.
Napolitano discussed a wide range of computer security issues at the event and urged Congress to push forward with cybersecurity legislation that the White House proposed had in May. Despite the partisan rancor that often comes from Congress, Napolitano said she hoped the legislation could gain strong bipartisan support.
“Cyber attacks are increasing in frequency, in complexity and in consequence,” Napolitano said. “In [fiscal year] 2011 alone, our U.S. Computer Emergency Readiness Team, CERT, responded to more than 100,000 incident reports and released more than 5,000 actionable cybersecurity alerts and information products.”
Although the DHS Secretary declined to address specific instances, there have been a slew of high-profile hacking intrusions in the past 2 years:
- The FBI and U.S. Secret Service are investigating intrusions into computer systems run by NASDAQ-OMX, the parent company of the NASDAQ stock exchange, which were compromised last year
- Earlier this year RSA, the security division of the EMC Corp., suffered a computer intrusion that resulted in a breach of its firm’s intellectual property, Secure ID, which provides encrypted authentication services.
- During 2009, groups in China were behind a highly sophisticated hacking of Google and more than 30 other companies that went undetected until January 2010.
“We are in a constant state of seeing activity against critical infrastructure,” said Greg Schaffer, DHS assistant secretary for cybersecurity and communications, who also spoke at Thursday’s event.
U.S. officials believe that China had been behind many of the infiltrations; members of Congress have recently mentioned this, but diplomatic and security officials are more reluctant to attribute the infiltrations to China.
Last week, Shawn Henry, the FBI’s executive assistant director, also highlighted the damage a major computer attack could have on the United States.
“The cyberthreat is an existential one, meaning that a major cyberattack could potentially wipe out whole companies,” Henry said in a speech in Baltimore Oct. 20. “It could shut down our electric grid or water supply. It could cause serious damage to parts of our cities, and ultimately, even kill people. While it may sound alarmist, the threat is incredibly real, and intrusions into corporate networks, personal computers and government systems are occurring every single day by the thousands.”
Henry proposed having a separate Internet architecture set up for critical infrastructure assets.“U.S. innovation and ingenuity created the Internet, which is now a global phenomenon that has provided tremendous opportunities. With it, however, have come tremendous security challenges to certain users. For them, the current system will never be good enough. But it’s too late to disconnect. It’s not possible to be offline anymore, and there’s currently no alternative.” Henry said. “I don’t have the answers about how to build greater choices in the security architectures used today, but I do feel strongly that the discussions must begin now” (ABC News, 2011).
Candidates Exaggerate Threat Of Cyber Terrorism
Date: November 2011
Source: Policy Mic
Abstract: Rick Perry, Herman Cain, and Newt Gingrich rounded up Tuesday’s GOP debate on CNN by mentioning cyberattacks as one of the foremost national security threats to the U.S. today. Although cyber war is an emerging security problem for the U.S., it is not one of the top three security threats, as Gingrich stated.
The threat of cyberattacks is overblown, and the U.S. has other more problematic (and less “sexy”) issues to deal with.
Gingrich noted how unprepared the U.S. was to deal with the crime, while Perry specifically highlighted China’s People’s Liberation Army (PLA) involvement as a major issue. Cain drew on his background as a former ballistic analyst and computer scientist, noting that cyberattacks were “a national security area we do need to be concerned about.”
These concerns are overblown, because the U.S. faces deeper existential threats to its national security like the ever-looming economic crisis, energy security, or even traditional weapons of mass destruction, just to name a few.
Cyber war, cyber terrorism, and cyberattacks have so far been almost synonymous. But what the candidates should be concerned about is cyberterrorism, or attacks on critical components of national infrastructure. The discovery of the “Stuxnet” virus in a Iranian nuclear facility in Nantanz was alarming because of the potential damage it could have unleashed. Stuxnet also infected over 60,000 computers, going as far as Malaysia, Australia, and Germany. The difficulty of tracing the source of the attack and apportioning blame also makes the attacks impossible to police.
However, fears of cyberattacks have been exaggerated. There have so far been no documented cases of cyberterrorism on U.S. public facilities, transport systems, nuclear power plants, power grids, or other key components of national infrastructure. The reported cyberattacks are aimed at stealing company secrets and intellectual property. Though they were reportedly launched from China and Russia, the motivation is primarily to acquire business and technology information. These reports, moreover, remain accusations, and other U.S. companies have also been accused of cyber espionage in the attacks. Perry’s accusations against China will remain groundless unless culpability can be proven. The candidates’ fear of cyberattacks by hostile states is difficult to prove, and it is equally likely that what is happening is an online manifestation of old-fashioned corporate espionage than a new face of war.
The Stuxnet virus itself was also quickly disarmed, and neither al Qaeda nor other terrorist organizations have tried to launch a serious cyberattack. Until now, the Internet has mainly served as a medium for communication for them, not of war. And employees of critical infrastructure are well-versed in dealing with failures of their systems, having had to deal with problems caused by natural disasters. They have back-up plans in place, and the subsequent impact of cyberattacks is limited.
The US Institute for Peace noted that the media have discovered that cyberterrorism makes for “eye-catching, dramatic copy” and that “an entire industry has emerged to grapple with the threat of cyberterrorism” such that combating it has become not only a highly politicized but economically rewarding growth industry. The report also notes that: “The mass media frequently fail to distinguish between hacking and cyberterroism and exaggerate the threat of the latter by reasoning from false analogies."
The threat of cyberattacks is real, but it is not as pressing as the candidates would like you to think. The issue makes for great headlines, but the nation faces greater threats to its security than cyberattacks, and it is important to prioritize the threats and assess the threat for the actual damage it has caused so far, rather than the hype surrounding it (Policy Mic, 2011).
Title: UK Government Warns Of Surge In Cyber Attacks
Date: November 2, 2011
Source: eSecurity Planet
Abstract: According to GCHQ director Iain Lobban, major IT systems throughout the UK are facing a rising level of cyber attacks.
"Writing in the Times newspaper, the head of the UK's surveillance and listening station said that sensitive data on government computers had been targeted, along with defense, technology and engineering firms' designs," Infosecurity reports.
"'I can attest to attempts to steal British ideas and designs – in the IT, technology, defence, engineering and energy sectors, as well as other industries – to gain commercial advantage or to profit from secret knowledge of contractual arrangements', he said, adding this type of intellectual property theft doesn't just cost the companies concerned. 'It represents an attack on the UK's continued economic well-being,'" the article states.
Go to "GCHQ's director says that UK cyberattacks are on the rise" to read the details (eSecurity Planet, 2011).
Title: DHS Warns Anonymous May Target Critical Infrastructure
Date: November 4, 2011
Source: Homeland Security News Wire
Abstract: DHS is warning critical infrastructure operators that the international hacking group known as Anonymous has threatened to attack industrial control systems, the software that governs automated processes for nearly every major utility or production facility including factories, power stations, chemical plants, and pharmacies.
The security bulletin from the National Cybersecurity and Communications Integration Center was careful to note that “while Anonymous recently expressed intent to target [industrial control software], they have not demonstrated a capability to inflict damage to these systems.”
Following the Stuxnet virus at Iran’s Bushehr nuclear facility, which resulted in physical damage, cyberattacks against ICS systems have emerged as one of the greatest threats to critical infrastructure.
By taking control of the Supervisory Control and Data Acquisition (SCADA) system, the Stuxnet virus forced several nuclear centrifuges to spin out of control while it simultaneously knocked out the system’s automatic shutdown safety procedure. Analysts now fear that hackers can similarly cause power generators to explode, release dangerous chemicals, or pollute water supplies by attacking SCADA systems at various facilities.
The restricted security bulletin obtained by the website Public Intelligence, noted that hackers from Anonymous have published key programming code and other materials that instruct users on how to gain some access to ICS systems.
Furthermore Anonymous “could be able to develop capabilities to gain access and trespass on [ICS] networks very quickly,” the report cautioned.
In particular, oil and gas companies may be at greatest risk due to Anonymous’ “green energy” agenda in which it has supported the campaign against the Keystone XL oil pipeline and the Alberta Tar Sand project in Canada.
“This targeting could likely extend beyond Anonymous to the broader [hacker activist] community, resulting in larger-scope actions against energy companies,” the bulletin warned.DHS concluded by urging “owners and operators of critical infrastructure control systems … to engage in addressing the security needs of their [ICS] assets” (Homeland Security News Wire, 2011).
Title: US Wouldn't Stand Up To Cyber Attacks
Date: November 9, 2011
Source: Tech Eye
Abstract: America is so vulnerable to cyber attacks that it might deter US leaders from going to war with other nations, a former top US cybersecurity official has warned.
Richard Clarke, a top adviser to three presidents, has given a dire assessment of America's cybersecurity and said that the country simply can't protect its critical networks.
According to Physorg, if anyone in the axis of evil decided to attack the US, its critical systems would roll over in a matter of minutes.
China, North Korea, Iran and Russia could retaliate against the US's military might by launching devastating cyberattacks that could destroy power grids, banking networks or transportation systems, he said.
Some of the problem, he claims, is that the US military has spent a fortune on kit which could be disabled before they get to a battlefield.
While the US might be able to blow up a nuclear plant or a terrorist training centre somewhere, a number of countries could strike back with a cyberattack and "the entire US economic system could be crashed in retaliation".
Clarke said that if the US goes to war with a cybersecurity-conscious, cybersecurity-capable enemy then it is unlikely that any of its stuff is going to work.
He said that the US also needs to make it clear to countries such as China that efforts to use computer-based attacks to steal high-tech American data will be punished.
Although if it lobs a missile its way, the Chinese could close the land of the free by refusing to make any of its technology (Tech Eye, 2011).
Title: Cyber Attack Threats Continue To Grow
Date: November 10, 2011
Source: Fierce Finance
Abstract: It's fair to say that the SEC and other government agencies have awakened when it comes to cyber threats. After a string of hacks that victimized the likes of Citigroup, RSA and Google, the SEC recently issued some guidance about disclosure issues in the wake of an attack. Some companies are acting on the flip side as well, disclosing possible risks associated with potential cybercrime in financial filings.
Footnoted.org has noted that the CME Group included in a recent filing a warning about the hacking group Anonymous and others who might start some sort of attack on an exchange or financial firm in sympathy with the Occupy Wall Street movement. The filing noted that Anonymous ostensibly issued a warning recently that it would embark on a denial of service attack on the NYSE. To be sure, people claiming to be from Anonymous quickly disavowed that threat.
In general, it would be hard to link hackers with the protest movement at this point.
"We're not sure if CME really means to lump Occupy Wall Street together with Anonymous so indiscriminately, or if it's a kind of rhetorical sleight of hand. For our part, we haven't heard of any Occupy Wall Street-linked cyber-attacks--beyond suggestions that Anonymous members supporting the movement might try to hack the New York Stock Exchange--and to our eye the two groups seem pretty different, except perhaps for a penchant for pseudo-revolutionary sloganeering and a generally anti-corporatist attitude," according to the post, which seems right on.
But whether hacking groups and the protestors are aligned or not doesn't really matter. Exchanges and banks face a new world of security threats, and the biggest criminals frankly may not give a hoot about Wall Street. Just look at the recent breach at Nasdaq, which compromised board-level information at a host of countries. In many ways, the scariest threats are those behind the rise in so-called Advanced Persistent Threats. Beware (Fierce Finance, 2011).
Title: Can Hackers Unlock Prison Doors?
Date: November 10, 2011
Abstract: Officials with the Federal Bureau of Prisons have been informed that U.S. penitentiaries could be vulnerable to cyber attacks that would help prisoners escape.
Most American prisons are operated by industrial control systems (ICS) that also are used by power plants, water treatment facilities and other infrastructure operations. ICS’ vulnerability was demonstrated two years in Iran, when hackers sabotaged that country’s nuclear program by exploiting its Siemens programmable logic controllers (PLCs). Almost all of the 117 federal correctional facilities, 1,700 prisons and 3,000+ jails in the United States use PLCs to control doors and manage their security systems.
In the case of prisons, a cyber attack could disable controls that lock cell doors, while “the system would be telling the control room they are all closed,” John Strauchs, a former Central Intelligence Agency operations officer whose firm produced the report for the bureau, told the Washington Times.
Hackers also could disrupt secure communications throughout a prison and crash closed-circuit television systems, leaving guards blind to certain wings and hallways, according to Strauchs (AllGov, 2011).Title: Pull The Cyber War Trigger, If We Have To
Date: November 11, 2011
Source: AOL Defense
Abstract: One of the most disturbing aspects of our nation's current response to cyber attacks is a creeping passivity that permeates discussions surrounding the topic. Fueled by less-than-robust, defense-oriented national and DoD cyber strategies, some of the leading voices in the US's national security establishment seem to have given up the fight without even entering the arena. Such attitudes are not only counter-productive, they undermine our current cyber security efforts as well as the nation's security as a whole. There is plenty the nation can do to secure its cyber infrastructure and those efforts should be championed by the national security establishment.
It is certainly true that our cyber infrastructure needs to be better protected. Numerous studies have pointed to vulnerabilities within both governmental and private sector IT networks that could be exploited by those wishing to do us harm. The sheer number and severity of recent hacking and phishing incidents is worrisome enough. Therefore, the idea that there should be uniform cyber security guidelines for both private and public elements of the critical national infrastructure has merit. There should be a public-private partnership to craft and enforce these guidelines. Current cyber security efforts by the government and the private sector are only beginning to address this problem.
While the Department of Homeland Security has the lead responsibility for domestic cyber security, the Department of Defense also has a significant role to play both in protecting the homeland and in integrating the cyber component into our offensive and defensive military capabilities. To be sure, the new DoD cyber strategy unveiled this summer discusses how the military can help protect the nation's IT infrastructure. However, this so-called strategy has one fatal flaw. It completely omits any discussion of offensive cyber capabilities that could be brought to bear on an adversary and it (at least in its unclassified form) does not provide a strategic foundation for the military to develop a sound cyber doctrine. In short, the DoD cyber strategy is one in name only. It does not tie the ends we seek with the ways and means we hope to use to achieve those ends.
That brings me to a meeting of cyber security experts held earlier this week in Washington. Among the attendees was Richard Clarke, former counterterrorism advisor to three past presidents and a cyber security advisor to former President George W. Bush. During the conference, Mr. Clarke commented that any National Security Advisor worth his or her salt would warn the President that we could not attack other countries "because so many of them – including China, North Korea, Iran and Russia – could retaliate by launching devastating cyberattacks that could destroy power grids, banking networks or transportation systems."
That would be like Secretary of War Henry Stimson telling FDR in the run-up to World War II that we couldn't fight the Nazis because they had tanks and ours weren't as good as theirs. One can only imagine how that would have gone over with the Greatest Generation.
Now, to be fair to Mr. Stimson, he would have never said such a thing. He was as much an anti-Nazi as anyone in Roosevelt's administration. What, then, would prompt Mr. Clarke to assert that our cyber vulnerabilities are so bad that we could not risk attacking another country? More importantly, does he have a point?
Mr. Clarke certainly knows how vulnerable our national infrastructure is to cyber attacks. Our banking system, power grid, transportation system and other aspects of our infrastructure are quite vulnerableto those attacks. A failure of one or more of these infrastructure components would have significant implications for our nation's security and our way of life. In certain cases it could even result in mass casualties among the civilian population.
For the military, the loss of its ability to communicate via satellite, to use GPS, or to gather and fuse intelligence using cyberspace would be devastating as well. The potential loss of these capabilities could change the way America wages war – and not for the better.
All of this is true, especially if nothing is done to protect our core national infrastructure. But, the fact is that much is being done both within the government and in the private sector to mitigate and, eventually, overcome these dangers.
It turns out the federal Government is actually working this issue. On the same day that Mr. Clarke made his assertions, the head of the Defense Advanced Research Projects Agency (DARPA), Regina Dugan, spoke of the need for the military to have "more and better options" to meet current and future cyber threats. Fully aware that many of the products we use in our daily lives depend on unfettered access to the cyber domain, DARPA is seeking to create the tools we need to ensure that continued unimpeded access.
Oddly, in a seeming contradiction, Mr. Clarke also spoke of punishing China and other nations who purportedly use cyber attacks "to steal high-tech American data." The problem with that line of reasoning is that you cannot punish someone if you're reluctant to use coercive force against them.
The implications of Mr. Clarke's policy prescription of not being able to even threaten action against nations waging cyberwar against us would be devastating. Nations and non-state actors seeking to do us harm in cyberspace would, if we followed his advice, act with impunity against us. The nightmare scenario of our banking, transportation and other infrastructure systems not working would come to pass. A military overly reliant on GPS and other aspects of its cyber infrastructure would be rendered useless. The military, the rest of the government and the private sector need to develop ironclad responses and true "work-arounds" to actual and potential cyber attacks. We must develop a coherent national strategy to make these "work-arounds" possible and to employ them when necessary.
While we should not advertise our specific offensive cyber warfare capabilities, we should put potential adversaries on notice that there will be consequences to cyber attacks on our country. The key to our security in all dimensions of warfare (land, sea, air, space and cyber) is to ensure that such adversaries fear our potential reaction. That is why the military must develop redundant capabilities, some of them harkening back to the pre-cyber era, so as to ensure the flexibility of our responses. The more difficult it is for adversaries to predict what our reaction might be, the less willing they will be to put their own critical national infrastructure at risk.
These adversaries should know that our offensive cyber capabilities have the potential to wreak at least as much havoc on their IT infrastructure as they may plan to wreak on ours. Such a deterrent would give pause to rational state and non-state actors. but we also have to be prepared to deal with those who are undeterred, whether they are rational or irrational international actors. The development of a robust suite of offensive cyber capabilities is, therefore, a national imperative.
It may be instructive to think of cyberspace as being similar to the sea or to space. There is a "commons" to protect; an area shared by all nations that allows each of them freedom of navigation. It also facilitates travel and communication. A "commons" is often protected by a consortium of powers. We see this in the world's reaction to the Somali pirates plying the Indian Ocean. Nations as diverse as the United States and China are working together to stop piracy in this region and to ensure freedom of navigation. That tells me that every effort should be made to establish agreed-upon international norms of behavior in cyber space. Once we achieve those, then the job of securing the cyber domain will become every nation's responsibility.To get there, though, we need to show our resolve to protect our interests in this rapidly evolving domain.
It is absolutely imperative that we develop both offensive and defensive cyber capabilities to protect our national infrastructure. And we need to let those who attack us know we have the ability to cripple or destroy them. Waving the white flag of surrender because we fear what others may do to us in the cyber world is not an option. Acquiescing to international cyber bullies will only embolden them and it will harm our efforts to secure the cyber commons. Now is the time to craft the tools, policy and doctrine that will insure our unfettered access to cyberspace (AOL Defense, 2011).
Title: Pentagon: Offensive Cyber Attacks Fair Game
Date: November 15, 2011
Source: Washington Post
Abstract: The Pentagon has laid out its most explicit cyberwarfare policy to date, stating that if directed by the president, it will launch “offensive cyber operations” in response to hostile acts.
Those hostile acts may include “significant cyber attacks directed against the U.S. economy, government or military,” Defense Department officials stated in a long-overdue report to Congress released late Monday.
But the report is still silent on a number of important issues, such as rules of engagement outside designated battle zones — a sign of how challenging the policy debate is in the newest and most complex realm of warfare.
The statements are consistent with preexisting policy, but have never before been stated quite so explicitly, even in the Pentagon’s recently released cyberspace strategy.
That strategy focused on the importance of deterring attacks by building defenses that would “deny” adversaries the benefits of success. In the latest report, the Pentagon states that adversaries threatening a crippling cyber attack against the United States “would be taking a grave risk.”
Indeed, officials noted that when defense-based deterrence fails to stop a hostile act, the Pentagon “maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains.”
James E. Cartwright Jr., the recently retired vice chairman of the Joint Chiefs of Staff, who has criticized U.S. cyberstrategy as being too focused on defensive issues, said the report “is a good start at documenting how the U.S. will both defend our interests in this vital domain and deter those who would threaten those interests.”
Cartwright had publicly stated over the summer that a strategy dominated by defense would fail, telling reporters then: “If it’s okay to attack me and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy.”
The latest report, issued in response to a congressional requirement to answer key cyberwarfare policy questions by March 1, 2011, reiterated that the United States will “exhaust all options prior to using force whenever we can” in response to a hostile act in cyberspace.
In May, the White House’s international cyberstrategy declared that the United States reserves the right to use all necessary means — diplomatic, informational, military and economic — to defend the nation against hostile acts in cyberspace.
The new report, though, reflects the tensions inherent in cyber policy. Taken with past budget documents, it suggests a need for automated, pre-approved responses to some hostile acts in cyberspace.
But the report makes clear that offensive actions will be carried out only as directed by the president.
And it states that specific rules of engagement for the defense of computer networks have been approved for “areas of hostilities” or battle zones. There is just one area of hostility today — Afghanistan.
“The question is, how, and to what extent, are they thinking about automated responses?” said Herbert Lin, a cyber expert at the National Academy of Sciences.
Such responses, he said, “are fraught with danger. Without people in the loop, you’re much more likely to do unintended stuff” (Washington Post, 2011).
Date: November 16, 2011
Source: Daily Mail
Abstract: Defence chiefs have warned that the U.S. is prepared to retaliate with military force if it came under cyber attack.
In the most explicit statement about cyber security to date, Pentagon officials said that they reserved the right to use ‘all necessary means to defend our allies, our partners and our interests.’
‘When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country,’ the 12-page report to Congress noted.
Hostile acts, it said, could include ‘significant cyber attacks directed against the U.S. economy, government or military’ and the response could use electronic means or more conventional military options.
The report, mandated by the 2011 Defence Authorisation Act, was made public yesterday.
Cyberspace is a particularly challenging domain for the Pentagon.
Defence Department employees operate more than 15,000 computer networks with seven million computers at hundreds of locations around the world.
The networks are probed millions of times a day and penetrations have caused the loss of thousands of files.
Their vulnerability was highlighted by the case of Bradley Manning, who is accused of stealing hundreds of thousands of documents and passing them to the anti-secrecy website WikiLeaks.
Private companies also face relentless cyber attacks, including an increasing number linked to countries like China and Russia, and they have grown increasingly frustrated about the U.S. government's lack of response.
‘There is a massive amount of frustration on the part of the private sector,’ Dmitri Alperovitch, the former vice president of threat research at McAfee, told an event hosted by the George C. Marshall Institute.
U.S. companies are losing billions of dollars to cyber theft each year, he said.
‘Nothing is being done,’ Alperovitch said. ‘Something has to be done from a policy perspective to address the threat ...
‘The fact that it is China, the fact that it is Russia. What are we going to do to face those countries and get them to stop?’
The report said the Defence Department was attempting to deter aggression in cyberspace by developing effective defences that prevent adversaries from achieving their objectives and by finding ways to make attackers pay a price for their actions.
‘Should the “deny objectives” element of deterrence not prove adequate,’ the report said, ‘DoD (Department of Defence) maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains.’
Key to a military response is being able to quickly identify the source of an attack, particularly challenging due to the anonymous nature of the Internet, the report said.
In an effort to crack that problem, the Pentagon is supporting research focusing on tracing the physical source of an attack and using behavior-based algorithms to assess the likely identity of an attacker, the report said.
U.S. security agencies also are grooming a cadre of highly skilled cyber forensics experts and are working with international partners to share information in a timely manner about cyber threats, including malicious code and the people behind it, it said.
Attacks on U.S. computer networks have become more frequent and more damaging in recent years, costing U.S. companies an estimated $1 trillion in lost intellectual property, competitiveness and damage. One defence company lost some 24,000 files in an intrusion in March.
Lani Kass, who recently retired as a senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said enemies of the United States were becoming more savvy every day.
‘You have got to assume that what we do in cyberspace can be done to us quicker, cheaper and with fewer restrictions," she told Reuters after the Marshall Institute event.
Before moving to offensive action, the United States would exhaust all other options, weigh the risk of action against the cost of inaction and ‘act in a way that reflects our values and strengthens our legitimacy, seeking broad international support wherever possible,’ the report said.
‘If directed by the president, DoD will conduct offensive cyber operations in a manner consistent with the policy principles and legal regimes that the department follows for kinetic capabilities, including the law of armed conflict,’ the report said.
The report followed the release in mid-July of the Pentagon's cybersecurity policy, which designated cyberspace as an ‘operational domain’ like land, sea and air where U.S. forces would be trained to conduct offensive and defensive operations (Daily Mail, 2011).
Date: November 19, 2011
Source: ABC News
Abstract: A massive cyber attack on American infrastructure is the 21st-century equivalent of the neutron bomb. All buildings remain standing but systems inside them are rendered useless. Human beings aren't killed on a large scale, but few, if any, are left standing either. And while this sounds pretty dire, it's quite likely some segment of this nation will at some time be shut down by cyber terrorists.
Late last month Janet Napolitano, Obama's homeland security chief, made some startling statements at a live event on cyber security sponsored by the Washington Post. For example, she said that hackers have "come close" more than once—maybe several times, or maybe many times—to compromising critical segments of America's infrastructure. In particular, she mentioned that big banks and transportation systems were popular targets for cyber attackers. When she was asked how many cyber attacks might have occurred during her 45 minute conversation, Napolitano replied, "Thousands." And if that weren't enough by itself, her most ominous remark was delivered in almost desultory terms: "I think we all have to be concerned about a network intrusion that shuts down part of the nation's infrastructure in such a fashion that it results in a loss of life."
It goes without saying that if an attack successfully shut down essential services, people would die unnecessarily. Curiously, Secretary Napolitano's remarks didn't attract a great deal of attention because it wasn't news like it used to be. Large-scale data breaches or security hacks themselves are reported, but not highlighted as much, because they happen so frequently. It's similar to the criticism that the media sometimes considers shootings in "bad" neighborhoods as common occurrences and no longer really treats them as newsworthy. As a result, the near-apocalyptic observations about a hidden part of America (the binary bits of the cyber highway) by a cabinet level officer also seemed to go unnoticed, drowned in a sea of news about gridlock in Washington, collapsing governments in Europe, and the brain blips of certain presidential candidates.
By this time we all know that most major institutions of government and industry have been hacked in some way, shape or form. Millions of people were compromised when Sony, Citibank, the Department of Veterans Affairs, contractors for the Department of Defense and others were successfully breached.
At least we heard about those.
A couple of days ago, Virginia Commonwealth University disclosed that a server containing files with the personal data, including Social Security numbers, of 176,567 current and former students, faculty, staff and affiliates had been compromised. From what I can tell, this breach wasn't reported anywhere except in local media and some security and tech websites. So I guess we're not likely to hear much about breaches of this type as time goes on, because they've become the equivalent of "white noise." But especially after hearing Ms. Napolitano's comments, perhaps we don't hear about other cyber attacks—hopefully far less common—which are directed at hurting all of us instead of just some of us, for very different reasons (ABC News, 2011).
Title: 'Outdated Cyber Defences Could Be Turned Against Us'
Date: November 22, 2011
Source: Defence Management
Abstract: Ahead of the launch of the government's cyber security strategy, former security minister Baroness Pauline Neville-Jones has argued that unlike traditional military defences, outdated cyber defences could actively aid the people they are trying to keep out
Cyber security and defence are complex and growing areas, taking up more and more time in the minds of the military and wider public sector alike. Who the main actors are, what are their targets and weapons of choice and what can be done to protect against cyber threats are questions without a single, convenient answer. Government, then, in coming up with its updated Cyber Security Strategy, must be prepared to develop a full understanding of the risks cyber-attacks present as well as a flexible way of dealing with a growing number of attacks against its own systems, and those of industry and private individuals.
At the Royal United Services Institute's cyber conference, former security minister Baroness Pauline Neville Jones said that the country was very much at the beginning of its development in terms of being cyber secure.
"These are the foothills of a long journey where the world which we're inhabiting is changing extremely rapidly around us," she said, "and one of the features of the landscape is both its volatility and the rapidity of change, which makes it hard to handle."
