There is a tendency to exaggerate attacks, although genuine cyberwarfare attacks do exist starting
from Stuxnet.
The term “war” could be applied to “cyber” activity only if there is a deliberate attempt to destroy
some kind of infrastructure of foreign state like was the case of Stuxnet.
If country A blocks country B’s intelligence from transmitting; if country B “blocks” country A’s
battlefield communications capability during a military skirmish — that is a clear “cyber warfare”.
Criminal hacking, Web site defacement, denial-of-service attacks — especially those directed against
non-military and non-infrastructure targets — aren't “war” of any kind. It's more like (possibly a state-sponsored
terrorism): attempt to get attention to specific group or goals. Not that different from, for example,
support of jihadists bythe USA during Soviet Afgan war,
Let’s be very clear; "real" war results in people being killed, in property being destroyed, in infrastructure
and logistical capabilities being crippled. So for Internet attack to be called cyberwarfare it should
meet at least one of this criteria; if not in effect, then in intention. And by “infrastructure” I mean
real infrastructure— factories, hospitals, water treatment plants, power-generation facilities, roads
and bridges. At least web sites that provide some kind of essential services like financial websites,
not the Internet web site with general public information.
Anything short of this is merely criminality, propaganda war, or "cold war" if you wish.
Hacking high officials email is more like a color revolution inspired trick, then anything else.
"... to be fair though, those emails leaks seem totally dull. I browsed what I could, it's just generic staff chat, campaign bills to pay, bills to make, yadda yadda Whoever got the mail passwords few months ago must have waited for something juicy to land and since nothing really interesting came up, they're just posting the whole stock as is. Won't make the slightest difference on sunday. ..."
"... Exactly. I wouldnt be surprised if its Macron team itself that leaked this dull, uninportant stuff to show that "russians have interfered". ..."
"... Macron won 1st step with the intense fear campaign spammed on our heads during 6 months. I know plenty reasonable people who voted Macron while they hardly can stand his program, because they were told hundreds times he was the "best choice" to beat Le Pen. ..."
"... That's so absurd Macron got the most votes last sunday AND at the same time got the LOWEST "adhesion" (adherence ? not sure in english) rate of all 11 candidates, basically nearly half of "his" voters put the bulletin with his name for reasons that have nothing to do with him. ..."
"... Macron's dirty secrets according to The Duran: http://theduran.com/breaking-macron-emails-lead-to-allegations-of-drug-use-homosexual-adventurism-and-rothschild-money/ ..."
"... That all the evils in western society are the fault of the external bogeyman. Putin, ISIS Refugees, Asian footwear makers, whatever. ..."
"... Is that your services & politicians Would never pull a false leak or a controlled leak or a limited hangout. That they are angels that sit on their hands. ..."
"... These two underpin the absolute lunacy we have seen unfold before our eyes. An extraordinarily dangerous situation to be in which is getting worse fast. ..."
Another Leaks about emails, this time about Macron. The difference is that nobody is allowed to
publish any part of it by the electoral commission (15,000 euros fine). No doubt there will be
a huge crackdown on alt media once he gets elected.
France is an occupied country, much more than the US
to be fair though, those emails leaks seem totally dull. I browsed what I could, it's just
generic staff chat, campaign bills to pay, bills to make, yadda yadda Whoever got the mail passwords
few months ago must have waited for something juicy to land and since nothing really interesting
came up, they're just posting the whole stock as is. Won't make the slightest difference on sunday.
@jen : what possibility ? none
Macron won 1st step with the intense fear campaign spammed on our heads during 6 months. I
know plenty reasonable people who voted Macron while they hardly can stand his program, because
they were told hundreds times he was the "best choice" to beat Le Pen.
And that's it. They
probably don't fully believe it, but the doubt was hammered deep in their mind, and they won't
take the (imaginary) risk to appear the on "wrong" side of history and be shamed for years...
And the same thing will obviously happen tomorrow.
That's so absurd Macron got the most votes last sunday AND at the same time got the LOWEST
"adhesion" (adherence ? not sure in english) rate of all 11 candidates, basically nearly half
of "his" voters put the bulletin with his name for reasons that have nothing to do with him.
@46 anon.. that macron leak story has legs! i like what some guy on twitter said - "Amazing that
the French government and media now stand as enemies of freedom of speech." who whudda thunk it?
lol... remind anyone of any other countries?
Well well well... you know... its France... le pen's mother made nacked pictures for french playboy
when she divorced the father... another one is on x... just pawns.
The MSM are going to be embarassed with the leaks. On one side they keep referring to the Ruskies
and Trump, and on the other no one among the Western politicians has a B plan in case Trump continues
to wreck havoc (and he will).
Next week, he goes to KSA before Israel and since the Saudi prince said it would be 'historical'
we can bet KSA will announce the recognizance of Israel
Then step 2 will be to say Syria and Iran: you recognize or we turn you to Somalia.
And where will Junker, Hollande, Macron and co go then?
even Wikileaks says the metadata is full of cyrillic. clumsiness or the will to point towards
the usual culprits?
not sure if Hollande has really turned into a Machiavel but that sounds like him
None of it makes sense, yet everyone laps it up like mother's milk. This is the 1st of these
leaks to have obvious forgeries in it.
The release date makes no sense, there appears to be nothing damaging in it, the speed at
which the trusties found the Cyrillic metadata says they were looking for it / told where to
look / not looking for damaging material.
The sheer scale of the breach from what must be the closely monitored mail server in political
history.
None of it adds up if you look at it with an open mind. This is dangerous slavish behavior
from infosec, the media and public. If you will swallow this hook, line & sinker then your