Only "top-rate performance" will do in aiming for cyber security, said Neville-Jones, with mediocrity leaving systems open to all the risks associated with being out-of-date. Even slipping slightly behind the times in one area of cyber defence - not patching a critical security flaw in time, for example - would mean hackers may be able to turn those defences against their owners.
"Whereas it's not optimal to have a second rate gun in service, which will reduce capability, you wouldn't normally find yourself in a situation where that gun by its inferiority posed an active threat to you," she said. "That's perfectly possible, however, in cyber.
"An inadequately secure system which has been penetrated has not only had its integrity destroyed but it may be actively aiding the enemy. And another unusual feature of cyber, one we must take account of, is that you may be unaware its happening."
The breach of RSA's SecurID tags in March this year was agreed by many at the conference to be a 'game changer' for cyber security. The attack eventually led to around 40 million of the ubiquitous tags being replaced, but the damage had already been done and was said to have led to further attacks on systems that used SecurID, including an attempted breach of Lockheed Martin's computer systems in May.
"We are dealing in cyber with a revolutionary technology which overcomes the constraints of time and distance and which is quite clearly the base of globalisation," said Neville-Jones. "It flattens hierarchies and it transfers power in hierarchical societies from ruler to ruled; and it enables economies to leapfrog stages of development and each other in the world of competition for wealth creation.
"In this high stakes world, middling performance will not do. You cannot be half-secure."
The UK faces an "avalanche" of attacks on a daily basis, designed to steal intellectual property and assets from business, files from government servers and personal data from individuals. In that respect it makes sense for the shoring up of cyber defences to be a partnership between government and the private sector.
"The private sector runs the infrastructure in this country, by and large, it is the possessor of the intellectual property which we're trying to safeguard, which is the seed corn of our wealth," said Baroness Neville-Jones. "So it's much more intelligent for government in that situation to reach out for co-design than it is to try to impose rules."
The co-design should be built in to the government's forthcoming cyber security strategy, she said. "National security is clearly more than just the sum of policy in the FCO and the MoD. Cyber security requires a whole society response. I think it's fair to say that we haven't yet got far down this road –although government is aware of what is at stake and what needs to be done; and you can hear the gears grinding a bit.
"Too many people and organisations still regard responsibility for security generally - and for cyber security in particular - as somebody else's bag; and probably the government's. I don't think that's an attitude that can continue. Altering attitudes to the importance of security and personal responsibility for it and in it is one of the tasks that lies ahead of us."
The government's strategy must aim to make the key cyber players able to "repel and block" cyber attacks through built-in resilience, as opposed to just being able to mitigate their after effects, said Baroness Neville-Jones.
"That is a different order of ambition and is much harder to achieve," she said. "We do have to get serious about high levels of resilience in key parts of the system which I don't think we're doing at the moment. We are still at the stage now of quickly scrambling, nimbly, actually to deal with an emerging problem. We need to get to the stage where we have deterrence built in. That's a long way to go, and we haven't got there yet. We need, therefore, resilience embedded in systems - not just bolted on - and formidable enough to deter attack. That should be the long-term goal of what is described in the National Security Strategy (NSS) as a transformative policy.
"Whether the existing tranche of money [the £650m set out in the NSS] will get us all the way, I don't know. If you asked me to guess, probably not."
More investment and partnership must be joined by greater leadership on the government's part, said Baroness Neville-Jones. The need to secure classified and defence information on government systems is perhaps the most obvious aspect of government's cyber responsibility, and Whitehall should lead from the front in the bid to build defences.
"Government systems have to be models of resilience and security," she said. "You can't preach and then fail to act yourself. And it's obviously crucial in the area of defence. Government systems do have to incorporate defence intelligence and general government classified information."
The strategy must also look further into the future, beyond even its own lifespan, in tackling the UK's "very serious" cyber skills gap.
"We do not have and we are not training enough people who actually have the necessary skills," said Neville-Jones, adding that students are not taught that 'cyber' represents a viable career path."If you ask sixth former about a career in cyber they've never heard of it. It needs to be changed because it needs to be embedded in the mindset of the country" (Defence Management, 2011).
Eplodes In Syria
Date: November 22, 2011
Abstract: A familiar digital chime rang on the computer. Someone was calling via Skype from Syria.
It was a law student and opposition activist from the city of Homs who uses the pseudonym Musaab al Hussaini to protect himself from arrest. He had fresh reports that security forces were shooting guns wildly in the neighborhood Baba Amrr.
Hussaini was calling via Psiphon, an online encryption system he had just installed that morning. He said it protected him from detection by the Syrian security services, also known as mukhabarat.
"Yeah, I feel safe now, because I use software to get an encryption connection to the Internet," Hussaini said. He said Psiphon also allowed him to circumvent government firewalls which block access to popular communications sites like Skype.
"If you want to open Skype in Syria today, we cannot, because its blocked. And if it was opened, we would be afraid of everything ... of making a voice call. We are afraid to be recorded by the mukhabarat," he said.
Psiphon is a surveillance-busting networking system designed by a Canadian company with funding from the U.S. State Department. The company's CEO told CNN the software had been "aggressively" introduced to Syria just three weeks ago. Since then, thousands of people had begun using it.
"What we're doing is not much different to what the airwaves provided during the Cold War to provide those citizens living behind the Iron Curtain with an ability to get information which otherwise they were not getting from their state," said Rafal Rohozinski, CEO of two companies involved in developing Psiphon.
"Whereas shortwave radio during the Cold War was very unidirectional ... with the Internet these technologies are by definition bidirectional, meaning that it gives an opportunity for citizens within these states to also communicate amongst themselves and with the outside world."
For the past eight months, Syria has been locked in a bloody cycle of anti-regime protests and violent crackdown. The United Nations accuses government security forces of systematic torture, disappearances and the use of deadly force to crush dissent. More than 3,500 people have been killed since March. The UN's top human rights monitoring commission has repeatedly accused the Syrian regime of carrying out crimes against humanity.
But this bloody test of wills is not only being fought in the streets. Activists, diplomats and IT specialists say there is also a high-stakes war of information being waged in cyberspace.
Since media are strictly controlled by the Syrian government, and foreign journalists are by and large prohibited from entering the country, the Internet has played a vital role for Syrian opposition activists smuggling out images of atrocities carried out by security forces.
"Regimes like that of (Syrian President) Bashar al-Assad know very well how access to information but also free expression and press freedom are a risk to him if he wants to continue to control all the power," said Marietje Schaake, a Dutch member of the European Parliament who is an outspoken advocate for freedom of expression, particularly over the Internet.
"We've seen an enormous crackdown on people, but also through the information systems and communications tools that they are using, and that's quite frightening," Schaake said.
Some observers argue the Internet has become a battleground in an all-out Syrian cyberwar. One side in the conflict is even referred to as the Syrian electronic army.
On November 14, the European Union slapped sanctions against 18 Syrian individuals closely associated with the alleged abuses of the Damascus regime. Among those singled out to have their assets frozen were George Chaoui, Amar Ismael and Mujahed Ismail. The EU described each as a "member of (the) Syrian electronic army. Involved in the violent crackdown and call for violence against the civilian population against Syria."
"The Syrian electronic army is basically a group of hackers built around the Syrian computer club which at one time was under the patronage of Bashar al-Assad. Its IP addresses indicate that it is collocated in facilities which belong to the Syrian government," said Rohozinski of SecDev, who has worked closely with the University of Toronto's Citizen Lab program documenting the Syrian conflict in cyberspace.
"They have been responsible for a number of high-level hacking attacks against a variety of targets including Syrian opposition movements," he added.
The arsenal of IT weapons the Syrian government uses to control information apparently includes surveillance hardware and software developed by Western companies, as well as by American corporations that are barred by U.S. sanctions from selling such technology to Syria without first obtaining a license.
This month, the California-based Internet security companies NetAPP and Blue Coat announced they would cooperate with U.S. authorities, after a series of investigative reports by Citizen Lab and the Bloomberg news website revealed their web-monitoring products were being used by the Syrian government.
"We condemn the use of our storage by the Syrian government to repress it own people," NetApp wrote in a statement on its website.
Blue Coat also confirmed that some of its ProxySG appliances were operating from IP addresses in Syria, saying they were "apparently transferred illegally to Syria."
"We do not know who is using the appliances or exactly how they are being used," Blue Coat announced on its corporate website this month. "Blue Coat is mindful of the violence in Syria and is saddened by the human suffering and loss of human life that may be the results of actions by a repressive regime. We don't want our products to be used by the government of Syria or any other country embargoed by the United States."
Subsequently, Citizen Lab, which is affiliated with the University of Toronto, said it had identified Blue Coat devices on four other IP addresses "belonging to the Syrian Communications Establishment."
Meanwhile, the Italian company Area SpA, which works with law enforcement agencies to monitor telephone and Internet communications, and the German data encryption company Ultimaco have also issued statements announcing they were freezing their work in Syria.
In a series of articles, Bloomberg revealed Area had been contracted to install an electronic surveillance system in Damascus using products from NetAPP and Ultimaco.
In response, Area SpA's CEO, Andrea Formenti, was quoted in Italy's Corriere della Sera newspaper this month announcing that his company had no employees in Syria and that the project had not made any progress in the last two months.
"The interception system has never been activated and cannot be under current circumstances. There has been no repression carried out thanks to our equipment," Formenti told Corriere della Sera.
"These technologies can be as effective as weapons," argued Schaake, the European Parliament member. She has called for a broad inquiry into the role that information and technology companies are playing in countries like Syria.
"We cannot turn a blind eye to the serious human rights violations that happen with Western-made technologies," Schaake said.
Schaake said activists have described being confronted during interrogations with Syrian security forces with detailed transcripts of their conversations, which are evidence of electronic eavesdropping.
And a Western diplomat stationed in Ankara, the Turkish capital, said on the eve of a planned Internet video conference between Syrian exiles in Turkey and dissidents in Syria, many of the Syrian participants were raided by security forces.
"The day before, the Syrian regime went in and killed ten of them and the whole thing fizzled out," said the diplomat, who has been in close contact with the Syrian opposition. "If we would have had Psiphon then, I think we could have avoided that."
The Syrian government clearly has far greater technological resources than the opposition. But the Syrian cyberwar is not a one-sided conflict.
Damascus accuses foreign governments, as well as international broadcasters like Al Jazeera, CNN and the BBC, of aiding and abetting "armed terrorist groups," the term the Syrian government often uses to describe the opposition movement.
Syrian security forces recently announced they seized large numbers of police radio scanners and satellite phones, according to a report published by Syria's state news agency, SANA.
Confiscated communication devices included "Thuraya satellite mobile phone sets which were used for satellite communication among the terrorists and those who work with them and between them and the misleading satellite TV channels," SANA wrote.
SANA accused foreign governments of smuggling communication devices across borders and of strengthening cell phone signals to allow opposition members to roam on foreign phone networks as far as 50 kilometers into Syrian territory.
Last summer, as thousands of Syrians fled across the border to Turkey to escape Syrian security forces, some Syrian opposition members used Turkish 3G data connections to share images of terrified families camping in the countryside and of Syrian security forces shooting at civilians.
SANA also published photos of seized satellite technology it claimed was used by the Israeli and U.S. military.
"The existence of these devices in Syria indicates the clear involvement of these countries ... to back the terrorists in Syria with advanced internet and communications systems," SANA wrote.
While a growing number of Western and Arab governments have denounced the Syrian regime's pattern of human rights abuses and held meetings with Syrian dissidents, so far none has admitted to supplying communication devices directly to the opposition.
However, the U.S. government has publicly declared it supports freedom of access to the Internet globally. Washington has also supported the development of encryption technologies for use in authoritarian countries, including Psiphon, which is now being used in Syria.
Psiphon creator Rohozinski said he and his company had been in direct contact with Syrian opposition activists to deliver the networking system.
Rohozinski said Psiphon establishes a private connection between a person's phone or computer "to a part of the Internet cloud that makes it very difficult for the authorities to know where that person is going through. Moreover, it usually both encrypts and obfuscates that connection."
Rohozinski said Psiphon is distributed through the discrete delivery of a link.
"It can be an SMS message, it can be an e-mail, it can be a link to a website that says 'go here to get a secure tool,'" Rohozinski said. "They go there, and either that tool opens when they click on the link, or they download a small application which will run natively on their device and provide that kind of service."
In Homs, activist Musaab al Husaini told CNN he had just shared Psiphon with two of his friends. Previously, he said, opposition groups had used several other similar systems to avoid authorities, the most well-known network probably being TOR.
Psiphon appeared faster and easier to use, Husaini said. Connectivity was essential, he added, because most of the activists were communicating across Syria and abroad via Facebook and Skype.
Despite the advantages offered by online social networking, demonstrators continued to risk life and limb protesting in the streets.
"My cousin has been arrested. There are more than five or six of my friends that have been killed," Hussaini said. But the risks were worth the sacrifice, he said.
"We are fighting for freedom, for democracy, for dignity," Hussaini concluded. He said goodbye, and the encrypted Skype call from Syria ended with a digital burble (CNN, 2011).
Detects 'Talk' About Internet Terror Attack
Date: November 25, 2011
Source: Wall Street Journal
Abstract: British intelligence picked up "talk" from terrorists planning an Internet-based attack against the U.K.'s national infrastructure, a British official said, as the government released a long-awaited report on cyber security.
Terrorists have for some time used the Internet to recruit, spread propaganda and raise funds. Now, this official said, U.K. intelligence has seen evidence that terrorists are talking about using the Internet to actually attack a country, which could include sending viruses to disrupt the country's infrastructure, much of which is now connected online. The official spoke on condition of anonymity and didn't say when the infrastructure threat was detected and how it was dealt with.
Terrorists, however, are still more focused on physical attacks that lead to high casualties and grab attention. "For the moment they prefer to cover the streets in blood," he said.
The disclosure came as the U.K. released a paper detailing its cyber security strategy, setting out how the country plans to protect its economy and infrastructure online. The U.K. wants to position itself as a center for cyber security internationally, in a bid to attract more business. Terrorism, along with other threats such as cyber crime and state espionage, were highlighted as risks.
Despite deep cuts to the overall budget, Britain will put an extra £650 million, or about $1 billion, into cyber security in coming years. Among measures, the country is creating a cyber security hub in which the government and private sector can share real-time information on attacks and responses.
With so much of the developed world's infrastructure and economy online, countries increasingly coordinate their defenses. Governments across the European Union will coordinate for a continent-wide exercise in 2012, according to the paper that accompanies Friday's announcements.
But as governments step up their efforts to secure their internet systems, they are finding it hard to afford the best private talent in this field. Given this the U.K. wants to recruit a number of "cyber-specials," or part-time specialists who will help the police tackle cyber crime and a similar slew of reservists for Britain's armed forces.
A large part of the strategy is aimed at helping the U.K. to market itself as a center of cyberprotection for the private sector.
governments, including the U.S., have focused their response to cyber threats
on the military and national infrastructure. But Britain also is focusing on
ordinary business, hoping to tout Internet security as a competitive advantage,
the way many countries flaunt their tax regimes and pro-business regulations (Wall Street Journal, 2011).
Title: Odds Of
Hacker 'Shenanigans' During The Presidential Primaries Are High
Date: December 16, 2011
Abstract: Expect hackers to try to disgrace presidential candidates with electronic extortion and other forms of digital deception during the upcoming primaries, say some former hackers and computer security specialists.
The surge in social networking has coincided with the rise of social engineering, or tricking a computer user into revealing personal data -- perhaps the answer to a password recovery question -- by posing as a trusted acquaintance. Hacker collectives Anonymous and LulzSec, and presumably China, have exploited this tactic, and other online gambits, to filch law enforcement authorities' personal data, and to gain access to the Gmail accounts of senior federal officials and military email addresses.
Now, perpetrators with a variety of motives are likely to apply the technique for infiltrating campaign email accounts, publishing falsehoods that go viral or knocking out candidate websites with denial-of-service attacks that inundate them with useless traffic, say cybersecurity experts.
"There's a pretty high probability of shenanigans," said Jennifer Emick, a security consultant who shed her affiliation with Anonymous after growing concerned about stunts she said verge on criminal. "With all the social networking -- they call it open source intelligence -- you can impersonate people the targets know on Facebook and have access to photos or personal information."
Some individuals apparently have attempted to pay hackers to shutdown sites that cast shadows over their favored candidate.
According to a 2011 chat room log obtained by Nextgov, one Internet user nicknamed "M" entered the room - a meeting place for hackers -- and asked if a member named "Jester" was "helping out with Rick Santorum's problem." The Jester is a prominent hacker known for attacking pro-jihad sites. M, an apparent supporter of former Pennsylvania senator and current GOP presidential candidate Santorum, then explained that "Jester is generally targeting liberal sites so I thought he might be in on this."
A chat room member clarified for M that The Jester typically attacks extremist sites. M replied that "this is an extremist gay site" -- likely a reference to SpreadingSantorum.com, a satirical, widely-visited site created by a gay columnist in retaliation against the conservative politician's arguably anti-homosexual views. After several in the room reiterated that M was looking in the wrong forum, the individual signed off.
Santorum's campaign staff did not respond to a request for comment.
Emick priced a job like taking out that site at $1,000 to $2,000, due to the risk and hour or two of work involved - enough for a hacker to pay rent for a couple of months, she said.
Other hackers have their own political leanings, as evidenced by a college student who in 2008 commandeered then vice presidential candidate Sarah Palin's personal Yahoo! mailbox reportedly to find content that could undermine her campaign. According to federal prosecutors, David C. Kernell reset Palin's account password by accurately guessing the answers to her security questions, read her messages and then posted screenshots of the emails online.
"We had Watergate 40 years ago, but maybe today the therapists' email would simply be hacked, or the computer where they stored all of their clients' records would be hacked into," said Jack Lerner, a technology law professor at the University of Southern California.
This election season, "I don't think it is beyond the realm of possibility that hackers could execute denial-of-service attacks to disrupt a campaign's online operations, or, say, break into campaign email accounts to spread disinformation or damaging information about the candidate or the candidate's opponent -- if that kind of thing hasn't happened already," he added.
A glance through the biographical information in publicly available social network profiles can provide clues to a person's password recovery answers, experts point out. "And yet people still do dumb things: they give honest answers to security questions," Emick said. Chris K. Ridder, a San Francisco-based attorney and former resident fellow at Stanford Law School's Center for Internet and Society, said, "People might want to think more about their password reset questions. You don't put the real name of your cat in there, if you're going to find that on Facebook."
Elsewhere in the world, oppressive governments might be manipulating the Web to influence voting outcomes, as was probably the case in Russia where alleged Kremlin-sponsored denial of service attacks interfered with independent news and election monitoring websites.
Unlike government agencies, some campaign groups do not have the resources or know-how to prepare for data breaches. "Training your people to resist social engineering is a really good investment," Ridder said. "All you need is one person who is convinced by whoever is requesting the personal information."
Once information is compromised, it can be difficult to identify intruders, let alone prosecute them. Only a handful of hacktivists have been arrested and some culprits are not afraid of going to jail, said a former federal official who asked to remain anonymous. For every one or two criminals the government is catching, there are probably dozens slipping through the cracks, he said.
"In any cat and mouse game you're going to be playing a little bit of catch-up," former Justice Department computer crime investigator Mark Rasch said. "You can't just throw technology at the problem. You can't just say we need more people . . . you have to think like a hacker."
Nathan J. Hochman, a former assistant attorney general for Justice's tax division, said, "the fact that someone can get punished six months later might not be a deterrent when they can disrupt an election." Hochman, now partner at law firm Bingham McCutchen LLP, suggested campaign organizers devise a plan for how they will notify supporters and volunteers if there is a data breach or a viral spread of disinformation.
Campaign officials for Republican presidential front-runners Mitt Romney, Newt Gingrich and Michele Bachmann, as well as President Obama, did not respond to inquiries. The deputy press secretary for Texas governor and presidential hopeful Rick Perry said, "We don't discuss our internal security procedures."
"If I was running for president, I would delete my Gmail account," Ridder said (NextGov, 2011).
Anonymous Declares Cyber War On Congress Over Indefinite Detention Act
Date: December 16, 2011
Source: Russia Today
Abstract: Hacktivists are continuing their mission to take on politicians causing the collapse of constitutional rights in America, with operatives from the online collective Anonymous keeping up a campaign against the signers of controversial legislation.
As RT reported on Thursday, members of Anonymous began a campaign this week to expose information on the lawmakers who voted in favor of the National Defense Authorization Act for Fiscal Year 2012, a bill that will allow for the indefinite detention of American citizens, the reinstating of torture methods and the creation of the United States as a battlefield. Despite the implications of the act, the Senate allowed for the bill to leave Capitol Hill on Thursday, leaving only the inking of President Barack Obama’s name as the final step for ratification.
President Obama had earlier insisted on vetoing the bill, but the White House retracted that statement in the days before it cleared Congress. Before the final draft left the Senate yesterday, Sen. Carl Levin asked that a statement from the administration be added to the record in which the president’s press secretary, Jay Carney, said that the president will not be advised to strike down the bill.
On Thursday, Anonymous hacktivists launched a campaign against Senator Robert Portman, a Republican from Ohio. Not only did Portland vote in favor of NDAA FY2012, he received $272,853 from special interest groups that also backed the bill.
“Robert J. Portman, we plan to make an example of you,” an Anonymous operative posted to the Internet on Thursday. Along with the warning was personal information pertaining to the senator, including his home address and phone number.
On Friday, Anonymous says that this is just the beginning of the campaign against those that are creating the collapse of the US Constitution. With NDAA FY2012 almost guaranteed to be approved by Obama any moment, a second piece of legislation, the Stop Online Piracy Act, is close to clearing a Congressional committee. Should that bill be brought before the president and signed into law as well, Internet access and content across America and the world will become largely censored.
“We've been watching you systematically destroy the rights of your own people, one law at a time. No longer shall we stand by and watch you enslave our fellow citizens,” writes an Anonymous operative in an open letter to Congress posted Friday. “You have continued down this path of treason by creating acts such as the National Defense Authorization Act, Stop Online Piracy Act, Protect IP Act, and more. You've tried to conceal the true purpose of these bills, and pass them without the consent of the American people.”
As a result of the recent legislation which has managed to make its way through Congress, Anonymous operatives write on Friday, “We are now here to undo your sordid life's work in its entirety. No longer will your transgressions go unnoticed. No longer will you enslave the people. The world will know of your violations against the rights of the citizens you were elected to represent.”
In the memo from the hacktivists, they include a copy of the Bill of Rights, the first ten amendments to the US Constitution that have been crushed in-part by the latest congressional meetings. “Every time you violate these amendments we will ensure the people are aware of your actions,” says Anonymous. “You may have previously succeeded in concealing your actions, but that time has come to an end. You were elected by us, and you can be removed by us.”
Anonymous members are using the trending topic #OpAccountable on Twitter to spread the campaign against the congressman involved in the legislation. On Friday, one hacktivist tweeted that the topic is even being used by known members of the Tea Party movement.
show this year’s outrage is far stretching," adds the
operative (Russia Today, 2011).
Title: Proposed Hacker Satellite System Would Fight Web Censorship
Date: January 1, 2012
Abstract: "Hackers in Space" sounds like a bad TV movie, but if the group behind the Hackerspace Global Grid (HGG) reach their goal, it could be a reality by the time we ring in 2034.
As first reported by the BBC, the HGG wants to send their own satellites into orbit, which will be open and free from Internet censorship.
The trio behind HGG—Germany-based Armin Bauer, Andreas Horning, and a hacker known as hadez—started work on the project after an August gathering of the Chaos Computer Club called on attendees to create a "Hacker Space Program" that would put a hacker on the Moon within 23 years.
"HGG's aim is to provide the core infrastructure required along the way. We want to understand, build and make available satellite-based communication for the hackerspace community and all of mankind," HGG said on its Web site.
At this point, however, that effort is still in the very early planning stages. The group has teamed up with the Constellation project, a platform for aerospace-related projects that need intensive computational power, but beyond that, organizers are currently in data-gathering mode.
"The first step is establishing a means of accurate synchronization for the distributed network," HGG said. "Next up are building various receiver modules (ADS-B, amateur satellites, etc) and data processing of received signals. A communication/control channel (read: sending data) is a future possibility but there are no fixed plans on how this could be implemented yet."
The group also has a list of open tasks for those who want to participate.
In talking with the BBC, Bauer noted that the pending Stop Online Piracy Act (SOPA) in the United States is one of the reasons a network like HGG is needed, but the group's FAQ insists it does not have political leanings.
"Despite various media suggesting we might be anything from anarchists to subversive evil hackers we're far from all that," HGG said. "What we are is a bunch of tech-savvy folks who identified a problem and are eager to fix it. We're interested in the technological aspects of all things communication. So please, do not read too much into it, especially leave us alone with your futile attempts of assigning us a political label. We're a representative slice of humankind."
Nonetheless, the creation of an "uncensorable Internet" is "one of the possible goals on the horizon," HGG said, but "we're not yet in a technical position to discuss details."
HGG said it will initially use global positioning data, which is controlled by the U.S. government. But that "is just one source for time and position data we're planning on using," the group said. "Others will include Galileo, GLONASS, ground-based surveying and more. We're simply starting off with GPS because it's simple and ubiquitously available at reasonable prices."
As to whether their efforts will run afoul of any particular laws, HGG said it in not yet in a position to be sending signals, but once it is "we do have HAM radio operators on board who have the required knowledge and education to know what is allowed."
HGG also acknowledged that there might be other groups working on a similar project, and urged collaboration to reach their goals faster.
HGG was not overly concerned about bandwidth constraints because the effort will be about sending messages not watching YouTube videos or downloading movies. "Think Twitter updates, not streaming video," HGG said.
The news, meanwhile, comes several days after China flipped the switch on a satellite navigation system that will provide initial positioning, navigation, and timing operational services to China and the surrounding region. The Beidou Navigation Satellite System is intended to replace China's reliance on the U.S. Global Positioning System (GPS) (PCMag, 2012).
Terror: Potential Flashpoints In 2012
Date: January 4, 2012
Abstract: With much of the Middle East in flux, suspicions intensifying over Iran's nuclear ambitions, a deepening political crisis in Pakistan, and the escalation of jihadist violence in Nigeria there are plenty of potential flashpoints in the year ahead. There is a distinction between localised conflicts that are largely contained within borders and the kind of global, transnational terrorism that produced events such as 9/11, the Madrid bombings and, in the eyes of many, destructive military ventures like the US-led invasion of Iraq.
Computers belonging to government institutions, commercial organisations and private individuals are coming under constant cyber attack, according to GCHQ, the government's secret communications HQ in Cheltenham. Attacks range from commercial espionage to stealing credit card details to trying to hack into military secrets. To head off the possibility of a catastrophic cyber attack on Britain's infrastructure, the government is investing heavily in protective measures, fighting what it calls "a constant arms race in cyber space" (BBC, 2012).
Obama Defense Plan Details Heightened Global Cyber Danger
Date: January 9, 2012
Source: Computer World
Abstract: US president Barack Obama has spoken of the drastically heightened cyber threat facing nations around the world, as he announced major changes to the American defence strategy.
As he appeared at the Pentagon last week to unveil the new defence strategy, Obama promised to focus closely on improving the technological capabilities of the US armed forces. "We will ensure that our military is agile, flexible and ready for the full range of contingencies," he said.
The US prioritisation of cyber security comes as Israel's deputy foreign minister compared a recent cyber-attack, in which credit card accounts were compromised, to a terrorist act.
The US, in its strategy, said it was stepping up spending on national cyber security, even though it is slashing the overall defence budget and the number of on-the-ground military personnel under the strategy. The cuts in personnel are aimed at achieving $450 billion (£290 billion) in Pentagon savings over the next decade.
The strategy document focused closely on the potentially severe online threats to America.
"Both state and non-state actors possess the capability and intent to conduct cyber espionage and, potentially, cyber attacks on the United States, with possible severe effects on both our military operations and our homeland," said the Sustaining Global Leadership document.
In the document, the Department of Defense warned that "sophisticated adversaries" will use "asymmetric capabilities, to include electronic and cyber warfare, ballistic and cruise missiles, advanced air defenses, mining, and other methods, to complicate our operational calculus".
"Our planning envisages forces that are able to fully deny a capable state's aggressive objectives in one region by conducting a combined arms campaign across all domains – land, air, maritime, space, and cyberspace."
The strategy document also shed light on how highly the Department of Defense also views the importance of establishing a more advanced high tech communications infrastructure for the US forces. "Modern armed forces cannot conduct high-tempo, effective operations without reliable information and communication networks and assured access to cyberspace and space," it said.Secretary of defense, Leon Panetta, said that even though the US is cutting its overall defence budget, "we will protect, and in some cases increase, our investments in special operations forces, in new technologies like ISR and unmanned systems, in space - and, in particular, in cyberspace" (Computer World, 2012).
Warns Of New Zeus Malware Variant, Gameover
Date: January 9, 2012
Source: Computer World
Abstract: So long as people click on unsolicited attachments in email, scammers will invent new ways to take their money, identities and more.
The FBI today issued a warning on one such new Internet blight called "Gameover," which, once ensconced on your PC, can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions.
The FBI said it has seen an increase in the use of Gameover, which is an email phishing scheme that invokes the names of prominent government financial institutions, including the National Automated Clearing House Association (NACHA), the Federal Reserve Bank or the Federal Deposit Insurance Corporation (FDIC).
The FBI says Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.
Here's how the FBI
describes the scam: "Typically, you receive an unsolicited email from
NACHA, the Federal Reserve or the FDIC telling you that there's a problem with
your bank account or a recent ACH transaction. ACH stands for Automated
Clearing House, a network for a wide variety of financial transactions in the
"The sender has included a link in the email for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you're there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information.
"After the perpetrators access your account, they conduct what's called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution's server with traffic in an effort to deny legitimate users access to the site, probably in an attempt to deflect attention from what the bad guys are doing."
The FBI went on to say some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high end jewellery shops."The criminals contact these jewellery stores, tell them what they'd like to buy, and promise they will wire the money the next day. So the next day, a person involved in the money laundering aspect of the crime, called a 'money mule', comes into the store to pick up the merchandise. After verifying that the money is in the store's account, the jewellery is turned over to the mule, who then gives the items to the organisers of the scheme or converts them for cash and uses money transfer services to launder the funds" (Computer World, 2012).
Title: Cyber Attacks Now Fourth Biggest Threat To Global Stability, Says World Economic Forum
Date: January 12, 2012
Source: Daily Mail
Abstract: A report from the World Economic Forum (WEF) shows cyber attacks on governments and businesses are considered to be one of the top five risks in the world.
The report, Global Risks for 2012, examined 50 global risks in the areas of the economy and the environment and in geopolitics, society and technology, and was based on interviews with more than 460 experts from industry, government and specialist areas.
The international organisation concluded from its research that fourth on the list of Top 5 Global Risks in terms of likelihood is cyber attacks.
'Severe income disparity' was at number one, second-placed was 'chronic fiscal imbalances' and concern about rising greenhouse gas emissions was third-placed. Fifth on the list was 'water supply crises'.
Experts said they were most afraid of cyber attacks that might spark malfunctions in power plants, water supplies and other critical systems, but added that the likelihood of this was still relatively low.
Steve Wilson, chief risk officer for general insurance at Zurich, who contributed to the report, said the biggest concern for the WEF was the complexity of internet security.
The report, which aims to look at the next 10 years in terms of risk, points out that due to the speed of technological developments, it is difficult to keep up with security.
The WEF dossier says: 'A healthy digital space is needed to ensure stability in the world economy and balance of power' and calls for investment into the exploration of digital vulnerabilities.
The UK government has already made a start in this area with its Cyber Security Strategy published at the end of 2011.
The strategy announced on 25 November 2011, outlined how the government intends to spend £650m earmarked for cyber security and introduced a Cyber Crime Unit, which the government wants to be set up by 2013.
The document sets out plans for greater information sharing between government and private sector on threats and the creation of 'an easy-to-use single point for reporting cyber fraud' to encourage victims to report crime more readily.
Although technological concerns is in the Top 5 most likely risks this year for the first time since 2007, experts are still most worried about the ongoing financial crises around the world.
With severe income disparity topping of the list, the report says: 'There is a sense of receding hope for future prospects...discontent is exacerbated by the starkness of income disparities: the poorest half of the global population owns barely 1 per cent of the global wealth, while the world’s top 1 per cent owns close to half of the world’s assets.'
Gallup data from 2011 reveals that, globally, people believe living standards are falling and express diminishing confidence in the ability of their government to reverse the trend (Daily Mail, 2012).
Title: For Facebook 'Hacker Way' Is Way Of Life
Date: February 4, 2012
Source: USA Today
Abstract: Facebook's billionaire CEO Mark Zuckerberg calls himself a "hacker".
For most people, that word means something malicious — shady criminals who listen in on private voicemails, or anonymous villains who cripple websites and break into e-mail accounts.
For Facebook, though, "hacker" means something different. It's an ideal that permeates the company's culture. It explains the push to try new ideas (even if they fail), and to promote new products quickly (even if they're imperfect). The hacker approach has made Facebook one of the world's most valuable Internet companies.
Hackers "believe that something can always be better, and that nothing is ever complete," Zuckerberg explains. "They just have to go fix it — often in the face of people who say it's impossible or are content with the status quo."
Zuckerberg penned those words in a 479-word essay called "The Hacker Way", which he included in the document the company filed with government regulators about its plans for an initial public offering. The company is seeking $5 billion from investors in a deal that could value Facebook at as much as $100 billion.
The 27-year-old, who has a $28.4 billion stake in the stock deal, uses the H-word 12 times in the essay; "shareholder" appears just once. Should Zuckerberg have left those references out of his IPO manifesto, knowing full-well it could scare off potential investors? He could easily have described Facebook as "nimble" or "agile" instead.
"Symbolically, it doesn't bode well to Facebook and to potential investors," says Robert D'Ovidio, an associate professor of criminal justice at Drexel University in Philadelphia who studies computer crime. "I think it shows maybe an immaturity on his part. He should definitely know better."
By using the word, Zuckerberg is also trying to reclaim it. To him, Steve Jobs and the founders of many of the world's biggest technology companies were hackers.
"The word 'hacker' has an unfairly negative connotation from being portrayed in the media as people who break into computers," Zuckerberg writes. "In reality, hacking just means building something quickly or testing the boundaries of what can be done."
To be fair, the meaning has become complicated. Bad hackers destroy things with evil intentions. They break into the voicemails of crime victims and celebrities in search of a hot news story. They breach security systems to steal credit card data. Just this week, members of the loose-knit group Anonymous hacked into law enforcement websites around the world and gained access to information about government informants and other sensitive information.
Good hackers break things, too, sometimes. But they do it in the name of innovation. They call themselves "white hat" hackers to counter the criminal "black hats." Often, they're hired to expose security vulnerabilities at big corporations. Kevin Mitnick, who was convicted and sent to prison in the 1990s for computer hacking, now works as a security consultant. It's the flip side of his past life, when he spent years stealing secrets from some of the world's largest corporations.
"I break into computers to find holes before the bad guys do," he says.
To Mitnick, Zuckerberg's "Hacker Way" is about finding clever ways to fix problems. It can also mean identifying a new use for something old.
Nathan Hamblen, who works for the website Meetup.com, says the best hacks are those that do something unexpected, something surprising that no one else has thought of.
The term "hacking" dates back more than half a century, when geeks at the Massachusetts Institute of Technology were tweaking telephone systems and computers.
The small community of hackers in the 1950s and '60s judged one another on their creative and technical abilities, and wore the term as a badge of honor, says Levy, in much the same way that Zuckerberg does today.
"They were the ones who did what you weren't supposed to do on a computer," Levy explains.
Some were pranksters, too. In the 1970s, before they founded Apple, Steve Jobs and his buddy Steve Wozniak figured out how to break into telephone systems and make free phone calls. In one infamous prank, the two Steves dialed up the Vatican to find out who would pick up.
"Wozniak pretended to be Henry Kissinger wanting to speak to the pope. 'Ve are at de summit meeting in Moscow, and we need to talk to the pope,' Woz intoned. He was told that it was 5:30 a.m. and the pope was sleeping," writes Walter Isaacson in his recent biography of Jobs.
It wasn't until the 1980s and '90s that hacking took a bad turn. Some blame Robert Morris, a computer science student who discovered a vulnerability in the Internet's inner workings and unleashed the world's first computer worm in 1988.
"He essentially brought the Internet to a grinding halt," says D'Ovidio, the criminal justice professor. Morris was the first person charged under the federal Computer Fraud and Abuse Act that had been enacted two years earlier.
Then came movies like 1983's "War Games," which also fueled the public's fear of hacking. In the film, a hacker unwittingly comes close to starting the next World War, thinking it's all a computer game.
"It happened because of Hollywood and because there was no other word out there," says Andrew Howard, 28, a research scientist at the Georgia Tech Research Institute. "Hacker is a cool word, right? It's a neat-sounding word."
The '80s and '90s were also a time when computers spread from geek circles to office cubicles and home desktops. They were becoming mainstream. But they were still mysterious to most people. They wondered: "How do they work? Is someone going to break into them?"
Zuckerberg's hacker manifesto is a nod to Levy, who codified "The Hacker Ethic" in his book about the subculture. Among the principles: "Hackers should be judged by their hacking" and "Always yield to the hands-on imperative."
The hands-on imperative is important to Facebook. Zuckerberg still spends hours writing computer code, even though he has hired hundreds of engineers.
That ethos helped Zuckerberg's social network to prosper. As the once mighty MySpace stopped innovating, its users flocked to the cleaner, crisper, always-changing Facebook. News Corp. gave up on MySpace and sold it for $35 million last June. Meanwhile, Facebook's user base ballooned to 845 million, even as the website has gone through changes and redesigns that have angered members and privacy advocates.
Zuckerberg and others may yet be able to clean up the term. Meetup's Hamblen thinks it's already happening.
"People aren't as afraid of technology, which was driving the fear of hackers," he says. "It was someone doing something with software that you don't understand. As people become more comfortable with technology in general, then hacking becomes a way of seeing it as using it in a clever way."
Technology companies, from the tiniest startups to those such as Facebook and online game maker Zynga, take the hacker ethic to heart. They host regular "hackathons," where engineers pull caffeine-fueled all-nighters writing computer code, usually working together on projects that are not part of their day-to-day jobs. Some of Facebook's biggest features, including chat, video and the new Timeline, came out of these hackathons, as Zuckerberg explained in the filing.
"Hackers believe that the best idea and implementation should always win — not the person who is best at lobbying for an idea or the person who manages the most people," he writes.
This is the ethic that can lift fresh-faced college grads (or dropouts) to the highest echelons of the technology elite, or at least to a good job.
Cadir Lee, the chief technology officer at Zynga, the company behind the biggest games on Facebook, says he "absolutely" refers to himself as a hacker. Lee says, at Zynga the hacker way means being agile. It's not the end of the world, say, if a game isn't perfect when players first see it, or if it has a bug that needs to be fixed. Think of it as live TV, Lee suggests.
"The charm of 'Saturday Night Live' is that every once in a while you see a boom mic, or they forget their
lines or crack up," says Lee. "But it's better to get something out
there and entertain than to not have any show" (USA Today, 2012).
Cyber Security Skills Are 'Wholly Inadequate', Says Former Security Minister
Date: February 7, 2012
Source: Computer World
Abstract: The UK needs to significantly bolster its cyber security skills to fight against cyber threats, according to former security minister Baroness Pauline Neville-Jones.
Neville-Jones, who is now the government's Special Representative to Business on Cyber Security, said that a lack of skills will hinder the UK's future ability to tackle the challenges of cyber crime.
"[The UK cyber security skills base] is wholly inadequate," Neville-Jones said in a lecture at the Global Strategy Forum in London yesterday.
"[Education minister] Michael Gove has rightly, in my opinion, just swept away the existing ICT course. We need to revert to teaching programming [and to] create a perception of a career in this area. We need to have British graduates in our universities, not just Chinese."
The private sector, academics and professional organisations all have a role to play in constructing the necessary education courses and raising the profile of cyber security careers, Neville-Jones added.
She believes that in government, particularly, security is regarded more as a cost than an enabler.
"Part of the problem is that cyber security skills are not recognised. Cyber security ought to be a module that everyone takes at business school," she said.
But making cyber security an issue that businesses should take seriously is also difficult, Neville-Jones has admitted.
Private companies need to have a statement on their cyber security strategy in their financial reports, she said. However, despite the government's efforts to get cyber security onto the agenda of UK boardrooms, many still think it is too technical.
"The Financial Reporting Council and professional organisations ought to give guidance and obligations to their companies," Neville-Jones said.
The private sector would also benefit from sharing more information on cyber attacks and threats, she said.
"If they don't do that, the likelihood of being tripped up by the supply chain is just as [high]. The two-part attack – a decoy and a real attack – is becoming more common.
"Do not think that it is in the long-term interest of the industry to be coy with each other,"Neville-Jones warned.
In November, the government announced a pilot of a cyber security 'hub' that enables public and private sectors to exchange information on cyber threats. This was one of the key announcements of the UK's Cyber Security Strategy.A joint public/private sector 'hub' will pool government and private threat information and pass that out to 'nodes' in key business sectors, helping them identify what needs to be done and providing a framework for sharing best practice," the government said in its strategy (Computer World, 2012).
Cyber Strategy Implementation 'Too Slow', Says Former Security Minister
Date: February 8, 2012
Source: Computer World
Abstract: The UK government needs to set out a clear timetable for the implementation of its cyber security strategy, former security minister Baroness Pauline-Neville Jones has said.
Neville-Jones, who is now the government's Special Representative to Business on Cyber Security, said that since the government is only starting to implement the policies of the strategy, significant progress will not be seen another 18 months.
"The Cabinet Office does need to plot some metrics, have a timetable and an independent audit. We need much more momentum behind this," she told the Global Strategy Forum in London earlier this week.
The government's lack of a framework for its cyber security strategy implementation has been previously highlighted as an area of concern by BCS, The Chartered Institute for IT and (ICS)2, the global membership body of information security professionals.
In its National Security Strategy in 2010, the government classed cyber security as a top priority for the country. It earmarked £650 million over four years to support the National Cyber Security Programme, and published its cyber security strategy last November.
Neville-Jones reiterated her view that the £650 million funding was just a "first move", and that the implementation of the strategy will go beyond what can be achieved in the same parliament.
"There's going to be much more resource and energy – money, physical and intellectual," she said.
Cyber attacks in its many various forms have been described as major threats to the UK. However, Neville-Jones believes some threats are more urgent than others.
Cyber attacks with a criminal and fraudulent intent behind them are widespread, and need dealing with in the short-term. Whereas the threat of a cyber cold war, or cyber terrorism, for example, are "not centre stage", she said.
"Cyber cold war is a long range issue [and] I think the notion that terrorists are going to invest in a [distributed] denial of service (DDOS) attack as a route to causing trouble to their enemies is rather [less likely] than building a bomb to kill people. Denial of service does not kill people," said Neville-Jones.
"My belief is the urgent issue is to make our own systems secure. That's the absolute, urgent activity we need to do."
Meanwhile, although Neville-Jones admitted that the main consequence of 'hactivism' – as demonstrated by Anonymous – has so far only been reputational damage, rather than capital loss, she believed that it was still a real threat."I don't think it's an amusing activity," she said (Computer World, 2012).
Title: Anonymous Vows ‘Crusade’ Against Israel
Date: February 11, 2012
Abstract: Online collective Anonymous has pledged a “crusade” against Israel. Claiming the country is committing “crimes against humanity” and gearing for “nuclear holocaust”, the group promised a campaign against the Israeli government.
In their statement issued early on Friday, Anonymous accused Israeli leaders of creating false democracy, serving the interests of a “select few” while “trampling the liberties of the masses.” The group said that Israel manipulates public opinion with a combination of “media deception” and “political bribery”.
Addressing the Israeli leaders, Anonymous stated that their “Zionist bigotry” is to blame for killings and displacements, adding that “as the world weeps” they are planning their “next attack”. The group pledged not to allow the attack to happen.
"You label all who refuse to comply with your superstitious demands as anti-Semitic and have taken steps to ensure a nuclear holocaust,” said the Anonymous. “We will not allow you to attack a sovereign country based upon a campaign of lies."
The group promised a three-step campaign against the current government of the country.
These will include “systematically” removing it from the internet and turning Israel into a free state, the third step remaining undisclosed.
However, in announcing the news, Israeli daily Haaretz comforted its readers by saying that the group is far from putting all of its threats into reality. The group previously threatened to attack the Knesset’s website but failed to fulfill the promise.
BBC: Let’s Kill the Internet And Start Over
Date: February 18, 2012
Source: Prison Planet
Abstract: Viewpoint: The internet is broken – we need to start over … Last year, the level and ferocity of cyber-attacks on the internet reached such a horrendous level that some are now thinking the unthinkable: to let the internet wither on the vine and start up a new more robust one instead. On being asked if we should start again, many – maybe most – immediately argue that the internet is such an integral part of our social and economic fabric that even considering a change in its fundamental structure is inconceivable and rather frivolous. I was one of those. However, recently the evidence suggests that our efforts to secure the internet are becoming less and less effective, and so the idea of a radical alternative suddenly starts to look less laughable. – BBC/ Prof Alan Woodward, Department of Computing, University of Surrey
Dominant Social Theme: Look, can we talk? The Internet is paedophiles’ best friend and a virus manufacturer besides. If we get rid of it, we’ll all be a lot safer. And especially the children. Good Lord, the children! The children!
Free-Market Analysis: It is clear to us by now that the Anglosphere power elite is increasingly desperate to shut down the Internet any way it can. This article posted at the BBC (whether or not the author understands he’s been enlisted on behalf of a larger Western elite agenda) is a good example of a sub dominant social theme within the context of this aim.
The power elite wants to run the world, and what we call the Internet Reformation has badly dented their plans. How does one run a secret, super-duper conspiracy to create a New World Order when one’s every move is plastered on the Internet the very next day?
It’s next to impossible. The elites have invested heavily in making their global operations “user friendly.” They’ve tried to pretend that increasingly authoritarian Western governments and global facilities such as the IMF and UN have agendas that are entirely supportive of human rights and individual prosperity.
Nothing could be further from the truth. What the Internet has shown us with increasing clarity over this past decade is that Western banking elites and their enablers and associates will stop at nothing in their quest for ultimate power.
They wish for one-world government (the UN), a one-world military (NATO), a one-world court (the recently formed Soros-sponsored International Criminal Court), a one-world central bank (the IMF), etc.
The exposure of the elite’s goals and its methodologies – its dependence on the corrupt counterfeiting practices of central banks for the trillion-dollar torrents of capital necessary to build world government – has led to an upswell of indignation and scrutiny around the world.
As a result, many of the elite’s dominant social themes are beginning to founder and fail. The elites had high hopes apparently for installing a carbon currency around the world based on the fraudulent message of global warming. But the Internet helped reveal emails that exposed the fraud.
The so-called war on terror has long been revealed to be both fraudulent and unpopular. Creating a so-called long war to generate the kind of chaos that is necessary to move the world toward global governance is perhaps a good idea from an elite standpoint … but not one that has worked out well.
As elite memes have degraded, the attacks on the Internet have stepped up. This article from the BBC is a good example of the kind of spurious justifications that are now being put forward to create a groundswell of support for the removal of a (somewhat) free and independent Internet.
We need to understand the root of the problem. In essence, the internet was never intended to be a secure network. The concept was developed by the Defense Advanced Research Projects Agency (Darpa) as a means of allowing a distributed computer system to survive a nuclear attack on the US. Those who designed the Internet Protocol (IP) did not expect that someone might try to intercept or manipulate information sent across it.
As we expanded our use of the internet from large, centralised computers to personal computers and mobile devices, its underlying technology stayed the same. The internet is no longer a single entity but a collection of ‘things’ unified by only one item – IP – which is now so pervasive that it is used to connect devices as wide-ranging as cars and medical devices …
While not a popular view, I think that the current internet can only survive if adequate global governance is applied and that single, secure technology is mandated. This is obviously fraught with the much rehashed arguments about control of the internet, free speech, and so on. Then there is the Herculean task of achieving international agreement and a recognised and empowered governance body …
I think the answer lies somewhere in the middle. We can have areas of the internet that are governed by a global body and run on technologies which are inherently secure, and we can have areas which are known to be uncontrolled. They can coexist using the same physical networks, personal computers and user interface to access both but they would be clearly segregated such that a user would have to make a clear choice to leave the default safe zone and enter what has been described as “the seediest place on the planet”.
This article is composed within the parameters of a typical elite dominant social theme. These are the promotional memes that the elites use to create ever-more authoritarian government. The idea is to frighten people into giving up control to specially prepared globalist entities.
In this case, the Internet itself is presented as a scary place, “the seediest place on the planet.” It is not, of course. It is, at root, simply a collection of electrons, and most of the abuses of privacy are likely taking place at the behest of Western intelligence agencies.
This is the part of the story that Dr. Woodward leaves out. Whether it is Facebook, Google, YouTube or Yahoo, US, European and British Intel agencies have apparently penetrated every part of these electronic facilities and are aggressively (and usually illegally) mining personal data from them.
One could make the argument, in fact, that without the intelligence abuses, the Internet would not have nearly so many difficulties. The chances are that many of its vulnerabilities were put in place by the very agencies that now claim the Internet is an unsafe place.
How the Internet’s electrons came to be characterized as “unsafe” is a puzzle we will leave to future historians. But what is more certain to us is that the Internet Reformation is beginning to have a significant impact on the elites and their plans for a New World Order.
Articles like this one, when combined with recent US legislation aimed at shutting down the current Internet using the tool of copyright violations, begin to provide us with a sense of the panic that the elites must be currently feeling about the exposure of their activities.Conclusion: It also seems to confirm our hunch that the Internet was not some sort of elite plot to impose technological dominance on people but a Hayekian example of spontaneous social order. The old men who must run the affairs of the Anglosphere elites apparently didn’t see it coming and still have no idea what to do about it (Prison Planet, 2012).
Title: Alert On Hacker Power Play
Date: February 21, 2012
Abstract: The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.
Gen. Keith Alexander, the director, provided his assessment in meetings
at the White House and in other private sessions, according to people familiar
with the gatherings. While he hasn't publicly expressed his concerns about the
potential for Anonymous to disrupt power supplies, he has warned publicly about
an emerging ability by cyberattackers to disable or even damage computer
Gen. Alexander's warning signals a growing federal concern over the capabilities of Anonymous, a loose affiliation of so-called hacktivist computer programmers who have launched a raft of high-profile cyberassaults against U.S. government and corporate targets such as Visa Inc., MasterCard Inc. and eBayInc.'s PayPal service.
At Risk From Terrorists, Rogue Nations, And $50 Jammers, Expert Warns
Date: February 23, 2012
Source: Fox News
Abstract: The Global Positioning System guides our ships at sea. It’s the centerpiece of the new next-gen air traffic control system. It even timestamps the millions of financial transactions made across the world each and every day.
And it's at extreme risk from criminals, terrorist organizations and rogue states -- and even someone with a rudimentary GPS jammer that can be bought on the Internet for 50 bucks, said Todd Humphreys, an expert on GPS with the University of Texas.
“If you’re a rogue nation, or a terrorist network and you’d like to cause some large scale damage -- perhaps not an explosion but more an economic attack against the United States -- this is the kind of area that you might see as a soft spot,” he told Fox News.
Humphreys was the keynote speaker at a conference of world experts organized by the UK - ICT Knowledge Transfer Network in London yesterday. His predictions for what lies ahead with this emerging threat were dire.
For example, in 2010, UK researchers aimed a low-level GPS jammer at test ships in the English channel. The results were stunning: Ships that veered off course without the crew’s knowledge. False information passed to other ships about their positions, increasing the likelihood of a collision. The communications systems stopped working, meaning the crew couldn’t contact the Coast Guard. And the emergency service system -- used to guide rescuers -- completely failed.
Then, there’s the incident with the U.S. drone lost over Iran. Humphreys believes that by using simple jamming technology, Iranian authorities confused the ultra-sophisticated RQ-170 spy drone to the point that it went into landing mode. The drone’s Achilles heel? It had a civilian GPS system -- not a military-grade encrypted model. It didn’t take much to blind it and force it down.
Another level of rapidly-emerging threat is so-called “spoofing." Unlike a jammer, which blocks or scrambles GPS signals, a “spoofer” mimics information coming from a satellite. It can make an aircraft, ship or other GPS-guided device think it’s somewhere that it’s not.
Humphreys says organized crime is already attempting to exploit the possibilities. Gangs could hijack a container truck full of high value goods, and through spoofing, make its owner think it’s on its way to the intended delivery point -- instead of to the gang’s warehouse.
“The civil GPS signal's completely open and vulnerable to a spoofing attack, because they have no authentication and no encryption," Humpheys told Fox News. "It’s almost trivial to mimic those signals to imitate them and fool a GPS receiver into tracking your signals instead of the authentic ones.”
Hijacking a cargo container is one thing. Spoofing the global financial system is quite another. In his London presentation, Humphreys warned about another emerging GPS threat -- the worldwide network of stock and commodity trades.
Every trade is time-stamped using GPS clocks. Computer programs monitor those time stamps down to the millisecond. If something seems amiss, many programs are designed to pull out of the market. Humphreys says a hacker could fairly easily interfere with those time stamps, triggering trading programs, creating a sudden liquidity crisis and potentially a mini market crash.
Then, there’s the high-dollar reward of manipulating time. An unscrupulous trader -- or criminal organization could make millions by delaying time even by a heartbeat.
“You’re able to match the prices between the networks in a way that’s different from everyone else in the world,” Humphreys said. “Everyone else in the world might be 20 milliseconds off and you happen to know the actual timing. And so you’re able to buy low in one market and sell high in another market.”
The system is so vulnerable to attack because signals coming from the network of GPS satellites orbiting the earth are very weak. They’re about 12,000 miles away. It doesn’t take much to disrupt them.
A landmark study in the UK published Wednesday, Feb. 22, found GPS jammers in widespread use on that nation’s highways. While it has not yet been studied in the U.S., it’s believed an equal or greater problem exists in America.
The devices are illegal in the States, yet they are readily available over the Internet for as little as $50. People use them to avoid tolls, evade a snooping spouse, or use a company vehicle for something other than its intended purpose. And that sometimes has unintended consequences.
Recently, the new GPS landing system at Newark airport, just outside New York City, was crashing several times a week, forcing airliners to switch to a backup system. Airport officials were baffled. It turns out some fellow was moonlighting in a GPS-tracked company van. He was using a jammer to obscure his movements. Every time he drove by Newark airport, he took down the landing system.
As much as GPS jammers or spoofers can cause havoc to multiple systems, Humphreys sees a conflict between the growing integration of GPS technology and our personal lives.
He says devices that interfere with GPS might actually have a legitimate use: Protecting a person’s privacy.“People have a right to be private in their lives,” he said. “But with GPS tracking devices the size of a small dot being able to place them surreptitiously on your friends -- they’re going to want to resort to some sort of jamming or spoofing as a defense against that kind of invasion of privacy” (Fox News, 2012).
Title: FBI: Cyber Attacks – America’s Top Terror Threat
Date: March 2, 2012
Abstract: Organized cyber crime is replacing terrorism as the number one threat to the American nation, says the FBI chief. The bureau is preparing to battle internet-based aggressors with recently created cyber-squads policing the web.
The Cyber Crime section of the FBI website pledges that the bureau is ready to defend America from the cyber space threat. This vow, however, did not help much when the bureau’s website went down after a massive attack by Anonymous hacktivists on January 20.
Over the last few months, the Anonymous hacker community attacked the websites of the White House, CIA, FBI, Department of Justice, US Department of Homeland Security, Universal Music Group, Recording Industry Association of America (RIAA) and Motion Picture Association of America.
Just as the internet is not a boys’ toy anymore, hackers are no longer boys, either. Nowadays, previously “isolated hackers have joined forces to form criminal syndicates," FBI boss Robert Mueller said at the RSA security conference in San Francisco on Thursday. These syndicates are often international, so this poses additional difficulties because it takes close work with foreign security agencies to achieve a result in the material world, while the internet knows neither borders nor boundaries, Mueller explained.
"We are losing money, we are losing data, we are losing ideas," he added. "Together we must find a way to stop the bleeding."
Back in June 2011 the Obama administration was pressuring Congress to double the punishment for those found guilty of compromising national security. The new legislation proposed a 20-year prison sentence for breaking into a US government computer.
In January, the FBI director told the Senate Select Committee on Intelligence that the agency’s top priority is still counterterrorism, but the cyber threat will take the lead in the foreseeable future.
“Traditional” terrorist organizations like Al Qaeda are very active over the web, too, Mueller acknowledged.
Terrorists find the internet handy for recruiting new members and encouraging extremism.
Mueller had to admit to security experts that flocked to the conference that no company or organization could be immune to cyber threats.
And as the roll of spoils of the cyber war grows longer, America’s top cop has to head for help to private sector cyber security experts.
Mueller shared his hope that high-tech companies could give the authorities a hand, because sometimes private sector security experts see threats just as they emerge. Only joint efforts by police, intelligence and private companies are capable of combating cyber attacks, he said.
“We must use our connectivity to stop those who seek to do us harm,” he said.
This change of rhetoric from US law enforcement was expected. The FBI is already using the branded “cyber-based terrorism” term, so the shift of efforts from “just terrorism” to “cyber terrorism” will be a smooth one (RT, 2012).
Title: NASA Concerned About Cyber Attacks
Date: March 5, 2012
Source: USA Today
Abstract: It sounds like the plot of a campy science fiction flick: Thieves steal a laptop containing the codes used to command and control the International Space Station.
The International Space Station in a July 2011 photo. Thieves stole a laptop containing codes used to control the space station in March 2011.
Except it happened.
The March 2011 theft of the unencrypted computer was one of 5,408 cybersecurity incidents — many foreign-based — the space agency reported during the past two years, according to NASA Inspector General Paul Martin.
The incidents, which include the installation of malicious software and unauthorized access to NASA systems, have caused disruptions and cost taxpayers millions in missing equipment and repairs.
Some cases are clearly more serious than others, such as the theft of space station algorithms, though there's nothing to indicate the ISS was affected in any meaningful way.
"The threat to NASA's information security is persistent and ever-changing," warned Rep. Paul Braun, R-Ga., who chairs a House Science, Space and Technology subcommittee that conducted a hearing on cybersecurity lapses Wednesday. "Unless NASA is able to continuously innovate and adapt, their data systems and operations will continue to be in danger."
These incidents are among those the inspector general's office says have taken place since 2010:
—Terra and Landsat-7, both Earth observation satellites, "have each experienced at least two separate instances of interference apparently consistent with cyberactivities against their command and control systems."
—An unidentified NASA center released to the public 10 surplus computers connected to the space shuttle program that weren't properly sanitized and may have contained sensitive data.
—Intruders stole credentials for more than 150 NASA employees in one cyber attack, while another intrusion provided hackers access to key information and user accounts at the Jet Propulsion Lab in Pasadena, Ca.
—A Texas man pleaded guilty last year to hacking NASA computers, an incident that prevented some 3,000 registered users from accessing oceanographic data collected by the agency.
Martin told the House panel the agency's vulnerability stems from two issues: It's a high-profile target that generates plenty of sought-after data, and it offers potential hackers a wide array of entry points.
NASA manages approximately 3,400 websites — nearly half of all the federal government's non-defense sites — and is home to some 176,000 individual e-mail addresses. Its assets include 550 information systems that control spacecraft, collect and process scientific data, and enable NASA to interact with colleagues and researchers in other agencies and universities around the globe, according to Martin.
"There are many gates to guard," NASA Chief Information Officer Linda Cureton told the House panel.
Sen. Bill Nelson, D-Fla., a member of the Intelligence Committee who rode on the space shuttle, said that while the country's national security computers are protected, he's concerned foreign hackers could infiltrate government computers through a back door provided by NASA or another non-defense agency.
"Of course it's worrisome," he said. "And that's what we're working on."
NASA has made some progress addressing problems Martin and his office have pointed out in the 21 audit reports his office has conducted over the past five years. Of the 69 recommendations the inspector general has made during that period, all but 18 have been fully addressed, officials said.
Martin said only 1% of the agency's laptops and other portable devices have been encrypted to prevent easy deciphering, which he called "very disturbing" given the highly sensitive nature of the information stored on them. More than half of the computers used government-wide are encrypted.
In addition, a risk assessment Cureton's office was supposed to have completed by August 2011 won't be finished until June.
"We are determined to improve NASA's capability to predict, prevent and effectively contain potential IT security incidents," she told lawmakers.
Cureton told the House panel the agency has taken a number of steps, including accelerating encryption of NASA laptops. But she said cybersecurity isn't taken as seriously as it should be because of "culture" issues. And much of the sensitive information is managed not by her office but by mission directorates.
Martin said Cureton's efforts have been hampered because she doesn't control much of the budget devoted to improving cybersecurity.
"As we've all seen in Washington," Martin said, "when you
don't control the funding, you have a difficult time getting folks' full
attention" (USA Today, 2012).
Feels Threatened By China's Cyber Capabilities
Date: March 8, 2012
Source: Computer World
Abstract: China's strengthening cyber capabilities will complicate US efforts to defend itself against industrial espionage and possible military confrontations in places such as Taiwan, according to a new US congressional report released today.
The report was written by defence contractor Northrop Grumman for the US-China Economic and Security Review Commission, which was set up by Congress in 2000.
It paints a grim picture for the US, whose defence and high-tech companies including Google have been successfully breached by suspected China-based hackers.
The US faces risks from attackers who seek to infiltrate the supply chains for electronics such as chips or integrated circuits, which could be modified to intentionally fail, the report said.
"The supply chain for microelectronics and telecommunications-related hardware in particular is extremely diffuse, complex, and globally dispersed, making it difficult for US firms to verify the trust and authenticity of the electronic equipment they purchase," it said.
At particular risk is the telecommunications industry, the report said. Equipment could be modified by an adversary in order to gain covert access, monitor systems. False instructions could be planted to cause "destruction of the targeted system," it said.
In 2010, Iran was targetted by a malicious software program called Stuxnet that caused industrial control equipment made by Siemens fail, interrupting the country's uranium enrichment machinery.
The US has already been battling with counterfeit equipment coming from China. The report said infiltration of hardware resellers and distributors "continue to pose significant law enforcement and counterintelligence challenges to the United States".
"By providing counterfeit hardware that already contains the Trojanized access built into the firmware or software, a foreign intelligence service or similarly sophisticated attacker has a greater chance of successfully penetrating these downstream supply chains," it said.
Within China's military, the report said the People's Liberation Army (PLA) has a broad framework called "information confrontation" that appears to wrap computer network operations together with electronic warfare, psychological operations and deception.
"PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary's information and information systems, often preemptively," the report reads.
The difficulty the US faces with electronic warfare is that aggressive cyber acts are difficult to attribute, which complicates a response. China has developed strong capabilities to disrupt the US military's electronic command-and-control systems, known as C4ISR infrastructure, which could hamper a quick response to a crisis in, for example, Taiwan.
"Chinese commanders may elect to use deep access to critical US networks carrying logistics and command and control data to collect highly valuable real time intelligence or to corrupt, the data without destroying the networks or hardware," the report said.China also invests heavily at an academic level: At least 50 universities that do information security research received grants from national technology grant programmes, supporting the country's broad goals to be an information technology power (Computer World, 2012).
Title: US Faces Increasing Threat Of Cyberattacks By Terrorists, Including On
Battlefield, Officials Say
Date: March 9, 2012
Source: Fox News
Abstract: An eventual full-scale cyberattack on the U.S. by a terrorist organization is "a certitude," a former senior intelligence official told Fox News, and "cyberterrorists" already are making criminal use of the technology to steal money and move it around to finance their operations.
Tech-based terror threats are increasingly raising concerns in Washington, and FBI Director Robert Mueller testified this week that such threats are among the most serious facing the U.S. -- including on the battlefield.
Officials are reporting a sharp increase in the number of attacks by hackers, and Mueller, while not mentioning Iran, Russia or China by name, described a potential “cyber one-two punch,” in which a nation state or terrorist organization first steals intellectual property, then uses that information to interfere, jam or disrupt operations on the battlefield.
“Certainly long term threat is by nation states who are finding new and ingenious ways to exfiltrate information,” Mueller told the House Appropriations Committee on Wednesday. “On the one hand developing new technology for any future conflict, or on the other hand enabling them to disable our technology during in a time of war.”
Mueller also told lawmakers that terrorists may see cyberattacks as a winning strategy for circumventing the traditional post-9/11 security, which focuses on physical attacks. In prepared testimony he said, “Terrorists have not used the Internet to launch a full-scale cyberattack, but we cannot underestimate their intent."
Under questioning by Rep. Frank Wolf, R-Va., Mueller said he backed stronger criminal penalties for those who steal sensitive U.S. economic data.
"Our companies are targeted for insider information, and our universities and national laboratories are targeted for their research and development," the FBI director told lawmakers.
Mueller’s warnings took on greater urgency as the full Senate was briefed on the administration’s strategy for responding to a major cyberattack. Fox News was told the scenario included the takedown of the electrical grid. Significantly, the briefers included Mueller, Homeland Security Secretary Janet Napolitano, the head of the National Security Agency, Keith Alexander, and Joint Chiefs of Staff Chairman Gen. Martin Dempsey.
Earlier this week, Defense Secretary Leon Panetta warned that the new battlefield is on the Web. “We have a new threat, the threat of cyber intrusions and attack," he said.
And at last month’s Senate Armed Services Committee hearing on Worldwide threats, Sen. John McCain underscored the aggressive nature of China’s cyber espionage, which included the hacking of the U.S. Chamber of Commerce’s network.
“The number and sophistication of cyberattacks on American targets by Chinese actors, likely with Chinese government involvement in many cases, is growing increasingly severe and damaging," McCain emphasized.
Citing the recent arrests of Megaupload and LulzSec, Mueller emphasized at Wednesday’s hearing that cyberattacks are the ultimate borderless crime.
“Our ability to work internationally is absolutely essential in order to address the cyber arena,” Mueller said. “We have strategically placed agents with our counterparts in countries like Romania, the Ukraine, Estonia and the like, where much of the activity takes place.”
Mueller warned that the day may not be far away when cybercrime or cyberterrorism become the bureau’s main priority. Right now, it remains counterterrorism.“Down the road, if a country steals those secrets that will enable that country to overwhelm us in the field of battle someplace, that is something that is a threat and ultimately may be a more serious threat” (Fox News, 2012).
Title: The 100 Most Influential People In The World
Date: April 18, 2012
Abstract: United, if at all, by a taste for shock humor and disdain for authority, this leaderless Internet hive brain is plundering and playing in the electronic networks of an ever shifting enemies list: Arab dictatorships, the Vatican, banking and entertainment firms, the FBI and CIA, the security firm Stratfor and even San Francisco's BART transport system. Did Anonymous fix the TIME 100 poll? "Depends who you think is smarter, a global collective of highly skilled hackers or the TIME IT department," says one fellow traveler, anonymously. Anonymous earned its place on the list, one way or the other (TIME, 2012).
Title: Web War II: What A Future Cyberwar Will Look Like
Date: April 30, 2012
Abstract: How might the blitzkrieg of the future arrive? By air strike? An invading army? In a terrorist's suitcase? In fact it could be coming down the line to a computer near you.
Operation Locked Shields, an international military exercise held last month, was not exactly your usual game of soldiers. It involves no loud bangs or bullets, no tanks, aircraft or camouflage face-paint. Its troops rarely even left their control room, deep within a high security military base in Estonia.
These people represent a new kind of combatant - the cyber warrior.
One team of IT specialists taking part in Locked Shields, were detailed to attack nine other teams, located all over Europe. At their terminals in the Nato Co-operative Cyber Defence Centre of Excellence, they cooked up viruses, worms, Trojan Horses and other internet attacks, to hijack and extract data from the computers of their pretend enemies.
The idea was to learn valuable lessons in how to forestall such attacks on military and commercial networks. The cyber threat is one that the Western alliance is taking seriously.
It's no coincidence that Nato established its defence centre in Estonia. In 2007, the country's banking, media and government websites were bombarded with Distributed Denial of Service (DDOS) attacks over a three week period, in what's since become known as Web War I. The culprits are thought to have been pro-Russian hacktivists, angered by the removal of a Soviet-era statue from the centre of the capital, Tallinn.
DDOS attacks are quite straightforward. Networks of thousands of
infected computers, known as botnets, simultaneously access the target website,
which is overwhelmed by the volume of traffic, and so temporarily disabled.
However, DDOS attacks are a mere blunderbuss by comparison with the latest
digital weapons. Today, the fear is that Web War II - if and when it comes -
could inflict physical damage, leading to massive disruption and even death.
Cyberwar Glossary I
Botnet: Geographically-dispersed network of infected computers which can be controlled remotely without their owners' knowledge, and used to attack other computers or networks
Distributed Denial of Service attack (DDOS): A means of knocking websites offline by overwhelming them with bogus traffic
Trojan Horse: Malicious software masquerading as something legitimate. Some Trojans even appear to be anti-virus software
Virus: Malicious computer programme designed to make a computer or network malfunction
Worm: A type of virus
that can replicate itself. Worms can multiply sufficiently to consume a
computer's available memory or hard disk (BBC, 2012).
Title: Preparing For World Web War I
Date: May 7, 2012
Abstract: In the 1984 hit sci-fi movie The Terminator, the artificial intelligence network Skynet becomes self-aware and initiates a nuclear world war against humankind. In the real world of the early 21st Century, the nations of the world are preparing for very different sorts of cyber-war threats, which could arise from terrorists, hactivists, rogue states or organized crime. The U.S.-dominated North Atlantic Treaty Organization (NATO) in 2008 even established the NATO Co-operative Cyber Defense Centre of Excellence in Talinn, Estonia, which held cyber-war-games in late March.
NATO’s choice of locale was intentional: In what is called Web War I, Estonia’s banking, media and government websites were shut down by Distributed Denial of Service (DDOS) attacks over a three-week period in 2007, probably initiated by pro-Russian hacktivists angered by the removal of a Soviet-era statue from downtown Tallinn.
While Web War I opened many people’s eyes to the dangers, the 2010 Stuxnet virus focused the issue more sharply. Stuxnet, which spread over the world while causing little damage to most computers, was designed, probably by Israeli or American security agents, to infect and disable the uranium enrichment machinery used by Iran in its nuclear program. This cyber-war effort was successful, likely delaying Iran’s progress by about 2 years.As more and more high-tech systems are integrated into the Internet, the list of targets potentially vulnerable to cyber-attack likewise grows. Richard Clarke, who advised President Bill Clinton and tried to advise both presidents Bush on counter-terrorism and cyber-security, points out that “Sophisticated cyber attackers could do things like derail trains across the country…They could cause power blackouts - not just by shutting off the power but by permanently damaging generators that would take months to replace. They could do things like cause [oil or gas] pipelines to explode. They could ground aircraft” (AllGov, 2012).
Title: Britain Vulnerable To E-Bomb Attack, Experts To Warn
Date: May 14, 2012
Abstract: Phillip Hammond will tell a conference that money needs to be spent on defences that “cannot be seen on the parade ground.”
Dependence on electronic networks “creates vulnerability” he will say, adding that the response cannot be based on “infantry, or jet planes or destroyers.”
There is an increasing possibility that a rogue state could use an “E-bomb” that would release a devastating electromagnetic pulse (EMP), experts will tell a two-day conference in London.
In the worst case scenario, a nuclear missile could be fired in to space that would release a pulse large enough to paralyse Britain’s infrastructure.
“One of the challenges we face, particularly at a time of limited
resources, is to make the case for spending on defence and security solutions
that cannot readily be seen by the public – that cannot be shown off on the
parade ground – that could be digital, not necessarily physical,” Mr Hammond is
expected to say.
US Assistant Defence Secretary Paul Stockton is due to speak alongside Mr Hammond at the event, which will also discuss the threat of a natural attack such as a solar flare.
A powerful EMP attack could disable electronic systems and bring the country to a standstill. Earlier this month, Ministry of Defence officials warned some form of an E-bomb could already be in the hands of terrorists or rogue states.
The Commons Defence Select Committee has warned the Government is not taking the threat seriously enough. Their report in February warned weapons detonated up to 500 miles above the Earth could generate an EMP strong enough to take out satellites, radar and the National Grid with 'devastating' results.
Key military installations, transport systems, power and water supplies would also be hit.
But despite the risk the Government appeared 'complacent' and 'unwilling to take the threats seriously', it said.
This week’s conference is being hosted by the US-based Electric Infrastructure and Security Council (EIS) and the Henry Jackson Society.
Avi Schnurr, the chief executive officer of EIS and a White House adviser on the issue, said: “The UK, the US and other allies are increasingly at risk from both malicious and natural e-threats.
“We are beginning to realise that, unfortunately, all our societal eggs are in one fragile electric basket, and we are not sufficiently protecting ourselves.
“We have become potential victims of our own technical advancement. The evolution of national electric grids and key infrastructure components means that we are more vulnerable to EMP than ever before.”
He added: “Based on reports by the UK Parliament, the US Congress, NASA, the US Department of Energy and many other agencies, the infrastructures our lives and our economies depend on have become so fragile that a hostile EMP attack or a severe solar flare could damage or destroy them on continental scales, severely disrupting electricity, water supply, transportation and communication – for months, or even years.
Dr Alan Mendoza, executive director of the Henry Jackson Society, said:
“Whether through natural or terrorist-inspired means, the nightmare scenario of
an EMP incident affecting the UK is almost too chilling to contemplate” (Telegraph, 2012).
Title: Virtual Terrorism: Al Qaeda Video Calls For 'Electronic Jihad'
Date: May 22, 2012
Source: ABC News
Abstract: Al Qaeda may be turning its destructive attention to cyber-warfare against the United States. In a chilling video, an al Qaeda operative calls for "electronic jihad" against the United States, and compares vulnerabilities in vital American computer networks to the flaws in aviation security before the 9/11 attack.
The al Qaeda video calls upon the "covert mujahidin" to launch cyber attacks against the U.S. networks of both government and critical infrastructure, including the electric grid. The video was obtained by the FBI last year, and released today by the Senate Committee on Homeland Security and Governmental Affairs.
"This is the clearest evidence we've seen that al Qaeda and other terrorist groups want to attack the cyber systems of our critical infrastructure," Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., said in a statement.
"This video is troubling as it urges al Qaeda adherents to launch a cyber attack on America," said Sen. Susan Collins, R-Maine, the ranking member on the committee. "It's clear that al Qaeda is exploring all means to do us harm and this is evidence that our critical infrastructure is a target."
The national security community says the threat of cyber attack is real, and the gap between terrorist aspirations and capability is closing. The senior intelligence official at Cyber Command, Rear Adm. Samuel Cox, has said al Qaeda operatives are seeking the capability to stage cyber attacks against U.S. networks and terrorists could purchase the capabilities to do so from expert criminal hackers.
Increasing evidence also suggests that Iran is looking to commit cyber attacks against the United States, according to testimony last month before the House Committee on Homeland Security. Iran's sponsorship of terrorist groups takes on a new dimension in cyberspace, where it could develop a powerful cyber weapon and pass it on to a terrorist group.
Lieberman is using the al Qaeda video to underline what he says is the need for new legislation..
"Congress needs to act now to protect the American public from a possible devastating attack on our electric grid, water delivery systems, or financial networks," he said. "As numerous, bipartisan national security experts have said, minimum cyber security standards for those networks are necessary to protect our national and economic security. That is why the Senate needs to act on our bipartisan Cyber Security Act that requires minimum security performance requirements for key critical infrastructure cyber networks."
The Homeland Security Committee says the Department of Homeland Security
received more than 50,000 reports of cyber intrusions or attempted intrusions
since October, an increase of 10,000 reports over the same period the previous year
(ABC News, 2012).
Title: 'Leak It All!' Anonymous Calls For Fight Club-Style 'Project
Date: June 5, 2012
Abstract: Anonymous are set to activate the dormant cells of a global 'Fight Club’ to battle corruption by calling on supporters to leak a massive cache of state and corporate secrets for the world to see.
“Imagine you purchase a USB drive. Imagine you take it to your work place. Imagine you collect evidence of illegality and corruption. Imagine together we expose all lies. Imagine we leak it all.”
Those ominous words scrolled across the crimson backdrop of a glowing Anonymous logo in a video released Tuesday by the hacktivist collective.
But instead of a Fight Club-inspired Project Mayhem bent on wiping the debt slate clean by bombing the credit card industry to the ground, Anonymous are set to disinfect the world one thumb drive at a time.
Fight Club was the 1999 film adaptation of the book of the same name. In it, disgruntled men engaged in bare-knuckle underground fights and anti-corporate sabotage to wage “spiritual war” against the modern era.
And while the first rule of Fight Club was not to “talk about Fight Club,” Anonymous hopes the "Leak it All" campaign will spread like wildfire.
During a 10 day period from 12-12-2012 to 12-21-2012, the collective says “the World will see an unprecedented amount of Corporate, Financial, Military and State leaks that will have been secretly gathered by millions of CONSCIENTIOUS citizens, vigilantes, whistle blowers and insiders worldwide.”
Due to the decentralized nature of the movement, it is difficult to tell exactly how much widespread support the campaign will gather over the next six months.
The Anonymous campaign could come as a response to the 2010 funding blockade against the whistleblower organization WikiLeaks. Last October, WikiLeaks founder Julian Assange said the banking blockade had destroyed 95% of WikiLeaks' revenues, forcing the organization to suspend operations.
However, despite its financial troubles, WikiLeaks began publishing The Global Intelligence Files – “more than five million emails from the Texas-headquartered 'global intelligence' company Stratfor” – this past February.
But with WikiLeaks on the rocks, the most recent Anonymous campaign could usher in a golden age of grassroots document disclosure and anti-corruption muckracking (RT, 2012).
Title: Are Hackers Peering Through Your Laptop Webcam?
Date: June 5, 2012
Source: AOL News
Abstract: bout one of every two laptop users, according to a new survey, is unaware of the possibility that a hacker can remotely access and control web camera technology – allowing cybercriminals to secretly watch and record activities near a user's machine.
"It is alarming that high numbers of women (who are the primary caregivers of children) and young people (who spend a significant amount of time using their laptops) do not know their webcams can be easily hacked," said Dr. Ruby A. Rouse, who conducted the study. More than 6 in 10 women were unaware of the risk, compared to 40% of men. Additionally, 57% of Generation Y study participants were unaware of the risk, she said.
The study focused primarily on consumers, but the implications carry over to those who rely on laptops for work.
According to the study, 62% of laptop owners use their machines in their living rooms; 58% use them in their home office; 44% in their bedrooms; 39% in their kitchen; and 8% in the bathroom. "With webcam-enabled devices increasingly used in private settings," Rouse said, "hackers have limitless opportunities for cybercrime."
The study's conclusions suggest users of webcam technology:
· Keep Informed– Learn more about webcam hacking to better understand the risks.
· Stay Alert– Watch your webcam light so you know it's been activated; and diligently maintain virus protection software.
· Get Covered– When it is not in use, cover the lens of your webcam; doing so physically stops hackers from watching and recording laptop activities.
The study was sponsored by the CamPatch Academy, a nonprofit organization that provides information about web camera risks as well as tools and techniques about how people can protect themselves, and Organizational Troubleshooter, LLC, a business consulting and research firm that works with organizations to improve their performance.
"Experienced hackers can access a webcam in less than a minute," said Parham Eftekhari, president and founder of CamPatch, which makes webcam covers and supports public education on webcam abuses. Eftekhari also leads research efforts for the non-profit Government Technology Research Alliance (AOL News, 2012).
Title: 'End Of The World As We Know It': Kaspersky Warns Of Cyber-Terror
Date: June 6, 2012
Abstract: After his eponymously-named lab discovered Flame, "the most sophisticated cyber weapon yet unleashed," Eugene Kaspersky believes that the evolving threat of “cyber terrorism” could spell the end of life on Earth as we know it.
Doomsday scenarios are a common occurrence in 2012, but coming from a steely-eyed realist like Eugene Kaspersky, his calls for a global effort to halt emerging cyber threats should raise alarm bells.
A global Internet blackout and crippling attacks against key infrastructure are among two possible cyber-pandemics he outlined.
"It's not cyber war, it's cyber terrorism, and I'm afraid the game is just beginning. Very soon, many countries around the world will know it beyond a shadow of a doubt,” Kaspersky told reporters at a Tel Aviv University cyber security conference.
“I'm afraid it will be the end of the world as we know it," he warned. "I'm scared, believe me."
His stark warning came soon after researchers at Kaspersky Lab unearthed Flame, possibly the most complex cyber threat ever. While the espionage toolkit infected systems across the Middle East, Iran appears to have been its primary target.
Flame seems to be a continuation of Stuxnet, the revolutionary infrastructure-sabotaging computer worm that made mincemeat of Iran’s uranium enrichment facility at Natanz in 2009-2010.
As Flame is capable of recording audio via a microphone, taking screen shots, turning Bluetooth-enabled computers into beacons to download names and phone numbers from other Bluetooth enabled devices, Kaspersky is certain that a nation-station is behind the cyber espionage virus.
While Kaspersky says that the United States, Britain, India, Israel, China and Russia are among the countries capable of developing such software, which he estimates cost $100 million to develop, he did not limit the threat to these states.
"Even those countries that do not yet have the necessary expertise [to create a virus like Flame] can employ engineers or kidnap them, or turn to hackers for help.”
Like Stuxnet, Flame attacks Windows operating systems. Considering this reality, Kaspersky was emphatic:"Software that manages industrial systems or transportation or power grids or air traffic must be based on secure operating systems. Forget about Microsoft, Linux or Unix."
Kaspersky believes the evolution from cyber war to cyber terrorism comes from the indiscriminate nature of cyber weapons. Very much like a modern-day Pandora’s Box, Flame and other forms of malware cannot be controlled upon release. Faced with a replicating threat that knows no national boundaries, cyber weapons can take down infrastructure around the world, hurting scores of innocent victims along the way.
Kaspersky believes that it necessary to view cyber weapons with the same seriousness as chemical, biological and even nuclear threats. Mutually assured destruction should exclude them from the arsenals of nation states.
The apocalyptic scenario he painted is fit for the silver screen. No surprise then, that it was a film that converted him to the idea that cyber terrorism was a clear and present danger.
By his own admission, Kaspersky watched the 2007 Film Live Free or Die Hard with a glass of whiskey in one hand and a cigarette in the other shouting: “Why are you telling them [how to do this]?”
The film’s plot revolves around an NYPD detective played by Bruce Willis, fighting a gang of cyber terrorists who are targeting FBI computer systems.
"Before Die Hard 4.0, the word cyber terrorism was a taboo in my company. It could not be uttered aloud or discussed with the media. I tried to keep the Pandora’s Box closed. When the film hit the screens, I canceled that ban,"Kaspersky admitted (RT, 2012).
Title: Nations Must Talk To Halt "Cyber Terrorism": Kaspersky
Date: June 6, 2012
Abstract: Eugene Kaspersky, whose lab discovered the Flame virus that has attacked computers in Iran and elsewhere in the Middle East, said on Wednesday only a global effort could stop a new era of "cyber terrorism".
"It's not cyber war, it's cyber terrorism and I'm afraid it's just the beginning of the game ... I'm afraid it will be the end of the world as we know it," Kaspersky told reporters at a cyber security conference in Tel Aviv.
"I'm scared, believe me," he said.
News of the Flame virus surfaced last week. Researchers said technical evidence suggests it was built for the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear programme in 2010.
In recent months U.S. officials have become more open about the work of the United States and Israel on Stuxnet, which targeted Iran's Natanz nuclear enrichment facility.
The West suspects Iran is developing atomic weapons. Tehran denies this and says it is enriching uranium only for civilian use.
Security experts say Flame is one of the most sophisticated pieces of malicious software so far discovered. They are still investigating the virus, which they believe was released specifically to infect computers in Iran and across the Middle East.
Kaspersky named the United States, Britain, Israel, China, Russia and possibly India, Japan and Romania as countries with the ability to develop such software, but stopped short of saying which nation he thought was behind Flame.
When asked whether Israel was part of the solution or part of the problem regarding cyber war, Kaspersky said: "Both."
"Flame is extremely complicated but I think many countries can do the same or very similar, even countries that don't have enough of the expertise at the moment. They can employ engineers or kidnap them, or employ 'hacktivists'," he said.
"These ideas are spreading too fast," Kaspersky later said, "That cyber boomerang may get back to you."
Kaspersky said governments must cooperate to stop such attacks, as they have done with nuclear, biological and chemical weapons. Operating systems must be redesigned, he added.
"Software that manages industrial systems or transportation or power grids or air traffic, they must be based on secure operating systems. Forget about Microsoft, Linux, Unix."
Kaspersky said malware like Flame and Stuxnet have a limited lifetime and that undiscovered viruses could be out there.
"It's quite logical that there are new cyber weapons designed and maybe there are computers which are infected."
At the conference Kaspersky got celebrity treatment, with students huddled around to have their picture taken with him. He spoke alongside Israel Defense Minister Ehud Barak and top security experts from leading hi-tech companies.
Barak said a more comprehensive approach was necessary to deal with cyber threats and it required cooperation on an international level.
"The damage you can save yourself from proper defense may be more
than what you achieve through the offensive action, though both aspects
exist," Barak said (Reuters, 2012).
Banks Say Hackers More Aggressive In Attacking Customer Accounts
Date: June 15, 2012
Source: Computer World
Abstract: A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts last year than in the two previous years, and about a third of these attacks succeeded.
The total number of attacks to try and break in and transfer money out of hacked customer accounts was up to 314 over the course of 2011, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), which released findings of its survey of 95 financial institutions and five service providers. That's an increase from 87 attacks against bank accounts in 2009 and 239 in 2010.
FS-ISAC is the group that coordinates on security issues with the Department of Homeland Security. The survey was conducted by the American Bankers Association.
The actual dollar losses taken by the financial institutions last year was $777,064, down from a high of $3.12 million in 2010. Dollar loss for customers was $489,672 in 2011, as compared with $1.16 million in 2010.
Banks responding to the survey said they were beefing up defenses against account takeovers through customer education, more use of multi-factor authentication, and shutting down customers' online access to a commercial system once anomalous behavior is detected.
Increasingly, banks are extending strong authentication to their customers to prevent successful takeovers of accounts by hackers, whose strategy is often to use malware to take control of the computer of someone authorised to make payments or other high-dollar transfers related to corporate accounts.
These authentication methods can take many forms. United Bank & Trust for instance, increased security for customers through a method that automatically phones the customer making an online funds transfer to verify the details about the transaction before it's actually executed.
Called PhoneFactor, this authentication method is now used for what the bank regards as high-risk transactions, says Marsha Whitehouse, vice president of treasury management at United Bank & Trust. This would ordinarily be associated with an individual authorised to make ACH or fund transfers via a corporate account.Through an automated process, PhoneFactor immediately places a phone call to verify details about the transaction request. Whitehouse says, "It improves security" (Computer World, 2012).
Title: Atomic Scientists Compare Cyberwar To Development Of Nuclear Bomb
Date: June 15, 2012
Source: Fox News
Abstract: Cyberbombs are the new atom bombs.
The Bulletin of the Atomic Scientists warned Friday that the race to build and deploy cyberweapons -- secret programs only recently discovered by security researchers, the extent of which is not yet fully known -- closely resembles the race to build the first nuclear weapons.
“The parallels with the invention and first use of atomic bombs on Hiroshima and Nagasaki are eerie,” wrote Kennette Benedict, the Bulletin’s executive director. The Bulletin of the Atomic Scientists was established in 1945 by scientists, engineers, and other experts who had created the atomic bomb as part of the Manhattan Project.
Its scientists also keep track of the doomsday clock, which warns of nuclear annihilation.
An expansive New York Times report on June 1 said President Obama was responsible for a ramp-up in cyberattacks on Iran’s main nuclear enrichment facilities, via cyber worms, viruses and digital Trojan horses with esoteric names such as Stuxnet and Flame.
The 1945 rush to build the atomic bomb was partly a race to beat others, she noted. In modern times, government leaders again are responsible for urging scientists to invent new weapons, the consequences of which are poorly understood. As in the '40s, scientists are warning of the potential dangers, Benedict noted, yet despite those warnings, these weapons are being built and unleashed without warning or discussion.
“This may be another watershed moment, when, as Albert Einstein put it in 1954, ‘everything has changed save our way of thinking, and thus we drift toward unparalleled catastrophe,’" Benedict wrote.
Security analysts speaking with FoxNews.com have also characterized Stuxnet, Flame and others as cyberweapons, though most have been hesitant to dissect the geopolitical ramifications.
“Flame is a cyberespionage operation,” Roel Schouwenberg, a senior security researcher with Kaspersky Labs, told FoxNews.com in late May.
The Flame virus is sort of a Swiss Army knife spy tool that can evolve and change to deal with any situation that has been discovered on the loose in several Middle Eastern countries, yet it isn’t necessarily a declaration of war, Schouwenberg said.
“It’s very clear that there’s a lot of development in this area," he said. "Every government is allocating more resources to cyberoffense. But can we call it a war? I’m not sure.”
Benedict lumps Stuxnet and its ilk together as part of a new era in “warfare,” though she doesn’t label these actions as “acts of war” either.
But she noted the irony of the first acknowledged military use of cyberwarfare: to prevent the spread of nuclear weapons.
“A new age of mass destruction will begin in an effort to close a
chapter from the first age of mass destruction,” Benedict wrote (Fox News, 2012).
Obama's Doomsday Cyberattack Scenario Unrealistic, Experts Say
Date: July 20, 2012
Abstract: President Barack Obama on Friday (July 20) used the Wall Street Journal editorial page to urge the Senate to pass the revised Cybersecurity Act of 2012, which would set security standards for critical-infrastructure industries .
Obama led his argument with a dire, if hypothetical, scenario.
"Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill," he wrote.
The president's opinion piece, placed on an editorial page usually hostile to his administration, was aimed at Senate Republicans who had opposed an earlier version of the bill on the ground that it would create a new regulatory bureaucracy.
"Our nation, it appeared, was under cyber attack," the president wrote. "Unknown hackers, perhaps a world away, had inserted malicious software into the computer networks of private-sector companies that operate most of our transportation, water and other critical infrastructure systems."
The original version of the bill, co-sponsored by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Calif.), would have authorized the Department of Homeland Security to inspect and assess private-sector facilities designated as "critical infrastructure," such as power plants, water-treatment facilities and financial networks.
The bill would have forced designated entities to comply with government-set cybersecurity standards.
"To their credit, many of these companies have boosted their cyber defenses," Obama wrote. "But many others have not, with some lacking even the most basic protection: a good password. That puts public safety and our national security at risk."
Meeting stiff opposition from conservatives, the bill in its original form could not garner the 60 votes needed to break a Senate filibuster. So Thursday (July 19), Lieberman introduced a watered-down version of the bill that removes the mandatory provisions and instead makes compliance with new cybersecurity standards voluntary.
The revision offers inducements for companies that choose to comply, such as protection from liability relating to a security incident.
"We are going to try carrots instead of sticks as we begin to improve our cyber defenses," Lieberman said in a statement. "This compromise bill will depend on incentives rather than mandatory regulations to strengthen America's cybersecurity. If that doesn't work, a future Congress will undoubtedly come back and adopt a more coercive system."
Is it even Necessary?
"Foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day," Obama wrote.
Digital security experts are divided over whether the bill is necessary, and even whether the dramatic scenes depicted by Obama in his opinion piece are even possible.
"Has a major attack happened? No," said Steve Santorelli, a security researcher at Team Cymru in Lake Mary, Fla., who's worked in the past for Microsoft and Scotland Yard. "Are they scanning and exploring? Almost certainly someone is, but it's not clear exactly who or why."
"There's going to be an attack on specific trains loaded with what just happen to be specifically dangerous chemicals so that it or they jump the rails and cause a catastrophe?" asked George Smith, an expert on national-security technology at GlobalSecurity.org in Washington. "This belongs strictly to the last 'Die Hard' movie."
"They could have run a simulation based on the plot of 'Independence Day,'" said Julian Sanchez, a research fellow specializing in technology at the libertarian Cato Institute in Washington. "That would not be a 'sobering reminder' that alien invasion is 'one of the most serious economic and national security challenges we face.'"
"There is little to zero evidence reservoirs and water systems can be significantly damaged by cyberattack, even if one grants the minor possibility of remote trifling with pumping systems," Smith said. "Water purification and supply is a nationally distributed matter. There is no way to universally degrade it in the United States."
Maybe for Power
Plants it Is
But attacks on the electrical grid and other utilities dependent upon supervisory control and data acquisition (SCADA) software may be closer to reality.
"The 2008 Florida blackout was not malicious, but could have been," said Joe Weiss, an engineer and power-industry security consultant based in northern California.
Weiss was referring to a sudden power outage in February 2008 that began with an explosion at a substation near Miami and left 2 million people without power all the way up to Tampa and Orlando.
"An engineer at a substation removed overload protections while doing diagnostics," Weiss said. "A SCADA operator remotely actuated equipment, and it blew up."
A SCADA system at an Iranian nuclear facility was the target of Stuxnet, the successful U.S.-Israeli engineered worm that is the world's first publicly known cyberweapon.
Despite the fact that the facility's computers were not connected to the Internet, Stuxnet got in and changed the software on programmable logic controllers (PLCs) operating uranium-processing centrifuges, causing them to spin out of control and setting back the Iranian nuclear program by more than a year.
"Many of the fundamental problems are caused by software vulnerabilities in PLCs that are impossible to fix," Santorelli said. "They were never designed to be secure because the folks that developed them, like everyone else, never really saw this threat coming when the systems were built a generation ago,
""It's sobering to think that the same PLCs that Stuxnet attacked are also in the rides that we take our kids to in theme parks every weekend," Santorelli added.
Why not Just Unplug It?
"Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls," Obama wrote in Friday's opinion piece. "More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines."
The solution seems obvious: Disconnect critical-infrastructure facilities from the Internet. But it turns out it's not that easy.
"Many of these systems are remotely administered by vendors and plant operators to cut down on staffing and cost," said Anup Ghosh, chief executive office of Fairfax, Va., software security firm Invincea and a research professor at George Mason University. "They are remotely administering and updating via the Internet.
"Sometimes SCADA networks are indirectly connected to the Internet when the operators on office networks," Ghosh added, "bridge the connection between Internet and SCADA control networks inadvertently."
In any case, even without an Internet connection, there's always a way in, Sanchez said.
"Every system needs some procedure for receiving external updates and patches, which creates a vulnerability," Sanchez said. "In most cases, you almost certainly want an air gap between the SCADA [system] and any network ... [but] it's very rarely possible to isolate a system completely even if it's not directly online."
The Carrot or the Stick?
The experts were divided about whether forced security upgrades or voluntary compliance was better for critical-infrastructure industries. Ghosh and Sanchez endorsed the voluntary approach proposed by the revised Lieberman bill.
"Providing incentives for critical infrastructure providers seems like a good approach," Ghosh said, "as long as the incentives are not overly proscriptive. Better would be results-oriented incentives that allow for companies to innovate with new techniques to meet desired ends."
"The difference between a mandate and an inducement is often a matter of semantics," Sanchez said. "You can call a requirement 'mandatory' with a specified penalty, or you can offer liability protection — but then refusing to do what's needed to qualify for that exemption probably raises your insurance costs."
However, when Weiss was asked whether the watering-down of the bill made it useless, he replied, "Honest to God, if you want to keep the lights on and the gasoline flowing, yes, it is."
"This bill continues the status quo, and the status quo is not protecting the grid," he added.
A Heavy but Firm Hand
Sanchez and Weiss also had different opinions over whether more industry regulation was needed.
"The North American Electric Reliability Corporation (NERC) already sets enforceable cybersecurity standards for electric utilities," Sanchez said. "The natural gas, petroleum, and chemical industries all have programs to establish and disseminate best practices for the relevant SCADA networks. And DHS and other government agencies have their own programs already."
To Weiss, the utilities, and especially self-regulating umbrella organizations such as NERC, are part of the problem.
"Electrical utilities are not securing anything. They are in a compliance game," he said. "The billing system in an electric utility is more secure than the actual power plant, and that includes nuclear plants.
"Utilities have self-defined every shortcut you can think of," Weiss continued. "Seventy percent of power plants don't have to be looked at for cyber. They've self-defined out of being critical. All you need to do is look at the public record to see what's considered critical and what's not."Which plants are designated as critical and which aren't is a matter of public record," he added. "The industry has created a road map for hackers" (TechNewsDaily, 2012).
Title: Drones Vulnerable To Terrorist Hijacking, Researchers Say
Date: June 25, 2012
Source: Fox News
Abstract: A small surveillance drone flies over an Austin stadium, diligently following a series of GPS waypoints that have been programmed into its flight computer. By all appearances, the mission is routine.
Suddenly, the drone veers dramatically off course, careering eastward from its intended flight path. A few moments later, it is clear something is seriously wrong as the drone makes a hard right turn, streaking toward the south. Then, as if some phantom has given the drone a self-destruct order, it hurtles toward the ground. Just a few feet from certain catastrophe, a safety pilot with a radio control saves the drone from crashing into the field.
From the sidelines, there are smiles all around over this near-disaster. Professor Todd Humphreys and his team at the University of Texas at Austin's Radionavigation Laboratory have just completed a successful experiment: illuminating a gaping hole in the government’s plan to open US airspace to thousands of drones.
They could be turned into weapons.
“Spoofing a GPS receiver on a UAV is just another way of hijacking a plane,” Humphreys told Fox News.
In other words, with the right equipment, anyone can take control of a GPS-guided drone and make it do anything they want it to.
“Spoofing” is a relatively new concern in the world of GPS navigation. Until now, the main problem has been GPS jammers, readily available over the Internet, which people use to, for example, hide illicit use of a GPS-tracked company van. It’s also believed Iran brought down that U.S. spy drone last December by jamming its GPS, forcing it into an automatic landing mode after it lost its bearings.
While jammers can cause problems by muddling GPS signals, spoofers are a giant leap forward in technology; they can actually manipulate navigation computers with false information that looks real. With his device -- what Humphreys calls the most advanced spoofer ever built (at a cost of just $1,000) -- he infiltrates the GPS system of the drone with a signal more powerful than the one coming down from the satellites orbiting high above the earth.
Initially, his signal matches that of the GPS system so the drone thinks nothing is amiss. That’s when he attacks -- sending his own commands to the onboard computer, putting the drone at his beck and call.
Humphreys says the implications are very serious. “In 5 or 10 years you have 30,000 drones in the airspace,” he told Fox News. “Each one of these could be a potential missile used against us.”
Drones have been in widespread use in places like Iraq, Afghanistan and Yemen, but so far, GPS-guided unmanned aerial vehicles have been limited to the battlefield or southern border patrols and not allowed to fly broadly in U.S. airspace.
In February, under pressure from the Pentagon and drone manufacturers, Congress ordered the FAA to come up with rules to allow government and commercial use of UAVs over American soil by 2015. The plan could eventually see police drones keeping watch over U.S. cities, UAVs monitoring transmission lines for power companies, or cargo plane-size drones guided by GPS pilotlessly delivering packages across the country. FedEx founder Fred Smith has said he would like to add unmanned drones to his fleet as soon as possible.
The new rules have raised privacy concerns about a "surveillance society," with UAVs tirelessly watching our every move 24/7. But Humphreys’ experiments have put an entirely new twist on the anxiety over drones.
“What if you could take down one of these drones delivering FedEx packages and use that as your missile? That’s the same mentality the 9-11 attackers had,” Humphreys told Fox News.
It’s something the government is acutely aware of. Last Tuesday, in the barren desert of the White Sands Missile Range in New Mexico, officials from the FAA and Department of Homeland Security watched as Humphrey’s team repeatedly took control of a drone from a remote hilltop. The results were every bit as dramatic as the test at the UT stadium a few days earlier.
DHS is attempting to identify and mitigate GPS interference through its new “Patriot Watch” and “Patriot Shield” programs, but the effort is poorly funded, still in its infancy, and is mostly geared toward finding people using jammers, not spoofers.
The potential consequences of GPS spoofing are nothing short of chilling. Humphreys warns that a terrorist group could match his technology, and in crowded U.S. airspace, cause havoc.
“I’m worried about them crashing into other planes,” he told Fox News. “I’m worried about them crashing into buildings. We could get collisions in the air and there could be loss of life, so we want to prevent this and get out in front of the problem.”
Unlike military UAVs, which use an encrypted GPS system, most drones that will fly over the U.S. will rely on civilian GPS, which is not encrypted and wide open to infiltration. Humphreys warns it is crucial that the government address this vulnerability before it allows unmanned aerial vehicles broad access to U.S. airspace.
“It just shows that the kind of mentality that we got after 9-11, where
we reinforced the cockpit door to prevent people hijacking planes -- well, we
need to adopt that mentality as far as the navigation systems for these UAVs” (Fox News, 2012).
TSB Online Banking Knocked Offline By Service Interruption
Date: July 12, 2012
Source: Computer World
Abstract: Some customers of Lloyds TSB struggled to access their online banking accounts this morning, which is understood to have been caused by a service interruption.
The problems appear to have lasted for just over an hour, with the bank’s customer service Twitter feed advising customers that “normal service” had resumed at 11:00 BST.
Some of the customers affected were staff at MoneySavingExpert.com, which said that some members of the team had tried to access their Lloyds account online at 9:45 BST, only to be met with the message: “We’re sorry but internet banking is currently unavailable. Please try again later.”
A spokesperson for the bank said: “For a short period, some of our customers experienced a slower service than normal when accessing their accounts.
“Service has now been fully restored.”Lloyds Banking customers were last affected by a technical problem in February, when customers were unable to make payments due to problems with the bank’s faster payments service (Computer World, 2012).
Title: Former FBI Cyber Cop Worries About A Digital 9/11
Date: July 25, 2012
Source: USA Today
Abstract: In April, an obscure U.S. government agency slipped a hair-raising disclosure into its monthly newsletter: Hackers had successfully penetrated the networks of several natural gas pipeline operators.
Here was a rare public acknowledgement that hackers are currently laying the foundation for a critical-infrastructure attack -- the nightmare scenario that keeps cybersecurity pros up at night.
The natural gas attackers got in through "convincingly crafted" emails that appeared to be internal and went to a "tightly focused" list of targets, according a Department of Homeland Security cybersecurity team. The campaign lasted three months before it was discovered.
In his opening keynote Wednesday at Black Hat -- one of the largest annual gatherings of security researchers -- Shawn Henry, the FBI's longtime top cybercrime official, cited the natural gas intrusion as an example of the escalating stakes of cybersecurity.
"The adversary knows that if you want to harm civilized society -- take their water away, do away with their electricity," Henry said. "There are terrorist groups that are online now calling for the use of cyber as a weapon."
The attacks that the public finds out about are "the tip of the iceberg," said Henry, who recently retired after a 24-year career with the Federal Bureau of Investigation. "I've seen below that waterline. I've been circling below it for the last five years."
What he's seen there is a growing army of patient, sophisticated hackers who are siphoning off some of America's key military and commercial intellectual property. Awareness is increasing, but companies are still in denial about the scale of the problem, he thinks.
The nightmare scenarios get the headlines, but cybercrime is a growing problem for businesses and consumers.
"I still hear from CEOs, 'Why would I be a target?'" Henry said. "We worked with one company that lost $1 billion worth of IP in the course of a couple of days -- a decade of research. That is not an isolated event. ... Your data is being held hostage, and the life of your organization is at risk."
For small businesses, the effects of a breach can be fatal. Henry recalled investigating one company -- he wouldn't name names -- that went under after a break-in.
"They were a small company with $5 million in capital that made short-term loans," he said. "They were hacked, lost their money, and were out of business Monday morning because they didn't have any capital."
So what can companies do? Echoing the words of many government officials -- including FBI Director Robert Mueller, who predicts that cybercrime will soon eclipse terrorism as his agency's top priority -- Henry called for greater public-private collaboration and information sharing.
"This is probably the first time in history that civilians are on the front lines of the battle every day. That's you," Henry told the crowd. This year's Black Hat, the largest in the event's 15-year history, drew 6,500 registered attendees.
Federal lawmakers are considering a spate of new cybersecurity bills aimed at encouraging -- or mandating -- greater disclosure by companies when their systems are breached, and requiring stronger defenses from those who oversee high-risk infrastructure like the electric grid. President Obama recently penned an op-ed in support of the proposal, which he called a necessary response to "an urgent national-security challenge."
Henry sees progress, but he's not optimistic that it will happen quickly enough.
"I believe that people will not truly get this until they see the physical implications of a cyber attack," he said to reporters after his speech.
He drew a parallel to the risk posed by Osama bin Laden -- a threat that regional anti-terrorism specialists began flagging many years before top U.S. officials took their concerns seriously.
"We knew about Osama bin Laden in the early '90s. After 9/11, it was a worldwide name," Henry said. "I believe that type of thing can and will happen in the cyber environment. And I think that after it does, people will start to pay attention" (USA Today, 2012).
Title: NSA To Hackers: We’re Not Prepared For Major Attack
Date: July 27, 2012
Abstract: On a scale of one to 10, American readiness to deflect a major cyber-attack on its infrastructure is “around three,” head of the National Security Agency and the US Cyber Command said in a rare speech at a hacker conference.
General Keith B. Alexander was attending on Thursday the Aspen Security Forum at the Aspen Institute, a major cyber-security event held for the 20th time this year.
The general said the US saw a 17-fold increase in computer attacks on its power grids, water utilities and other key facilities between 2009 and 2011. He said criminal gangs, hackers and foreign nations were responsible for the attacks.
The collective blame for the weakness lies with both the government and the IT industry, he said, even though it was the rapid development of technology that put America at cyber risk. He called for the two groups to work better as a team to address the issue.
Alexander advocated the passage of legislation, which would enable the NSA to set security standards for information infrastructure. The general expects “voluntary incentivized [sic] compliance” of those future standards. Earlier some civil rights croups expressed concerns about some of the cyber bills currently under consideration in the Congress over possible adverse effect on privacy they may cause.
As compared to the defensive part, Alexander said the US is “a little bit better” prepared to take military cyber action against possible targets. He said Cyber Command did perform those and that it is up to the president to decide on carrying out such operations.
At the same time he declined to comment on whether the US is behind
StuxNet virus, which damaged Iranian uranium-enrichment facilities, and the Flame
virus, which was engaged in a major sophisticated spying operation in the
Middle East (RT, 2012).
Title: Hackers Could Haunt Global Air Traffic Control: Researcher
Date: July 27, 2012
Source: MSN News
Abstract: Air traffic control software used around the world could be exploited by hackers to unleash squadrons of ghost planes to befuddle those entrusted to keep the skies safe, a security researcher said Thursday.
Cyprus-based Andrei Costin demonstrated his findings at a Black Hat gathering of cyber defenders that ends Thursday in Las Vegas.
“This is for information only,” Costin said as he outlined how someone with modest tech skills and about $2,000 worth of electronics could vex air traffic controllers or even stalk celebrities traveling in private jets.
“Everything you do is at your own risk.”Costin’s target was an ADS-B system in place for aircraft to communicate with one another and with air traffic control systems at airports.
The system, which has been rolled out internationally in recent years in a multi-billion dollar upgrade, was designed to better track aircraft so airport traffic can flow more efficiently.
A perilous flaw is that the system is not designed to verify who is actually sending a message, meaning that those with malicious intent can impersonate aircraft either as pranks or to cause mayhem, according to Costin.
“There is no provision to make sure a message is genuine,” he said.
“It is basically an inviting opportunity for any attacker with medium technical knowledge.”Air traffic controllers faced with a signal from a fake airplane resort to cross-checking flight plans, putting relevant portions of air space off limits while they work.
“Imagine you inject a million planes; you don’t have that many people to cross-check,” Costin said. “You can do a human resource version of a denial of service attack on an airport.”Denial of service attacks commonly used by hackers involve overwhelming websites with so many simultaneous online requests that they crash or slow to the point of being useless.
Aviation agencies are adept at identifying and locating “rogue transmitters” on the ground, but not at countering signals from drones or other robotic aircraft becoming more common and available, according to the researcher.
Another danger in the new-generation air traffic control system, according to Costin, is that position, velocity and other information broadcast by aircraft isn’t encrypted and can be snatched from the air.
“Basically, you can buy or build yourself a device to capture this information from airplanes,” Costin said.
He listed potential abuses including paparazzi being able to track private jets carrying celebrities or other famous people.
Costin showed how a friend was able to identify a plane broadcasting the identification numbers of Air Force One, the military jet used by the US president, and plot it on a map on an iPad.
“It can be a very profitable business model for criminals to invest a small amount of money in radios, place them around the world” and then sell jet tracking services or information about flights, the independent researcher said.
“If it was Air Force One, why does Air Force One show itself?” Costin wondered aloud.
“It is a very high profile target and you don’t want everyone to know it
is flying over your house.”There are websites with databases matching aircraft
registration numbers with listed owners (MSN News, 2012).
Terror Warning: Grid Down
Date: July 27, 2012
Abstract: Could the reluctance to secure our nation's critical electric infrastructure be considered an act of terrorism? Or might it possibly be an act of providing material support for terrorism? If so, who would the terrorists be?
Which is the greater threat to America's national security-coordinated terrorist acts on major cities, such as the 9/11 attacks, or the deliberate inaction of corporate executives to secure our nation's electric grid? Consider the consequences: nearly three thousand people died in the 9/11 attacks; but a widespread and prolonged electric grid collapse, caused by a naturally-occurring coronal mass ejections (CMEs) or nuclear electromagnetic pulse (EMP) attack, could result in the deaths of over two-thirds of the population-200 million Americans. Given these dire statistics should those in positions of authority over the security and reliability of the bulk power system be held accountable for lack of action before a "grid-down" scenario becomes a reality?
We live in a terrifying world-and it's getting more so by the day. If you listen carefully to the news, you'll hear about localized natural disasters, failing global economy, the specter of creeping socialism, and potential violence from "domestic extremists," as well as from a vague assortment of international terrorists. If you go beyond the mainstream news, you'll find that natural disasters can, indeed be continental-wide (and possibly global). You'll find that our economic woes-beginning with the 2008 "crash"-have been manipulated by foreign interests and "financial terrorists." You'll realize that "creeping Shari'a" is on par with, if not more dangerous than creeping socialism. And you may discover that the real threats to national and homeland security are not from American "liberty loving" patriots who are prudently preparing for emergencies, but from an Iranian theocratic regime driven by an apocalyptic agenda (plus its allies) and a "global jihad movement" intent on establishing global Islam. You may also learn that our adversaries know exactly what our vulnerabilities are. They know precisely how to take us down, instantaneously and long-term. They know how to take down the nervous system of our country-the electric grid.
Many find revelations such as these too disturbing to contemplate. Public reactions that I have been confronted with include "this is too complicated;" "I can't do anything about these things, so I don't want to know;" "I have too many things to worry about now," "this is overblown rhetoric," and "you must be crazy." For my attempts to warn the public, I have been called names that can't be printed in this venue (mostly within politically-biased forums). Other noteworthy professionals-friends and associates in this endeavor-have become targets for character assassination (and worse). It has become neither politically correct, nor politically efficacious to discuss the real nature of threat under current socially-enforced restrictions. Thus, complexities are often ignored and linkages are not exposed to audiences beyond the few who dare to think along broader, more strategic lines. As a result, few are warned and the general public remains largely unaware, allowing for the continuity of complacency while solutions and/or alternatives may indeed exist-including "fixes" for vulnerabilities within our highly fragile power grid.
Representatives of the power industry have reluctantly conceded that the power grid may possibly be vulnerable to attacks (high-altitude nuclear, cyber, etc.) and the effects of severe space weather; yet they fail to grasp the necessity for speed in applying cost-effective fixes. Instead, industry leaders have managed to interject long-term delays based on the excuse that "more study is needed." Reports from congressional staffers indicate that messaging from power industry lobbyists consists mainly of one theme-that if a catastrophic event (solar or attack scenario) were to occur, there would be nothing left to "plug in" to the grid anyway, so why bother to spend the money to protect it, let alone risk a public outcry by creating additional regulations? This kind of thinking is not only wrong, it is defeatist and dangerous.
Nearly all small-scale electrical/electronic equipment can survive severe space weather events. Even under devastating conditions of an electromagnetic pulse (EMP) cause by a high-altitude nuclear explosion, some vital electronics will be protected, either intentionally (e.g. those preplaced in Faraday cages) or unintentionally (e.g. cars in sufficiently protected underground garages). Some items can be fixed with spares. Some equipment won't be affected (such as older, pre-computer ignition automobiles and most diesel-electric locomotives).
Unfortunately, however, the huge transformers that make up the core of the electric grid are unique, costly, and are subject to damage from both EMP events and major solar storms (large-scale CMEs), as well as from the cumulative effects of multiple smaller geomagnetic disturbances that have occurred over time. Many transformers are quite old, have been affected by harmful harmonics with past CMEs, and are operating at the end of their life-cycle; thus they remain highly vulnerable. At this point in time, a large, geographically widespread grid-down scenario lasting longer than 7 days virtually guarantees multiple Chernobyl/Fukushima-like disasters. With nuclear power plants and their associated spent fuel rod pools concentrated mainly in the eastern half of the United States (100 out of 104), many people will become radiation victims if the grid isn't protected. What will be left to "plug in" to the grid? Hopefully something that can be used to cool the spent fuel rods on a very long-term basis.
Bottom line--the more components (electric grid, public service, and personal electronics) that are protected and/or saved, the faster the country can recover, and the more lives will be spared in the aftermath of a catastrophic collapse of the critical electric infrastructure. Considering the possibility of four to ten years without electric power, the loss of over two-thirds of our country's population within the first year, and the probable loss of our sovereignty as a nation, I would think that the people of the United States deserve more than lame excuses (e.g. the citing of a need for "more data") and defeatist attitudes-especially coming from the private organization tasked with protecting the bulk power system-the North American Electric Reliability Corporation (NERC). The data is already overwhelming. Many government-sponsored scientific studies have reported the risks of doing nothing-the time to prepare and protect the grid is now.
So, what is the greater threat to our nation? Is the security of our country being held hostage to an agenda set by corporate executives who are reticent to consider "worst case" events? Or is there something more sinister going on? Regardless of the reasons or motives, once the grid has collapsed, we are all "sitting ducks" for social unrest, starvation, and pre-positioned terror cells known to exist across the nation. At that point, one could be forgiven for wondering what "terrorist" organization compromised our safety-whether the intention was profit, political efficacy, or our ultimate destruction.Equating the threat from recalcitrant electric utility executives to the threat of international terrorism may seem harsh. The EMP threat, after all, is more appropriately associated with North Korea, Russia, China, Iran and terrorist proxies. And the effects of severe space weather can hardly be attributed to terrorism. But the NERC is currently certified as the nation's Electric Reliability Organization (ERO). The need for electric grid defense becomes more critical by the day; and if the NERC has done all they are going to do, near term, to protect the grid, perhaps it's time to consider alternative organizations for industry representation and leadership. Perhaps it's time to call for decertification of the NERC (FSM, 2012).
Financial Sector IT Systems ‘No Longer Fit For Purpose’, Says Report
Date: August 6, 2012
Source: Computer World
Abstract: The financial sector is underpinned by infrastructure and IT systems that are ‘no longer fit for purpose’, according to a new report by IT industry association Intellect.
Entitled ‘Biting the bullet’, the report says that the 2008 banking crisis and failures in the retail banking sector demonstrate the weakness of the overall financial system, which is the result of decades of ad-hoc technology investment combined with merger and acquisition activity that has created silos of information and duplicate processes.
A recent example saw millions of RBS customers not able to gain access to funds in their bank accounts after a botched upgrade that was made to batch processing software CA 7 from CA Technologies, which impacted some accounts for more than a month. The IT failure has cost the bank a minimum of £125 million.
The report says: “Poor quality financial infrastructure makes it impossible for regulatory authorities to build a macro view of the whole financial system that would enable them to identify and mitigate risk.
“Given the widely-recognised and urgent need to strengthen financial regulation, this is a real problem.”
Intellect believes that financial infrastructure is fragmented, which inhibits the ability of banks to draw accurate data from across their operations. This results in regulators not receiving critical information in suitable time frames, and even when it is made available, there isn’t a high level of confidence that it accurately reflects the full exposures and positions of individual firms and the financial system as a whole.
“Fundamentally, global efforts to standardise data across the financial system in order to increase its transparency, will be undermined if the poor state of the financial system’s infrastructure is not addressed and the regulatory authorities are not empowered with the right tools to fulfil their duties,” said Intellect.
The report also argues that this poor infrastructure restricts the ability of banks to share information across their disparate departments and operations, which in turn inhibits their ability to fully understand their customers.
This inadequate infrastructure is the direct result of the banks’ reluctance to invest in areas that do not create an immediate return on investment (ROI). Cash is being spent on products and services that yield a short-term return on investment, such as systems to support algorithmic and high frequency trading, rather than core legacy systems.
The report reads: “Unlike other industries where technological capability is a key competitive differentiator and a foundation for better, more customer-centric service delivery, the financial services industry has often treated large parts of its infrastructure as an afterthought.
“As a result, the infrastructure underpinning the banks has become unfit for purpose over the years. Infrastructure and core systems have been upgraded on a patchwork basis rendering them even more complex – and therefore more prone to failure – as systems changes are perennially bolted on to what is already there, rather than replaced by more modern core systems that are better suited to the provision of modern banking services.”
Intellect recommended that to ensure change is implemented, the Financial Policy Committee needs to understand and set out what capabilities, such as data quality, dashboards and predictive analytics, it will require in the future for it to perform its financial stability role. This will help set minimum infrastructure standards for banks, as they will be required to meet certain regulatory standards.
It also suggested that an ‘industry utility’ should be created through which data from banks would flow to the regulatory authorities. It uses faster payments as an example of where the industry has worked together to create a utility that has delivered benefits to customers, banks and the wider economy.Finally, it called for individual institutions to address their legacy systems and make a commitment to ensure that their infrastructure is fit for purpose and upgraded to minimum standards set by regulatory authorities (Computer World, 2012).
Title: Siemens Software Which Controls Power
Plants Vulnerable To Hackers
Date: August 27, 2012
Abstract: RuggedCom is a Canadian subsidiary of Siemenswhich sells networking equipment for use in harsh environments with extreme and inclement weather; many critical infrastructure operators of power plants, water systems, dams, and more; a security specialist discovered a flaw in the software, a flaw which allows hackers to spy on communication of infrastructure operators and gain credentials to access computer systems which control power plants as well as other critical systems.
Against the backdrop of the acrimonious debate over the cybersecurity bill, and with the White House exploring the possibility of using executive orders to mandate cybersecurity standards which operators of critical infrastructure facilities would have to meet, DHS will now look into claims of flaws in software for specialized networking equipment from Siemens.
Justin Clarke, an expert in securing industrial control systems, two weeks ago disclosed that he had found a flaw in software from Siemens’ RuggedComdivision, a flaw which allows hackers to spy on traffic moving through networking equipment manufactured by.Siemens.
The Chicago Tribune reports that DHS asked RuggedCom on Tuesday to confirm Clarke’s claims that the flaws could enable hackers to attack power plants and other critical systems. RuggedCom is a Canadian subsidiary of Siemens which sells networking equipment for use in harsh environments. The company has said that it was investigating Clarke’s claims but declined to elaborate.
Clarke said hackers who can spy on communication of infrastructure operators could gain credentials to access computer systems which control power plants as well as other critical systems.
“If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” Clarke toldthe Chicago Tribune.
This is the second time that Clarke has found a bug in RuggedCom’s products, which are used by power companies for communication to remote power stations.
RuggedCom released an update to its Rugged Operating System (ROS) software in May after Clarke discovered that it had a “back door” account that could give hackers access to the equipment with a password.
DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), said on Tuesday that it is working with RuggedCom and Clarke to fix the problem and to keep this from happening in the future.
This will not be easy, however; as Clarke said that all ROS software uses a single software “key” to decode traffic that is encrypted as it moves across the network. Clarke told Reuters that it is possible to extract that key from any piece of RuggedCom’s ROS software.
Clarke, who never attended college, did his original research at his apartment, but was hired a few months ago by Cylance, a company specializing in securing infrastructure. The company was founded by Stuart McClure, the former chief technology officer of Intel Corp’s McAfee security division.
Marcus Carey, a security researcher with Boston-based Rapid7, said hackers could exploit the bug discovered by Clarke to disable communications networks as one element of much bigger attack.
“It’s a big deal,” Carey told the Tribune. “Since communications between these devices is critical, you can totally incapacitate an organization that requires the network.”
As of now there are no reported cases of cyber attacks on the U.S. infrastructure.
The Tribune notes
that the report on the RuggedCom vulnerability is among ninety released so far
this year by ICS-CERT about possible risks to critical infrastructure
operators. That is up from about sixty in the same period a year earlier (HSNW, 2012).
Title: Cybergeddon - Universal - HD Gameplay Trailer
Date: September 19, 2012
Source: Cybergeddon Productions, LLC
Title: Islamic Hackers Threaten Bank Of America And NY Stock Exchange
Date: September 19, 2012
Abstract: The Bank of America’s online banking site suffered occasional problems Tuesday after threats on the internet that a cyber-attack would be launched on the bank and other US targets in protest at a film mocking Islam.
A message on pastebin.com claiming to be from ‘cyber fighters of Izz ad-din Al qassam’- a reference to the military wing of Hamas- declared that it would attack the Bank of America and the New York Stock Exchange as a first step in a campaign against “American Zionist Capitalists”.
The posting promised to continue aggressive actions until the “erasing of the nasty movie”, which although YouTube has blocked in volatile regions, remains available in other parts of the world.
The film in question, a privately funded short-movie, mocking the Prophet Mohammad, has ignited days of demonstrations.The uproar has left many dead across the Arab world, including Africa, Asia and some Western countries.
A Bank of America spokesman told Reuters that the website had suffered some problems but was available to customers.
But customers contacted by Reuters in Michigan, Ohio, Georgia and New York said they couldn’t access the site.
The threat to the New York Stock Exchange has seemingly not materialized as trading continued as normal.
Bill Pennington, chief strategy officer at WhiteHat Security, told the weekly magazine InformationWeek that the problems on the Bank of America website do not necessarily mean they’ve been hacked.
“It’s reasonable to suppose it could be a coincidence,” he said, citing the recent GoDaddy outage, which was an internal technical error for which hackers claimed responsibility.
But he did concede that the website’s problems could also be the result of hackers, saying that hacking was “pretty easy”.
He said that only the perpetrators and possibly the victims [the Bank of America] will ever really know what happened.Pennington warned that businesses should expect more attacks, “It’s probably going to get worse before it gets better,” he said (RT, 2012).
Title: Cyberwar Or Not, Are We Ready For Extreme Scenarios? Are We Ready For
Date: September 20, 2012
Abstract: Earlier this week I ran into an article by my friend Raf Los (Wh1t3rabbit) titled “Cyber War - Fact from Fiction in the shadow of the Tallinn Manual” discussing among other things whether attacks such as Stuxnet and Flame can be considered cyberwar or not. The question is important from a legal perspective because in our democracies parliaments have to be involved before a government can declare war.
I responded to Raf by putting a comment on his blog, pointing out that, from a practical perspective, whether this is cyberwar or not is irrelevant. The technology has disrupted Iran’s manufacturing of radio-active material.
Above all, what Stuxnet and Flame demonstrate is an escalation in the technologies used to disrupt operations. And both have been discovered because people have looked out for them. What other, even more advanced, technologies are out there that we do not know of? Who is controlling them and are we absolutely sure they are fully under control?
Although I could not find it online, I remember a short Charlie Chaplin film where he is instructed to fire a canon — a canon that keeps following him shooting in his direction. Let me use this as an analogy. Could any of these sophisticated hacking tools backfire? Remember, in April 2010 15% of the global internet traffic was hijacked by China. How many CIOs are keeping these incidents in the back of their mind when planning their enterprise security?
Indeed, we increasingly rely on cloud computing. In particular, public cloud is seen as the future for many services. The availability of the Internet is taken for granted. But what happens if the Internet grinds to a halt because of massive attacks or hijacking?
Fundamentally we should ask ourselves two questions:
1. Do we have the technologies to stop propagating any threat within our IT systems?
2. Can we continue operate without Internet access, at least for a period of time?
The Internet is a globally distributed network comprised by many voluntarily interconnected autonomous networks says Wikipedia. It operates without a central governing body. In 2005 the Internet Governance Forum (IGF) was established, to open an ongoing, non-binding conversation among multiple stakeholders about the future of Internet governance. In other words the Internet is wide open and could be disrupted massively for political or financial reasons. We should keep that in mind.You will probably react by telling me I’m paranoid. Frankly I’m not, but I find it important we think through extreme scenarios to ensure we keep our key information and processes safe. This is all about scenario planning. So, in your mind, what is the risk such scenario ever takes place? If you feel it’s a possibility, even a remote one, review your operations and assess how resilient they are. In other words, how long do you think your enterprise will be able to continue operate without international internet access for example? Is the time adequate in your mind? What could you do to become more resilient? These are the questions you should ask yourself. They will help you identify the vulnerabilities in your IT operations and address them. Even if the extreme scenario you used to identify them never materializes, it will help you be prepared in case of cloud outage, partial internet unavailability or other dysfunctions. How are you making sure your environment stays safe? (CIO, 2012).
Title: Panetta Talks Cyber Issues With Chinese, But Experts See No Decline In
Date: September 20, 2012
Source: Fox News
Abstract: Despite several years of escalating diplomacy and warnings, the U.S. is making little headway in its efforts to tamp down aggressive Chinese cyberattacks against American companies and the government.
U.S. Defense Secretary Leon Panetta, who is wrapping up three days of meetings with military and civilian leaders, said he has brought the issue up at every session and come away with little more than agreements to talk again.
Meanwhile, cybersecurity analysts say the computer-based attacks emanating from China continue unabated, and in fact are expanding and focusing more intently on critical American oil, gas and other energy companies.
“No diplomatic actions have made a difference,” said Richard Bejtlich, chief security officer for the Virginia-based cybersecurity firm Mandiant. “They remain aggressive — they’re kicked out one day and try to get back in the next day.”
He said the China-backed hackers’ tactics are also evolving, and they are more often going after corporate computer systems by breaching software weaknesses, rather than simply trying to get into a network by duping an individual employee. And he said they appear to be increasingly targeting lucrative energy companies.
Efforts by officials across the U.S. government have not seemed to have any impact, Bejtlich said, adding: “The Chinese don’t seem to care. So I don’t have any hope that the dialogue is reaching anyone of any note.”
Panetta, who is leaving China on Thursday, met with China’s leader-in-waiting, Xi Jinping, Wednesday and afterward told reporters that he urged Xi and other leaders to have an ongoing dialogue with the United States about the cyber threat.
“I think it’s clear that they want to engage in a dialogue on this issue,” Panetta said, “and I guess that’s the most important thing. That’s the beginning of trying to perhaps be able to develop an approach to dealing with cyber issues that has some semblance of order here as opposed to having countries basically all flying in the dark.”
Chinese officials have steadfastly denied the cyberattacks, saying they also are victims of computer hackers and breaches.
But nine months ago senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain. It was the most forceful and detailed airing of U.S. allegations against Beijing after years of private complaints, and it launched a more open push to combat the attacks.
James Lewis, a cybersecurity expert with the Center for Strategic and International Studies, said the U.S. is starting to push the Chinese harder on the issue, but the administration needs to do more.
“The damage from Chinese cyber espionage is easy to overstate but that doesn’t mean we should accept it,” he said. “The Bush administration was unaware of the problem; this administration needs to come up with a more dynamic response.”
Cyber experts and U.S. officials agree that one of the biggest threats is the possibility of a miscalculation when a cyber breach triggers a clash between the two nations and there is no underlying relationship that can be used to discuss or work out the problem.
“How do you make sure something doesn’t go off course and become a flashpoint for a bigger crisis?” Lewis said.
He added that the People’s Liberation Army has been more confrontational lately, and lingering questions remain about the relationship between the Chinese political leaders and the military, and whether the civilian officials can effectively rein in the PLA.
Bejtlich and others describe a hierarchy of hackers in China that includes three main groups: those who are employed directly by the government, those who are affiliated with universities or quasi-government agencies and the so-called patriotic hackers who work on their own but direct their attacks against the U.S. and Western interests.
Bejtlich said some of the state-sponsored hackers appear to moonlight, stealing data from Western companies perhaps as a way of making more money. As long as they don’t present a threat to China or Chinese companies, it is tolerated.
Panetta has warned repeatedly that cyberattacks and cyberwarfare could set off the next war. And U.S. officials and security experts say government and private industry systems are constantly being probed, breached and attacked. A key threat is an attack against critical infrastructure, including the electric grid, power plants or financial networks, that could plunge the U.S. into crisis.
Officials have said that at this point the main threats from China are
intelligence espionage and the theft of corporate and high-tech data, rather
than an all-out act of war. But they warn that hackers in China, many of whom
work for, are backed by or are tolerated by the Chinese government, are capable
of highly sophisticated attacks (Fox News, 2012).
Title: Officials See Iran, Not Outrage Over Film, Behind Cyber Attacks On US
Date: September 20, 2012
Source: NBC News
Abstract: National security officials told NBC News that the continuing cyber attacks this week that slowed the websites of JPMorgan Chase and Bank of America are being carried out by the government of Iran. One of those sources said the claim by hackers that the attacks were prompted by the online video mocking the Prophet Muhammad is just a cover story.
A group of purported hackers in the Middle East has claimed credit for problems at the websites of both banks, citing the online video mocking the founder of Islam. One security source called that statement "a cover" for the Iranian government's operations.
The attack is described by one source, a former U.S. official familiar with the attacks, as being "significant and ongoing" and looking to cause "functional and significant damage." Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks.
The consumer banking website of Bank of America was unavailable to some customers on Tuesday, and JPMorgan Chase on Wednesday had the same problems, which multiple sources linked to a denial-of-service attack, in which a website is bogged down by a large number of requests. A Chase spokesman said Wednesday that the consumer site was intermittently unavailable to some customers, but did not acknowledge then that there was an attack. On Thursday, Chase said slowness continued but was resolved by late afternoon Eastern Time. Bank of America acknowledged on Tuesday that its site had experienced slowness, but would not say what caused it.
Senior U.S. officials acknowledge that Iranian attacks have been the subject of intense interest by U.S. intelligence for several weeks. Last week, the Joint Chiefs of Staff's Intelligence Directorate, known as J-2, confirmed continuing Iranian cyber attacks against U.S. financial institutions in a report described as "highly classified." The report was posted on internal classified U.S. government sites last Friday, September 14.
Because of the level of classification, the officials refused to provide or confirm any specifics on these attacks. However, one official noted that Iran's uranium enrichment program had been the target of the STUXNET worm in 2010. The worm was reportedly developed by the U.S. and Israel. "The Iranians are very familiar with the environment,” quipped the official.
A conservative website, FreeBeacon.com, initially reported on the Pentagon analysis, quoting it as saying, “Iran’s cyber aggression should be viewed as a component, alongside efforts like support for terrorism, to the larger covert war Tehran is waging against the west.” U.S officials did not deny the FreeBeacon report when queried by NBC News.
A financial services industry group, the Financial Services Information Sharing and Analysis Center, warned U.S. banks, brokerages and insurers late Wednesday to be on heightened alert for cyber attacks. FS-ISAC also raised its raised the cyber threat level to "high" from "elevated" in an advisory to members, citing "recent credible intelligence regarding the potential" for cyber attacks as its reason for the move.
The former head of cyber-security for the White House testified Thursday
that “we were waiting for something like this from Iran.” Frank Cilluffo,
who served as Special Assistant to the President for Homeland Security under
President George W. Bush, is currently an associate vice president at George
Washington University and heads the Homeland Security Policy
Institute. Cilluffo testified in a previously scheduled appearance before
the U.S. House of Representatives’ Committee on Homeland Security, saying “the
government of Iran and its terrorist proxies are serious concerns in the cyber
context. What Iran may lack in capability, it makes up for in intent.
They do not need highly sophisticated capabilities—just intent and cash—as
there exists an arms bazaar of cyber weapons, allowing Iran to buy or rent the
tools they need or seek.”
The statement by the purported Muslim hackers, posted on Tuesday on Pastebin, an online bulletin board, reads in full: "In the name of Allah the companionate the merciful. My soul is devoted to you Dear Prophet of Allah. Dear Muslim youths, Muslims Nations and are noblemen. When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam. All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have. All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult. We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type. Down with modern infidels. Allah is the Greatest. Allah is the Greatest."
There was no report of an attack on the New York Stock Exchange.
Also on Thursday, the U.S. disclosed that it has bought $70,000 worth of air time on seven Pakistani television channels to air an ad which shows President Barack Obama and Secretary of State Hillary Clinton denouncing the anti-Islamic video. In the ad, President Obama says, "Since our founding the United States has been a nation that respects all faiths. We reject all efforts to denigrate religious beliefs of others." Clinton appears after Obama and says, "Let me state very clearly that the United States has absolutely nothing to do with this video. We absolutely reject its contents. America's commitment to religious tolerance goes back to the very beginning of our nation."Pakistan was added Wednesday to the State Department's list of countries to which Americans should avoid travel, joining Lebanon and Tunisia, following protests across the Middle East and North Africa and the attack on the U.S. consulate in Benghazi, Libya, in which American Ambassador Chris Stevens was killed (NBC News, 2012).
Title: Islamist Group Warns Of New Cyber Attacks On US Banks
Date: September 25, 2012
Source: France 24
Abstract: An Islamist group on Tuesday said it will carry out new cyber attacks on US banking targets, according to SITE Intelligence Group, following similar attacks last week in response to an anti-Islam film.
In a statement a group of hackers calling themselves the "Cyber Fighters of Izz al-Din al-Qassam" said they planned to attack the website of Wells Fargo bank on Tuesday, that of US Bank on Wednesday and the PNC Bank on Thursday, SITE said.
Last week the websites of US banks Chase (a JPMorgan Chase affiliate) and Bank of America suffered a suspected cyber attack following threats against them by the same group.
"Operation Ababil began with Bank of America. The second stage was the attack on the biggest bank of the United States, Chase. This series of attacks will continue until this heinous film disappears from the internet," said a message signed by the group and posted to the Pastebin.com website.
In the latest statement the group claimed the attacks were in retaliation for the release of the controversial movie "Innocence of Muslims," which has led to massive protests across the Muslim world.
The statement warned that "the operation might eventually target Israeli, French, and British financial institutions" as well, according to SITE (France 24, 2012).
Title: Iran Swipe At Web Brings Angry Reply
Date: September 30, 2012
Source: Yahoo News
Abstract: Iran's cyber monitors often tout their fight against the West's "soft war" of influence through the Web, but trying to block Google's popular Gmail appeared to be a swipe too far.
Complaints piled up — even from email-starved parliament members — and forced authorities Sunday to double down on their promises to create a parallel Web universe with Tehran as its center.
The strong backlash and the unspecific pledges for an Iran-centric Internet alternative to the Silicon Valley powers and others highlight the two sides of the Islamic Republic's ongoing battles with the Web. It's spurred another technological mobilization that fits neatly into Iran's self-crafted image as the Muslim world's showcase for science, including sending satellites into orbit, claiming advances in cloning and stem cell research and facing down the West over its nuclear program.
But there also are the hard realities of trying to reinvent the Web. Iran's highly educated and widely tech-savvy population is unlikely to warm quickly to potential clunky homegrown browsers or email services. And then there's the potential political and economic fallout of trying to close the tap on familiar sites such as Gmail.
"Some problems have emerged through the blocking of Gmail," Hussein Garrousi, a member of a parliamentary committee on industry, was quoted Sunday by the independent Aftab-e Yazd daily. What he apparently meant was that many lawmakers were angry and missing their emails.
He said that parliament would summon the minister of telecommunications for questioning if the ministry did not lift the Gmail ban, which was imposed last week in respond to clips on Google-owned YouTube of a film mocking the Prophet Muhammad that set off deadly protests across the Islamic world.
Even many newspapers close to the government complained over the email disruptions. On Saturday, the Asr-e Ertebat weekly reported that Iranians had paid a total of $4.5 million to purchase proxy services to reach blocked sites, including Facebook and YouTube, over the past month.
Iranian authorities — perhaps recognizing the risks at hand — decided against taking a symbolic twin shot at Google and cut access to the Web browser in a country with 32 million Internet users among a population of 75 million, according to official statistics.
That would rank online Iran among the world's top 20 in terms of sheer numbers of users, and equivalent to some European countries in per capita Web use at more than 40 percent, according to the private monitoring group Internet World Stats. The World Bank, however, puts Iran's Internet link rate at just 21 percent last year.
The U.S. is among the world's highest at more than 75 percent.
Iran's deputy telecoms minister, Ali Hakim Javadi, told reporters that Iranian authorities were considering lifting the Gmail ban. But he also used the opportunity to again promise development of Iran's domestic alternatives: the Fakhr ("Pride") search engine and the Fajr ("Dawn") email, Aftab-e Yazd reported.
When reporters noted the quality of Gmail services, Javadi quipped: "If there is Mercedes Benz on the street, that doesn't mean everyone drives a Mercedes."
Iran's clerical establishment has long signaled its intent to get citizens off of the international Internet — which they say promotes Western values — and onto a "national" and "clean" domestic network. Earlier this year, Iran's police chief, Esmail Ahmadi Moghadam, called Google an "instrument of espionage" rather than a search engine.
But it is unclear whether Iran has the technical capacity to follow through on its ambitious plans, or is willing to risk the economic damage and the social shock waves.
The Internet has steadily become part of Iran's fabric since the first Farsi-language sites developed a decade ago by Canadian-Iranian blogger Hossein Derakshan, who is considered one of the founders of Iran's social media community. Derakshan, however, was detained in 2008 and sentenced to nearly 20 years in prison two years later as the battles heated up between liberals seeking open access to the Web and authorities trying to erect their own version of China's "Great Firewall," the name given to Beijing's extensive filtering and censorship of the Internet.
Sites such as Twitter and Facebook were pillars of the street revolts after the disputed 2009 re-election of President Mahmoud Ahmadinejad. The powerful Revolutionary Guard responded by recruiting and training its own cyber force to patrol the Web and, later, try to defend against virus attacks on nuclear and other sites that Iran has blamed on the West and its allies.
Some Web security experts also have raised the possibility of Iranian hackers being behind some recent high-profile computer attacks, such as disruptions at Saudi Arabia's state oil giant Saudi Aramco and Qatari natural gas producer RasGas earlier this month. Iran has denied any links.
In a video message for Iranian new year in March, President Barack Obama denounced what he called the "electronic curtain" that keeps ordinary Iranians from reaching out to Americans and the West.
A few weeks later, Supreme Leader Ayatollah Ali Khamenei ordered the creation of an Internet oversight agency that included top military, security and political figures in the country's boldest attempt yet to control the Internet. The panel is headed by Ahmadinejad and includes powerful figures in the security establishment such as the intelligence chief and the commander of the Revolutionary Guard.
It's not Iran's first attempt to hold off what hardliners call a Western
"cultural invasion." The so-called Barbie wars have gone on for more
than a decade with periodic raids to confiscate the iconic American dolls from
toy stores. Iran also introduced its own dolls — twins Dara and Sara — designed
to promote traditional values with modest clothing and pro-family values, but
it hasn't significantly dented the demand for Barbie dolls (Yahoo News, 2012).
Title: US Panel Warns Against Doing Business With China Tech Giants Due To
Date: October 8, 2012
Source: Fox News
Abstract: American companies should avoid doing business with China's two leading technology firms because they pose a national security threat to the United States, the House Intelligence Committee is warning in a report to be issued Monday.
The panel says U.S. regulators should block mergers and acquisitions in this country by Huawei Technologies Ltd. and ZTE Corp, among the world's leading suppliers of telecommunications gear and mobile phones.
Reflecting U.S. concern over cyber-attacks traced to China, the report also recommends that U.S. government computer systems not include any components from the two firms because that could pose an espionage risk.
"China has the means, opportunity, and motive to use telecommunications companies for malicious purposes," the report says.
The recommendations are the result of a yearlong probe, including a congressional hearing last month in which senior Chinese executives of both companies testified, and denied posing a security threat.
A U.S. executive of one of the companies said the firm cooperated with investigators, and defended its business record. Huawei is a "globally trusted and respected company," said William Plummer, vice president for external affairs.
On Monday, ahead of the report's release, a Chinese foreign ministry spokesman said investment by China's telecommunications companies in the United States showed the countries have mutually beneficial relations.
"We hope the U.S. will do more to benefit the interests of the two countries, not the opposite," said spokesman Hong Lei at a regular briefing.
The bipartisan report is likely to become fodder for a presidential campaign in which the candidates have been competing in their readiness to clamp down on Chinese trade violations. Republican Mitt Romney, in particular, has made it a key point to get tougher on China by designating it a currency manipulator and fighting abuses such as intellectual property theft.
The committee made the draft available to reporters in advance of public release Monday, but only under the condition that they not publish stories until the broadcast Sunday of a CBS' "60 Minutes" report on Huawei. In the CBS report, the committee's chairman, Rep. Mike Rogers, R-Mich., urges American companies not to do business with Huawei.
The panel's recommendations will likely hamper Huawei and ZTE's ambitions to expand their business in America. Their products are used in scores of countries, including in the West. Both deny being influenced by China's communist government.
"The investigation concludes that the risks associated with Huawei's and ZTE's provision of equipment to U.S. critical infrastructure could undermine core U.S. national-security interests," the report says.
The report says the committee received information from industry experts and current and former Huawei employees suggesting that Huawei, in particular, may be violating U.S. laws. It says that the committee will refer the allegations to the U.S. government for further review and possible investigation. The report mentions allegations of immigration violations, bribery and corruption, and of a "pattern and practice" of Huawei using pirated software in its U.S. facilities.
Huawei is a private company founded by a former Chinese military engineer, and has grown rapidly to become the world's second largest supplier of telecommunications network gear, operating in more than 140 countries. ZTE Corp is the world's fourth largest mobile phone manufacturer, with 90,000 employees worldwide. While their business in selling mobile devices has grown in the U.S., espionage fears have limited the companies from moving into network infrastructure.
The report says the companies failed to provide responsive answers about their relationships and support by the Chinese government, and detailed information about their operations in the U.S. It says Huawei, in particular, failed to provide thorough information, including on its corporate structure, history, financial arrangements and management.
"The committee finds that the companies failed to provide evidence that would satisfy any fair and full investigation. Although this alone does not prove wrongdoing, it factors into the committee's conclusions," it says.
In Washington, Huawei executive Plummer said Friday the company cooperated in good faith with the investigation, which he said had not been objective and amounted to a "political distraction" from cyber-security problems facing the entire industry.
All major telecommunications firms, including those in the West, develop and manufacture equipment in China and overlapping supply chains require industry-wide solutions, he added. Singling out China-based firms wouldn't help.
Plummer complained that the volume of information sought by the committee was unreasonable, and it had demanded some proprietary business information that "no responsible company" would provide.
In justifying its scrutiny of the Chinese companies, the committee contended that Chinese intelligence services, as well as private companies and other entities, often recruit those with direct access to corporate networks to steal trade secrets and other sensitive proprietary data.
It warned that malicious hardware or software implants in Chinese-manufactured telecommunications components and systems headed for U.S. customers could allow Beijing to shut down or degrade critical national security systems in a time of crisis or war.
The committee concluded that Huawei likely has substantially benefited from the support of the Chinese government.
Huawei denies being financed to undertake research and development for the Chinese military, but the committee says it has received internal Huawei documentation from former employees showing the company provides special network services to an entity alleged to be an elite cyber-warfare unit within the People's Liberation Army.
The intelligence committee recommended that the government's Committee on Foreign Investment in the United States, or CFIUS, bar mergers and acquisitions by both Huawei and ZTE. A multi-agency regulatory panel chaired by Treasury Secretary Timothy Geithner, CFIUS screens foreign investment proposals for potential national security threats.
Last year, Huawei had to unwind its purchase of a U.S. computer company, 3Leaf Systems, after it failed to win CFIUS approval. However, Huawei employs 1,700 people in the U.S., and business is expanding. U.S. revenues rose to $1.3 billion in 2011, up from $765 million in 2010.
ZTE has also enjoyed growth in its sale of mobile devices, although in recent months it has faced allegations about banned sales of U.S.-sanctioned computer equipment to Iran. The FBI is probing reports that the company obstructed a U.S. Commerce Department investigation into the sales.The intelligence panel says ZTE refused to provide any documents on its activities in Iran, but did provide a list of 19 individuals who serve on the Chinese Communist Party committee within the company. ZTE's citing of China's state secrecy laws for limiting information it could release only added to concern over Chinese government influence over its operations, the report says (Fox News, 2012).
Rep. Norm Dicks Warns Of 'Cyber 9/11'
Date: October 11, 2012
Source: Seattle Times
Abstract: As he retires from Congress, Norm Dicks is warning that America is vulnerable to a cyberattack that could shut down power grids, freeze money supplies, cripple transportation systems and imperil nuclear plants.
Dicks says the nation needs more protections against a rogue attack on computer systems that could amount to a "cyber 9/11" or "electronic Pearl Harbor."
The Kitsap Sun reports ( http://is.gd/XzhRRF) Dicks delivered his warning Wednesday night in a speech to technology leaders in Bremerton.
Dicks blamed his colleagues in Congress for concerns about privacy trumping the threat of cyberwar. He says he hopes Congress acts before it's too late.Dicks is a member of the House Permanent Select Committee on Intelligence and ranking member of the Defense Subcommittee of the House Committee on Appropriations (Seattle Times, 2012).
Cyber Threat Is Pre 9/11 Moment
Date: October 12, 2012
Abstract: The United States must beef up its cyber defenses or suffer as it did on September 11, 2001 for failing to see the warning signs ahead of that devastating terrorist attack, the Secretary of Defense told a group of business leaders in New York Thursday night.
Calling it a “pre-9/11 moment,” Leon Panetta said he is particularly worried about a significant escalation of attacks.
In a speech aboard a decommissioned aircraft carrier, Panetta reminded the Business Executives for National Security about recent distributed denial of service attacks that hit a number of large U.S. financial institutions with unprecedented speed, disrupting services to customers.
And he pointed to a cyber virus known as Shamoon which infected the computers of major energy firms in Saudi Arabia and Qatar this past summer. More than 30-thousand computers were rendered useless by the attack on the Saudi state oil company ARAMCO. A similar incident occurred with Ras Gas of Qatar. Panetta said the attacks were probably the most devastating to ever hit the private sector.
The secretary did not say who is believed responsible for those attacks, but senior defense officials who briefed reporters on the speech, said the United States knows, however they would not divulge the suspect.
And he warned America's critical infrastructure - its electrical power grid, water plants and transportation systems - are threatened by foreign actors.
"We know of specific instances where intruders have successfully gained access to these control systems," Panetta said. "We also know they are seeking to create advanced tools to attack those systems and cause panic, destruction and even loss of life."
For its part, Panetta said the Defense Department is "aggressively ... putting in place measures to stop cyber attacks dead in their tracks." The steps he outlined included both defensive and offensive responses.
He cited efforts to stop malicious code before it infects systems and investments in forensics to help track down who is responsible.
But defense isn't the only answer. "If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the president," Panetta said.
Panetta also said the Defense Department is in the process of finalizing rules of engagement in cyberspace. In a telephone briefing with reports, a senior defense official would not provide any details about the proposed rules but did stress they involve what the response would be to a cyber attack on the United States "that would rise under international law to the level of armed attack."
Panetta's comments never used the word "offensive" and the senior defense officials who briefed reports about the speech under the condition of anonymity, were also reluctant to use the word. One official said it was important "to keep the maximum number of options on the table." Another official stressed the United States was prepared to take action if threatened, but added the Pentagon had previously acknowledged it has offensive cyber capabilities.
Cyber security is ultimately a team effort, and Panetta said the Defense Department was working closely with the State Department, the Department of Homeland Security, the FBI and others to protect the nation. He called on Congress to pass comprehensive cyber-security legislation now.
Over the summer, the Senate came up short when opponents of the Lieberman-Collins cyber bill blocked it from coming up for a final vote. A group of mostly Republican senators and the Chamber of Commerce opposed the bill because they believed it required too much of the private sector.
Panetta urged the business leaders to work with government to support stronger cyber defenses."We must share information between the government and the private sector about threats to cyberspace," Panetta said, adding everything would be done to protect civil liberties and privacy (CNN, 2012).
Defense Secretary Warns Of 'Cyber-Pearl Harbor'
Date: October 12, 2012
Abstract: The threats of train derailment, contaminated water supplies, a crippled power grid and other infrastructure nightmares in the United States loom on the horizon, Defense Secretary Leon Panetta said yesterday (Oct. 11).
In what he described as a "cyber-Pearl Harbor," Panetta said the recent attacks against the websites of major U.S. banks were further evidence that the nation is becoming increasingly vulnerable to crippling attacks delivered digitally.
"Imagine the impact an attack like this would have on your company," he said. "While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented."
Panetta's speech at the Intrepid Sea, Air and Space Museum in New York comes after Democratic senators failed to muster the 60 votes required to defeat a proposed Republican filibuster against the Cybersecurity Act of 2012.
Under that legislation, operators of private-sector infrastructure deemed critical would have to adopt a set of standards established, in part, by the government.
The proposed order could affect energy , water, transportation operations or any other systems that, if compromised, could result in catastrophic death or damage.
Panetta reprimanded Congress for failing to pass the legislation, which was sponsored by Sen. Joe Lieberman, I-Conn., and strongly backed by the White House.
"If we detect an imminent threat of attack that will cause significant physical destruction in the United States, or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president," Panetta said. "The fact is, that to fully provide the necessary protection in our democracy, cybersecurity [legislation] must be passed by the Congress."
In spite of his dire warning, Panetta said the U.S. had made "significant advances" in detecting the origins of cyberattacks.
"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.
Panetta blamed Iran for the Shamoon attack on the Saudi computers. Lieberman has blamed Iran for the attacks on American banking websites.Both accusations may be premature. There is more evidence that the U.S. and Israel have attacked Iran with cyberweapons at least twice in the past five years, first with the Flame spyware and then with the Stuxnet worm that sabotaged an Iranian uranium-processing facility (TechNewsDaily, 2012).
Cyber War: New Flame-Linked Malware Detected
Date: October 16, 2012
Abstract: A new cyber espionage program linked to the notorious Flame and Gauss malware has been detected by Russia's Kaspersky Lab. The anti-virus giant’s chief warns that global cyber warfare is in “full swing” and will probably escalate in 2013.
The virus, dubbed miniFlame, and also known as SPE, has already infected computers in Iran, Lebanon, France, the United States and Lithuania. It was discovered in July 2012 and is described as “a small and highly flexible malicious program designed to steal data and control infected systems during targeted cyber espionage operations,” Kaspersky Lab said in a statement posted on its website.
The malware was originally identified as an appendage of Flame – the program used for targeted cyber espionage in the Middle East and acknowledged to be part of joint US-Israeli efforts to undermine Iran’s nuclear program.
But later, Kaspersky Lab analysts discovered that miniFlame is an “interoperable tool that could be used as an independent malicious program, or concurrently as a plug-in for both the Flame and Gauss malware.”
The analysis also showed new evidence of cooperation between the creators of Flame and Gauss, as both viruses can use miniFlame for their operations.
“MiniFlame’s ability to be used as a plug-in by either Flame or Gauss clearly connects the collaboration between the development teams of both Flame and Gauss. Since the connection between Flame and Stuxnet/Duqu has already been revealed, it can be concluded that all these advanced threats come from the same 'cyber warfare' factory,” Kaspersky Lab said.
High-Precision Attack Tool
So far just 50 to 60 cases of infection have been detected worldwide, according to Kaspersky Lab. But unlike Flame and Gauss, miniFlame in meant for installation on machines already infected by those viruses.
“MiniFlame is a high-precision attack tool. Most likely it is a targeted cyber weapon used in what can be defined as the second wave of a cyber attack,” Kaspersky's Chief Security Expert Alexander Gostev explained.
“First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information. After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage.”
The newly-discovered malware can also take screenshots of an infected computer while it is running a specific program or application in such as a web browser, Microsoft Office program, Adobe Reader, instant messenger service or FTP client.
Kaspersky Lab believes miniFlame's developers have probably created dozens of different modifications of the program. "At this time, we have only found six of these, dated 2010-2011," the firm said.
‘Cyber Warfare in Full Swing’
Meanwhile, Kaspersky Lab’s co-founder and CEO Eugene Kaspersky warned that global cyber warfare tactics are becoming more sophisticated while also becoming more threatening. He urged governments to work together to fight cyber warfare and cyber-terrorism, Xinhua news agency reports.
Speaking at an International Telecommunication Union Telecom World conference in Dubai, the anti-virus tycoon said, "cyber warfare is in full swing and we expect it to escalate in 2013."
"The latest malicious virus attack on the world's largest oil and gas company, Saudi Aramco, last August shows how dependent we are today on the Internet and information technology in general, and how vulnerable we are," Kaspersky said.
He stopped short of blaming any particular player behind the massive cyber attacks across the Middle East, pointing out that "our job is not to identity hackers or cyber-terrorists. Our firm is like an X-ray machine, meaning we can scan and identify a problem, but we cannot say who or what is behind it."Iran, who confirmed that it suffered an attack by Flame malware that caused severe data loss, blames the United States and Israel for unleashing the cyber attacks (RT, 2012).
Computer Viruses Are "Rampant" On Medical Devices In Hospitals
Date: October 17, 2012
Source: MIT News
Abstract: Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.
While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion.
Software-controlled medical equipment has become increasingly interconnected in recent years, and many systems run on variants of Windows, a common target for hackers elsewhere. The devices are usually connected to an internal network that is itself connected to the Internet, and they are also vulnerable to infections from laptops or other device brought into hospitals. The problem is exacerbated by the fact that manufacturers often will not allow their equipment to be modified, even to add security features.
In a typical example, at Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews, Fu says.
As a result, these computers are frequently infected with malware, and one or two have to be taken offline each week for cleaning, says Mark Olson, chief information security officer at Beth Israel.
"I find this mind-boggling," Fu says. "Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches."
The worries over possible consequences for patients were described last Thursday at a meeting of a medical-device panel at the National Institute of Standards and Technology Information Security & Privacy Advisory Board, of which Fu is a member, in Washington, D.C. At the meeting, Olson described how malware at one point slowed down fetal monitors used on women with high-risk pregnancies being treated in intensive-care wards.
"It's not unusual for those devices, for reasons we don't fully understand, to become compromised to the point where they can't record and track the data," Olson said during the meeting, referring to high-risk pregnancy monitors. "Fortunately, we have a fallback model because they are high-risk [patients]. They are in an IC unit—there's someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction."
The computer systems at fault in the monitors were replaced several months ago by the manufacturer, Philips; the new systems, based on Windows XP, have better protections and the problem has been solved, Olson said in a subsequent interview.
At the meeting, Olson also said similar problems threatened a wide variety of devices, ranging from compounders, which prepare intravenous drugs and intravenous nutrition, to picture-archiving systems associated with diagnostic equipment, including massive $500,000 magnetic resonance imaging devices.
Olson told the panel that infections have stricken many kinds of equipment, raising fears that someday a patient could be harmed. "We also worry about situations where blood gas analyzers, compounders, radiology equipment, nuclear-medical delivery systems, could become compromised to where they can't be used, or they become compromised to the point where their values are adjusted without the software knowing," he said. He explained that when a machine becomes clogged with malware, it could in theory "miss a couple of readings off of a sensor [and] erroneously report a value, which now can cause harm."
Often the malware is associated with botnets, Olson said, and once it lodges inside a computer, it attempts to contact command-and-control servers for instructions. Botnets, or collections of compromised computers, commonly send spam but can also wage attacks on other computer systems or do other tasks assigned by the organizations that control them (see "Moore's Outlaws").
In September, the Government Accountability Office issued a report warning that computerized medical devices could be vulnerable to hacking, posing a safety threat, and asked the FDA to address the issue. The GAO report focused mostly on the threat to two kinds of wireless implanted devices: implanted defibrillators and insulin pumps. The vulnerability of these devices has received widespread press attention (see "Personal Security" and "Keeping Pacemakers Safe from Hackers"), but no actual attacks on them have been reported.
Fu, who is a leader in researching the risks described in the GAO report, said those two classes of device are "a drop in the bucket": thousands of other network-connected devices used for patient care are also vulnerable to infection. "These are life-saving devices. Patients are overwhelmingly safer with them than without them. But cracks are showing," he said. (Fu was Technology Review's Innovator of the Year in 2009.)
Malware problems on hospital devices are rarely reported to state or federal regulators, both Olson and Fu said. This is partly because hospitals believe they have little recourse. Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don't offer updates, Fu says. And such reporting is not required unless a patient is harmed. "Maybe that's a failing on our part, that we aren't trying to raise the visibility of the threat," Olson said. "But I think we all feel the threat gets higher and higher."
Speaking at the meeting, Brian Fitzgerald, an FDA deputy director, said that in visiting hospitals around the nation, he has found Beth Israel's problems to be widely shared. "This is a very common profile," he said. The FDA is now reviewing its regulatory stance on software, Fitzgerald told the panel. "This will have to be a gradual process, because it involves changing the culture, changing the technology, bringing in new staff, and making a systematic approach to this," he said.
In an interview Monday, Tam Woodrum, a software executive at the device maker GE Healthcare, said manufacturers are in a tough spot, and the problems are amplified as hospitals expect more and more interconnectedness. He added that despite the FDA's 2009 guidance, regulations make system changes difficult to accomplish: "In order to go back and update the OS, with updated software to run on the next version, it's an onerous regulatory process."
Olson said that in his experience, GE Healthcare does offer software patches and guidance on keeping devices secure, but that not all manufacturers have the same posture. He added that the least-protected devices have been placed behind firewalls. But to do that with all a hospital's software-controlled equipment would require more than 200 firewalls—an unworkable prospect, he said.
John Halamka, Beth Israel's CIO and a Harvard Medical School professor, said he began asking manufacturers for help in isolating their devices from the networks after trouble arose in 2009: the Conficker worm caused problems with a Philips obstetrical care workstation, a GE radiology workstation, and nuclear medical applications that "could not be patched due to [regulatory] restrictions." He said, "No one was harmed, but we had to shut down the systems, clean them, and then isolate them from the Internet/local network."
He added: "Many CTOs are not aware of how to protect their own products with restrictive firewalls. All said they are working to improve security but have not yet produced the necessary enhancements."Fu says that medical devices need to stop using insecure, unsupported operating systems. "More hospitals and manufacturers need to speak up about the importance of medical-device security," he said after the meeting. "Executives at a few leading manufacturers are beginning to commit engineering resources to get security right, but there are thousands of software-based medical devices out there" (MIT News, 2012).
Iran Expanding Arms Race To Cyberspace, Say Experts
Date: October 19, 2012
Source: Fox News
Abstract: Iran’s rogue regime has significantly advanced its cyber military capabilities over the last couple of years, now flaunting it as a “source of national pride,” according to a cyber security expert.
Experts fear Iran, already pursuing nuclear weapons as its leaders amp up their rhetoric against Israel, could mount a digital attack against the West or Israel in retaliation for crippling economic sanctions. Austin Heap, executive director of the Censorship Research Center, said the cyber buildup has gone on even as the world focused on Tehran’s drive to acquire nukes.
"I think these attacks were designed to prove a point and get attention.”
- Austin Heap, cyber security expert
“Since (the Green Movement of) 2009, they made technology their priority,” said Heap, who also works on developing technologies for increasing Internet freedom.
Shortly after the 2009 elections, in which democracy-minded Iranians mounted a doomed effort to topple their government at the ballot box, Heap, a 28-year-old programmer living in Northern California, instructed Iranians on how to run proxy servers to access government-blocked Internet sites during the so-called “Twitter Revolution.”
The uprising was ultimately – and brutally – crushed. But it demonstrated the Iranian people’s ability to use the Internet and social media sites to organize and voice disenchantment against the regime.
“The government realized how behind their technology was, and since then, they have invested heavily in both their domestic network censorship and surveillance to boosting their offensive cyber capabilities to launch against their enemies,” Heap said.
Only recently, the Iranian regime denied involvement in a round of cyber attacks in which a virus infected servers and erased files in 30,000 computers at Saudi oil company Aramco. Oil pumped by Aramco has helped the West compensate for a drop in Iranian oil exports caused by Western-imposed sanctions.
A similar virus shut down banking sites across the U.S., preventing online activity, exposing vulnerabilities here. Defense Secretary Leon Panetta warned that the U.S. was at risk of a “cyber-Pearl Harbor,” at a speech discussing the cyber sabotage.
"Before September 11, 2001, the warning signs were there,” Panetta said. “We weren't organized. We weren't ready. And we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment."
While not directly accusing the Iranian regime, he called the banking attack “the most destructive attack that the private sector has seen to date,” citing that Iran has “undertaken a concerted effort to use cyberspace to its advantage,” according to the AP.
Iran was on the other end of a mysterious and powerful cyber attack in 2010, when the computer worm known as Stuxnet infiltrated Iranian servers and destroyed nearly 20 percent of Iran’s nuclear centrifuges. Stuxnet is widely believed to have been designed by Israel and the U.S. With the Aramco and U.S. banking attacks, Iran is fighting back in kind, said Heap.
“It seems like Iran is just trying to show that they can play with the big boys,” Heap said. “A smart hacker doesn’t want to get caught. The longer you can remain undetected, the longer you can focus on your adversary. I think these attacks were designed to prove a point and get attention.”
Iran has denied the allegations.
"One of the main aims of the United States is to make itself look like the victim," Mehdi Akhavan Beh-Abadi, director of Iran’s National Center of Cyberspace, said this week, dismissing U.S. accusations that the Iranian regime was behind the attacks.
Suppressing the free flow of ideas and censoring popular sentiment are nothing new for the Islamic Republic, which has engaged in a “soft war” against Western ideas, influence and infiltration since the 2009 uprisings.
To beef up its cyber capabilities both at home and abroad, Iran has been investing in its Cyber Police Unit, organized by the country’s Islamic Revolutionary Guard Corps between 2009 and 2011 mainly to shadow Iranian social media activity inside the country.
A task force of 250,000 cyber police currently monitors the Internet, specific sites, blogs and individuals suspected of using circumvention tools. Roughly $76 million of the total $11.5 billion allocated to the Islamic Revolution Guard Corps has been spent on cyber warfare, a battle “against old enemies using new strategies,” the government once said about combating cyber dissidents in a hard-line newspaper.
The government announced plans last year to disconnect Iran from the rest of the world and run a parallel “Islamically permissible” or “halal” internal network that would automatically censor material and block popular global sites and search engines, such as Facebook, Google and Wikipedia.
“The government has been able to cut us off from the most common sites such as Facebook. I’m sure they’d use their cyber capabilities to weaken its opponents,” a blogger wrote this week, in response to Western accusations against the Iranian regime for recent attacks.
Another blogger wrote, “If the Iranian regime feels that its existence is threatened and or if a foreign military attack is launched, Iran will use its cyber capabilities to preemptively strike against these nations.”
“This will be the harbinger of war!” she wrote.
Heap said the distinction between cyber war and conventional fighting is rapidly blurring.“We are getting closer and closer to the line where web attacks will lead to bullets, and no one knows where the end zone is. It’s a game that’s being figured out in real time,” Heap said. “This is the arms race of our lifetime. The missiles are now on the Internet. There’s nothing anyone can do to contain the Internet war” (Fox News, 2012).
Draft White House Order Seeks To Stop Cyberattacks By Sharing Threat Details
Date: October 20, 2012
Source: Fox News
Abstract: A new White House executive order would direct U.S. spy agencies to share the latest intelligence about cyberthreats with companies operating electric grids, water plants, railroads and other vital industries to help protect them from electronic attacks, according to a copy obtained by The Associated Press.
The seven-page draft order, which is being finalized, takes shape as the Obama administration expresses growing concern that Iran could be the first country to use cyberterrorism against the United States. The military is ready to retaliate if the U.S. is hit by cyberweapons, Defense Secretary Leon Panetta said. But the U.S. also is poorly prepared to prevent such an attack, which could damage or knock out critical services that are part of everyday life.
The White House declined to say when the president will sign the order.
The draft order would put the Department of Homeland Security in charge of organizing an information-sharing network that rapidly distributes sanitized summaries of top-secret intelligence reports about known cyberthreats that identify a specific target. With these warnings, known as tear lines, the owners and operators of essential U.S. businesses would be better able to block potential attackers from gaining access to their computer systems.
An organized, broad-based approach for sharing cyberthreat information gathered by the government is widely viewed as essential for any plan to protect U.S. computer networks from foreign nations, terrorist groups and hackers. Existing efforts to exchange information are narrowly focused on specific industries, such as the finance sector, and have had varying degrees of success.
Yet the order has generated stiff opposition from Republicans on Capitol Hill who view it as a unilateral move that bypasses the legislative authority held by Congress.
Administration officials said the order became necessary after Congress failed this summer to pass cybersecurity legislation, leaving critical infrastructure companies vulnerable to a serious and growing threat. Conflicting bills passed separately by the House and Senate included information-sharing provisions. But efforts to get a final measure through both chambers collapsed over the GOP's concerns that the Senate bill would expand the federal government's regulatory power and increase costs for businesses.
The White House has acknowledged that an order from the president, while legally binding, is not enough. Legislation is needed to make other changes to improve the country's digital defenses. An executive order, for example, cannot offer a company protection from liabilities that might result from a cyberattack on its systems.
The addition of the information-sharing provisions is the most significant change to an earlier draft of the order completed in late August. The new draft, which is not dated, retains a section that requires Homeland Security to identify the vital systems that, if hit by cyberattack, could "reasonably result in a debilitating impact" on national and economic security. Other sections establish a program to encourage companies to adopt voluntary security standards and direct federal agencies to determine whether existing cyber security regulations are adequate.
The draft order directs the department to work with the Pentagon, the National Security Agency, the director of national intelligence and the Justice Department to quickly establish the information-sharing mechanism. Selected employees at critical infrastructure companies would receive security clearances allowing them to receive the information, according to the document. Federal agencies would be required to assess whether the order raises any privacy or civil liberties risks.
To foster a two-way exchange of information, the government would ask businesses to tell the government about cyberthreats or cyberattacks. There would be no requirement to do so.
The NSA has been sharing cyberthreat information on a limited basis with companies that conduct business with the Defense Department. These companies work with sensitive data about weapon systems and technologies and are frequently the targets of cyberspying.
But the loss of valuable information has been eclipsed by fears that an enemy with the proper know-how could cause havoc by sending the computers controlling critical infrastructure systems incorrect commands or infecting them with malicious software. Potential nightmare scenarios include high-speed trains being put on collision courses, blackouts that last days or perhaps even weeks or chemical plants that inadvertently release deadly gases.
Panetta underscored the looming dangers during a speech last week in New York by pointing to the Shamoon virus that destroyed thousands of computer systems owned by Persian Gulf oil and gas companies. Shamoon, which spreads quickly through networked computers and ultimately wipes out files by overwriting them, hit the Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas.
Panetta did not directly connect Iran to the Aramco and RasGas attacks. But U.S. officials believe hackers based in Iran were behind them.
Shamoon replaced files at Aramco with the image of a burning U.S. flag and rendered more than 30,000 computers useless, Panetta said. The attack on RasGas was similar, he said.A spokeswoman for the National Security Council, Caitlin Hayden, said the administration is consulting with members of Congress and the private sector as the order is being drafted. But she provided no information on when an order would be signed. "Given the gravity of the threats we face in cyberspace, we want to get this right in addition to getting it done swiftly," she said (Fox News, 2012).
DHS, Cybersecurity Education Begins In Kindergarten
Date: October 26, 2012
Source: CNS News
Abstract: In a blog on the Department of Homeland Security website, Secretary Janet Napolitano said her department is working to develop the next generation of leaders in cybersecurity beginning in kindergarten.
In a blog titled, “Inspiring the Next Generation of Cyber Professionals,” Napolitano said, “In addition, we are extending the scope of cyber education beyond the federal workplace through the National Initiative for Cybersecurity Education, involving students from kindergarten through post-graduate school.”
“At DHS, we’re working to develop the next generation of leaders in cybersecurity while fostering an environment for talented staff to grow in this field. We are building strong cybersecurity career paths within the Department, and in partnership with other government agencies,” the secretary said.
DHS also sponsors the U.S. Cyber Challenge, she said, “a program that works with academia and the private sector to identify and develop the best and brightest cyber talent to meet our nation’s growing and changing security needs.”
The National Initiative for Cybersecurity Education (NICE) noted on its website that the Department of Education and the National Science Foundation are leading the Formal Cybersecurity Education Component.
“Their mission is to bolster formal cybersecurity education programs encompassing kindergarten through 12th grade, higher education and vocational programs, with a focus on the science, technology, engineering and math disciplines to provide a pipeline of skilled workers for the private sector and government,” the website said.
“A digitally literate workforce that uses technology in a secure manner is imperative to the Nation’s economy and the security of our critical infrastructure,” NICE said on its website.“Just as we teach science, technology, engineering, mathematics, reading, writing and other critical subjects to all students, we also need to educate all students to use technology securely in order to prepare them for the digital world in which we live,” the website added (CNS News, 2012).
Cyberattacks On U.S. Banks An Excuse For War?
Date: October 28, 2012
Source: American Free Press
Abstract: Who’s really responsible for a recent series of cyberattacks on American banks? If United States officials and politicians are to be believed, the government of Iran and its so-called “terrorist” proxies are to blame. However, some information security experts have cast doubt on this allegation, while others insist that the attacks are an obvious false-flag operation whose perpetrators have multiple, far-reaching objectives.
Word of compromised computer banking systems first surfaced in late September, when Wells Fargo, Bank of America, JP Morgan Chase and other financial institutions reported falling victim to computer network attacks that temporarily blocked many of their customers from engaging in online banking. Since then, Capital One, BB&T, HSBC and Regions banks have also reported experiencing similar disruptions to their websites.
An obscure group—identifying itself as the Izz ad-din al-Qassam Cyber Fighters—claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.
However, almost immediately following this announcement, unidentified U.S. national security officials allegedly told NBC News that this claim was just “a cover” story for the Iranian government’s cyberterrorism operations. Similarly, on October 12, another unnamed U.S. official told The Wall Street Journal that the recent attacks against U.S. banks bore “signatures” traced to “a network of fewer than 100 Iranian computer-security specialists at universities and network security companies in Iran.”
The alleged source went on to say “These are not ordinary Iranians,” and added that the “hackers don’t have the resources to mount major attacks without the support and technical expertise of the government.”
Despite the government’s claims, tracing a computer hack to its original source is far from conclusive. “In most cases, if the attacker is highly skilled, it is nearly impossible to clearly determine the origin of an event, and even more difficult to ascertain if the attack was state-sponsored or instigated by individual actors,” writes Anthony M. Freed at Security Bistro. “The use of multiple proxies, Internet routing tricks, employing compromised systems belonging to a third party and the use of spoofed [Internet computer] addresses can all be easily coordinated to give the appearance that an attack is originating far from the actual source.”
Cesar Cerrudo, an information security specialist and chief technology officer for IO/Active Labs, is also at odds with the government’s allegations.
“It’s very easy to attack some group of people or some country and make it look like it came from another country,” Cerrudo said in a recent post for network security magazine Dark Reading. “You can engage them into cyberwar via a third party.”
As an example, Cerrudo cites a 2010 hack that targeted China’s Baidu search engine by a group claiming to be the Iranian Cyber Army. “The Chinese were surprised that Iranians had attacked them,” said Cerrudo. “After that, the Chinese attacked Iran. But it turns out it wasn’t actually Iran behind the Baidu attack. Someone else attacked the Chinese to get them to attack the Iranians.” (Some say the so-called Iranian Cyber Army is or was a group of Russian hackers based outside Iran.)
Although no one can be sure who perpetrated the recent hacks on U.S. banks, many are asking the obvious question: Cui bono? (Who benefits?)
“With President Obama ready to sign an executive order to control the Internet in the name of cybersecurity, could it be more obvious that this ‘cyberattack’ is a total setup?” asked Eric Blair on the popular website Activist Post. “Especially since all versions of Internet control legislation have failed to pass in normal government channels both domestically and internationally,” he added.
Susanne Posel of another popular website, Occupy Corporatism, wrote: “Framing Iran for the American banking system’s computer failure kills two birds with one stone. Not only would the banking cartels be able to shut down all banking computers (and simultaneously siphon the remaining money in their customers’ accounts) but also use this fake cyberattack to engage the American public against Iran and justify their highly anticipated military strike.”
In a recent edition of the computer magazine Information Security, other theories were explored that have received little attention in the media. Among the possible culprits considered are hacktivist groups like Anonymous and Russian crime syndicates.
But in terms of motive and capability, Israelis top the list. Not only do they consider Iran to be the greatest threat to their existence, but they’ve also demonstrated a proficiency in cyberwarfare through the creation of sophisticated viruses that have been successfully used against Iran’s infrastructure. Recently, a new virus dubbed “mini-Flame” has targeted banks in Lebanon and Iran.
Mike Rivero, a former NASA employee and webmaster of the website What Really Happened, suspects that Israel is behind the recent attacks, and believes Israel will likely follow it up with a complete take-down of U.S. financial computers that will falsely be blamed on Iran.“This also gets Wall Street and Washington, D.C. off the hook,” he said, “because now the financial meltdown is an act of war, rather than the result of decades of Wall Street crime and corruption and the predations of private central banks” (American Free Press, 2012).
Napolitano: US Financial Institutions 'Actively Under Attack' By Hackers
Date: October 31, 2012
Source: The Hill
Abstract: Homeland Security Secretary Janet Napolitano on Wednesday warned that some of the largest U.S. financial institutions "are actively under attack" from cyber hackers.
While Napolitano sounded the alarm about the attacks at a cybersecurity event hosted by The Washington Post, she declined to provide any details about them.
"Right now, financial institutions are actively under attack. We know that. I'm not giving you any classified information," she said. "I will say this has involved some of our nation's largest institutions. We've also had our stock exchanges attacked over the last [few] years, so we know ... there are vulnerabilities. We're working with them on that."
When asked by Post
editor Mary Jordan about whether hackers are stealing information or money
from banks, Napolitano answered "yes" and then quickly added, "I
really don't want to go into that per se."
"All I want to say is that there are active matters going on with financial institutions," she said.
The public websites of Wells Fargo, Bank of America, JP Morgan Chase and others were hit by a series of denial of service attacks this fall, which made their sites inaccessible to customers. A denial of service attack inundates a Web server with large numbers of page requests until the site fails to load. It does not let the hackers siphon sensitive information from its victim.
After Hurricane Sandy wreaked havoc on the East Coast, Napolitano said people should look than no further than the damage caused by the massive storm to understand the need to boost the nation's cybersecurity protections.
"One of the possible areas of attack, of course, is attacks on our nation's control systems — the control systems the operate our utilities, our water plants, our pipelines, our financial institutions," Napolitano said. "If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities."
"The urgency and the immediacy of the cyber problem; the cyberattacks that we are undergoing and continuing to undergo can not be overestimated," she said.
The Department of Homeland Security (DHS) oversees the protection of unclassified computer networks for civilian agencies. The Obama administration has tasked DHS with coordinating cybersecurity efforts between the federal government and private industry.
Napolitano said President Obama has made cybersecurity a priority and invested money into DHS's cyber programs, noting that the department's workforce has increased roughly 600 percent over the last few years. The president has also "constantly asked for double-digit increases in the cyber budget" at the department and it is actively looking to hire more skilled cybersecurity professionals.
The DHS secretary also called for Congress to pass legislation that would help protect the nation's critical infrastructure from cyberattacks and said there may be another attempt during the lame-duck session to pass a bill that failed in the Senate this August. However, Napolitano cautioned that the likelihood of the Senate taking another crack at the bill "probably depends on the outcome of Tuesday's election."
Senate Republicans blocked the bill because they argued it would add additional costs onto businesses and saddle them with new security rules.
She said that "when" President Obama is reelected, "I think he will have to consider an executive order that covers many of the areas that legislation would cover."
Yet she warned that an executive order "is not a compete substitute for legislation" and "there are some things that only legislation can provide," such as liability protection for companies that follow a set of cybersecurity best practices.
Threat Of ‘Spectacular’ Cyberattack Looms: Official
Date: November 16, 2012
Abstract: The U.S. is facing unprecedented cyber threats. And businesses and government are at risk, said Eric Rosenbach, Deputy Assistant Secretary of Defense for Cyber Policy in an interview with CNBC.
"I read my intel brief every morning at 5:30 a.m. and it's never a very good news story at all," Rosenbach said. "There are a lot more attacks, and I hate to admit it but I fear that there will be some type of spectacular attack against the United States or one of our allies before there is comprehensive legislation and real appreciation to take this seriously."
Just one month ago, Secretary of Defense Leon Panetta made headlines when he warned that the U.S. is in a "pre-9/11 moment" or a "Pearl Harbor" scenario, referring to a potential chain of cyberattacks against the country.
Rosenbach, Panetta's right-hand man on cyber-security, echoed that chilling warning ─ to prepare for a digital 9/11. (Read More: Panetta Warns of Dire Threat of Cyberattack on U.S.)
Congress failed to push the Cyber Security Act of 2012, a bill that enabled the federal government to take control of all communication capabilities—including the cybersecurity standards of water, power, and utility companies—during a cyber emergency, through the Senate in August. ( Read More: 10 Ways Companies Get Hacked )
The bill failed again on Wednesday when Democrats and Repbulicans found themselves in diagreement over the role government agencies should play when it comes to protecting businesses in cyber emergencies.
"The bill is far from perfect, but it's highly preferable to no action at all." said Rosenbach, "We have to come up with standards that help us patch some of the holes in the critical systems that we need, particularly for critical infrastructure information."
The administration has wrestled with the idea of updating cyberlaws as the tools and weapons in cyberspace have increased in numbers and grown ever more sophisticated.
The black market for cyberweapons, which can be used to attack critical infrastructure, banks, or personal networks, is growing rapidly, Rosenbach said. (Read More: SEC Left Computers Vulnerable to Cyberattacks: Sources)
"I think about the fact that you can go out there and purchase a specific type of cyberweapon and use that against the United States, and they don't even have to be a nation anymore to develop a weapon like that — those are more like the dark web pages," Rosenbach said. "I can't give a specific name, it's classified information. But if you have the weapon and you know the vulnerabilities of the U.S. infrastructure, that makes me nervous." (Read More: Cyberattacks Up Sharply, Suppliers Targeted: Lockheed )
Over the last six months, massive security breaches — such as the attack on Saudi Aramco, the world's largest oil company, and attacks against U.S. financial services companies, including PNC Financial, Wells Fargo, JPMorgan Chase, and Bank of America, — have shown that government and businesses are not prepared for such cyberattacks. (Read More: Hackers in Iran Responsible for Cyberattacks: US )"CEOs need to understand the mounting threat, consider the risk and plan accordingly," Rosenbach said. "You are naive if you are not factoring some aspects of cyberrisk into your business plan" (CNBC, 2012).
Title: 5 Big Cybersecurity Issues Await Obama In Second Term
Date: November 14, 2012
Abstract: Technology policy didn't get much air time in the 2012 presidential election, but the Obama administration will face serious issues over the next four years.
The country is facing a shortage of qualified technology workers. Potential cybersecurity attacks threaten the nation's power and transportation infrastructures.
Privacy advocates fear the seemingly unchecked digital tracking of consumers by private companies and law enforcement agencies. And the online piracy of music, movies and other content remains a thorny issue.
Here's a look at five of the biggest tech issues facing President Barack Obama, and the country, in his second term:
Few topics riled the Internet in 2012 as much as the Stop Online Piracy Act (SOPA), an anti-piracy bill that raised concerns about free speech and privacy online. The Obama administration opposed that doomed bill but is expected to address the piracy issue again in the next four years.
Hollywood was a major contributor to Obama's re-election campaign, and the head of the Motion Picture Association of America, former U.S. Sen. Chris Dodd, is optimistic that Obama will support some sort of anti-piracy effort in his second term.
"I look forward to continuing to work closely with the Obama administration to ensure the creative industries have every opportunity to thrive," Dodd said in a statement after Obama's re-election victory. Earlier in the year, Dodd threatened to cut off campaign contributions to politicians who did not support SOPA.
The issue isn't limited to people illegally downloading movies, music and TV shows in the U.S. Hollywood is also battling rampant copyright infringement abroad, and the administration will likely have to address ways to make other countries respect U.S. intellectual property.
But as Washington learned earlier this year, any anti-piracy stance would have to be sensitive to Internet freedom and privacy concerns.
There are two main foes in consumers' ongoing struggle to preserve their online privacy: companies that collect data and track people's online behavior to sell them things, and law enforcement agencies that collect data and track people to investigate crimes.
The rules for monitoring modern electronic communications are ill-defined. For the government, a warrant isn't currently required after a certain period of time for older information -- e-mail, social networking profiles or cell-phone location data -- stored "in the cloud" on Web servers.
Congress will likely try to address some of these issues during Obama's second term by updating the antiquated Electronic Communications Privacy Act of 1986, which dictates what types of personal information the government can access.
"We're concerned that the administration will continue to use national security as a pretext to undermine privacy and other critical rights," said Parker Higgins, an activist with the Electronic Frontier Foundation, citing the administration's warrantless wiretapping programs, the prosecution of whistle-blowers and what he called an overall lack of transparency.
Civil liberties groups and large technology companies are teaming up to lobby for reform that would dictate what information the government can request and how. Tech companies will also face a separate battle over how they collect data.
The Obama administration has said it wants consumers to have control over whether companies track their online activity. Together with the Federal Trade Commission, the administration pushed Congress for online privacy legislation earlier this year.
The FTC does not currently have the power to pursue companies for privacy violations, but it is tangling with major tech companies on other fronts. Currently it is investigating Google for antitrust violations, claiming the company ranked its own services higher than those of competing companies.
Sometimes it takes a crisis to prompt action. Experts are hoping that won't be the case with a crippling cyberattack on the nation's power plants, financial systems or other vital industries.
"If nothing bad happens, progress will be slow. If we do get some sort of damaging attack, it will move much more quickly," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
In his first term, Obama appointed a national cybersecurity coordinator. In his second term, he will most likely try again to pass cybersecurity legislation. It's also possible he will issue an executive order instead of wrestling with Congress.
The administration's last attempt was the Cybersecurity Act of 2012, which aimed to help protect critical U.S. infrastructure through increased collaboration between the government and the private sector. Private industries such as energy, banking, telecommunications, water and transportation are all potential targets for a cyberattack, experts warn.
But the bill was successfully blocked in August by Senate Republicans who sided with the U.S. Chamber of Commerce and businesses that balked at the idea of having the government regulate their security. Private industry, wary of government oversight, argued there was nothing the government could do that they could not do on their own. Another sticking point was that the process would have been overseen by the Department of Homeland Security.
"The dilemma is that, left to their own devices, we can't be sure companies are going to take these steps," said Lewis. He expects the Obama administration to wait until the 113th Congress is sworn before it tries to resurrect cybersecurity legislation.
College costs are rising, as is the demand for qualified science, technology, engineering and mathematics (dubbed STEM) professionals. Experts warn the demand for skilled workers will increasingly outpace the number of qualified graduates in this country.
Over the next four years, Obama will likely expand his education policies.
The $4.35 billion Race to the Top program awards financial aid to states' K-12 school systems that set specific goals, such as establishing standards for assessing teachers, gathering data and finding innovative ways to improve the worst-performing schools. The president told the Des Moines Register that he wants to continue expanding the program in his next term and focus even more on STEM education.
In July, the Obama administration kicked off the national Science, Technology, Engineering and Mathematics Master Teacher Corps program with $100 million in funding. The program will start by training 50 STEM teachers, but the plan is to increase that number to 10,000 teachers over the next four years and to 100,000 over the next decade. The idea is that these specifically qualified teachers will spread their skills and knowledge to other schools and educators around the country.
When those fresh batches of science and math students are out of high school, they will face dauntingly high college costs.
During the campaign, Obama promised to continue to increase the Pell Grant program, which provides need-based financial aid for college. Critics claim that raising the amount of aid doesn't help, because colleges will just continue to raise their costs to meet the increased demand. The Pell Grant got a large boost in Obama's first term with an influx of money that was made available when the administration eliminated the federal guaranteed student loan program, which went through private banks.
While our school systems adjust to produce more tech graduates, Silicon Valley will need fresh talent. One solution is to allow qualified workers from other counties to stay in the United States and take those jobs after college. So far, however, the Obama administration has faced difficulty passing relevant immigration reform.
"We need more green cards so that all these people who are stuck in limbo, these millions of skilled workers -- doctors, scientists, engineers, computer programmers -- can get permanent residency," said Vivek Wadhwa, an entrepreneur and vice president at Singularity University. "They're here legally, they've done everything right."
One potential fix is the bipartisan Startup Act 2.0, which would provide up to 50,000 visas to foreign STEM students who get their master's or doctorate degree in the U.S. The new category of visa would require recipients to work in a science, technology, engineering or math field continuously for five years before they can become a permanent legal resident.
The proposal would also pave the way for entrepreneurs to start businesses in the United States, which could lead to more jobs.The bill is supported by some tech heavy-hitters, including Google, Facebook and Microsoft, and is currently being considered by a congressional committee (CNN, 2012).
Title: Obama Signs Secret Directive To Help Thwart Cyberattacks
Date: November 14, 2012
Source: Washington Post
Abstract: President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks.
Presidential Policy Directive 20 establishes
a broad and strict set of standards to guide the operations of federal agencies
in confronting threats in cyberspace, according to several U.S. officials who
have seen the classified document and are not authorized to speak on the
record. The president signed it in mid-October.
The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats.
The policy also lays out a process to vet any operations outside government and defense networks and ensure that U.S. citizens’ and foreign allies’ data and privacy are protected and international laws of war are followed.
“What it does, really for the first time, is
it explicitly talks about how we will use cyber-
operations,” a senior administration official said. “Network defense is what you’re doing inside your own networks. . . . Cyber-operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.”
The policy, which updates a 2004 presidential directive, is part of a wider push by the Obama administration to confront the growing cyberthreat, which officials warn may overtake terrorism as the most significant danger to the country.
“It should enable people to arrive at more effective decisions,” said a second senior administration official. “In that sense, it’s an enormous step forward.”
Legislation to protect private networks from attack by setting security standards and promoting voluntary information sharing is pending on the Hill, and the White House is also is drafting an executive order along those lines.
James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, welcomed the new directive as bolstering the government’s capability to defend against “destructive scenarios,” such as those that Defense Secretary Leon E. Panetta recently outlined in a speech on cybersecurity.
“It’s clear we’re not going to be a bystander anymore to cyberattacks,” Lewis said.
The Pentagon is expected to finalize new rules of engagement that would guide commanders on when and how the military can go outside government networks to prevent a cyberattack that could cause significant destruction or casualties.
The presidential directive attempts to settle years of debate among government agencies about who is authorized to take what sorts of actions in cyberspace and with what level of permission.
An example of a defensive cyber-operation that once would have been considered an offensive act, for instance, might include stopping a computer attack by severing the link between an overseas server and a targeted domestic computer.
“That was seen as something that was aggressive,” said one defense official, “particularly by some at the State Department” who often are wary of actions that might infringe on other countries’ sovereignty and undermine U.S. advocacy of Internet freedom. Intelligence agencies are wary of operations that may inhibit intelligence collection. The Pentagon, meanwhile, has defined cyberspace as another military domain — joining air, land, sea and space — and wants flexibility to operate in that realm.
But cyber-operations, the officials stressed, are not an isolated tool. Rather, they are an integral part of the coordinated national security effort that includes diplomatic, economic and traditional military measures.
Offensive cyber actions, outside of war zones, would still require a higher level of scrutiny from relevant agencies and generally White House permission.
The effort to grapple with these questions dates to the 1990s but has intensified as tools and weapons in cyberspace become ever more sophisticated.
One of those tools was Stuxnet, a computer virus jointly developed by the United States and Israel that damaged nearly 1,000 centrifuges at an Iranian nuclear plant in 2010. If an adversary should turn a similar virus against U.S. computer systems, whether public or private, the government needs to be ready to preempt or respond, officials have said.
Since the creation of the military’s Cyber Command in 2010, its head, Gen. Keith Alexander, has forcefully argued that his hundreds of cyberwarriors at Fort Meade should be given greater latitude to stop or prevent attacks. One such cyber-ops tactic could be tricking malware by sending it “sleep” commands.
Alexander has put a particularly high priority on defending the nation’s private-sector computer systems that control critical functions such as making trains run, electricity flow and water pure.
But repeated efforts by officials to ensure that the Cyber Command has that flexibility have met with resistance — sometimes from within the Pentagon itself — over concerns that enabling the military to move too freely outside its own networks could pose unacceptable risks. A major concern has always been that an action may have a harmful unintended consequence, such as shutting down a hospital generator.
Officials say they expect the directive will spur more nuanced debate over how to respond to cyber-incidents. That might include a cyberattack that wipes data from tens of thousands of computers in a major industrial company, disrupting business operations, but doesn’t blow up a plant or kill people.
The new policy makes clear that the government will turn first to law enforcement or traditional network defense techniques before asking military cyberwarfare units for help or pursuing other alternatives, senior administration officials said.“We always want to be taking the least action necessary to mitigate the threat,” said one of the senior administration officials. “We don’t want to have more consequences than we intend” (Washington Post, 2012).
Title: Massive Bank Cyberattack Planned
Date: December 13, 2012
Source: CNN Money
Abstract: Security firm McAfee on Thursday released a report warning that a massive cyberattack on 30 U.S. banks has been planned, with the goal of stealing millions of dollars from consumers' bank accounts.
RSA startled the security world with its announcement that a gang of cybercriminals had developed a sophisticated Trojan aimed at funneling money out of bank accounts from Chase (JPM, Fortune 500), Citibank (C, Fortune 500), Wells Fargo (WFC, Fortune 500), eBay (EBAY, Fortune 500) subsidiary PayPal and dozens of other large banks. Known as "Project Blitzkrieg," the plan has been successfully tested on at least 300 guinea pig bank accounts in the United States, and the crime ring had plans to launch its attack in full force in the spring of 2013, according to McAfee, a unit of Intel (INTC, Fortune 500). (McAfee was founded by John McAfee, who is wanted for questioning as part of a Belize murder investigation, but he no longer has any ties to the company.)
Project Blitzkrieg began with a massive cybercriminal recruiting campaign, promising each recruit of a share of the stolen funds in exchange for their hacking ability and busywork. With the backing of two Russian cybercriminals, including a prominent cyber mafia leader nicknamed "NSD," the recruits were tasked with infecting U.S. computers with a particular strain of malware, cloning the computers, entering stolen usernames and passwords, and transferring funds out of those users' accounts.
The scheme was fairly innovative. U.S. banks' alarm bells get tripped when customers try to access their accounts from unrecognized computers (particularly overseas), so banks typically require users to answer security questions. Cloning computers lets the cybercriminals appear to the banks as though they are the customers themselves, accessing their accounts from their home PCs -- thereby avoiding the security questions.
And since most banks place transfer limits on accounts, recruiting hundreds of criminals to draw smallish amounts out of thousands of accounts is a way to duck those limits. The thieves could collectively siphon off millions of stolen dollars.
As terrifying as that sounds, the fact that the project is out in the open is a huge deterrent. RSA first uncovered the scheme in the fall, and independent security researcher Brian Krebs linked the report to NSD in the following days. Since then, the project appears to have gone dark.
NSD has effectively disappeared from chat forums, Krebs told CNNMoney.
"I can't find him anywhere," Krebs said. "Either bringing this to light scuttled any plans to go forward, or it's still moving ahead cautiously under a much more protective cover."
In either case, knowing what they're up against could be a blessing for banks. McAfee said it is coordinating with law enforcement officials and working with several banks to prepare them for the potential attacks.
The financial industry is accustomed to fending off skilled cyberthieves. It gets hit every day by thousands of attacks on its infrastructure and networks, according to Bill Wansley, a senior vice president at Booz Allen Hamilton who specializes in cybersecurity issues.
Those are just the attacks that get discovered. Not a single financial industry network that Booz Allen examined has been malware-free, he noted.
"If you catch something early on, you can minimize the threat," Wansley said. "It's definitely worthwhile to get a heads up."
For example, in September an Iranian group claiming to be the "Cyber Fighters of Izz ad-Din al-Qassam" announced that it would launch a major denial-of-service attack against the largest U.S. banks. Few took the threat that seriously, but Booz Allen took advantage of the heads-up to work with some of the targeted banks.
What followed was the largest direct denial-of-service attack ever recorded, preventing the public from accessing the websites of Chase, Bank of America (BAC, Fortune 500), Wells Fargo, US Bank (USB, Fortune 500) and PNC Bank (PNC, Fortune 500) -- intermittently for some, and as much as a day for others. The banks that were better prepared were the least affected, he said. (Who actually sponsored the attacks remains a subject of debate. Security experts believe the Iranian government had a hand in them.)
The Cyber Fighters are at it again, declaring that they will be launching attacks on banks' websites this week as part of "Operation Ababil." The banks are preparing.
"Security is core to our mission and safeguarding our customers' information is at the foundation of all we do," said Wells Fargo spokeswoman Sara Hawkins. "We constantly monitor the environment, assess potential threats, and take action as warranted."
"Protecting Citi and its clients from criminal information security threats is a critical priority for us," said a Citigroup spokeswoman. "We have a focused information security strategy and dedicated resources to execute it."
Chase and PayPal did not respond to requests for comment.
Still, the war against cybercriminals isn't going so well for the financial industry. In July, threat detection software maker Lookingglass found that 18 of 24 of the world's largest banks were infected with popular strains of malware that the industry believed had been eradicated, suggesting that banks are prone to re-infections. In June, McAfee uncovered "Operation High Roller" -- a cyberattack that could have stolen as much as $80 million from more than 60 banks.
Since consumers are federally protected from taking the hit when funds are stolen from their accounts, the banks eat the loss. And as the attacks grow more sophisticated, their annual price tag keeps rising."There are absolutely attacks going on right now that we don't know about, some of them minor, some major," Wansley said. "There's a lot going on out there, and frankly, we're only seeing the frequency and severity pick up" (CNN Money, 2012).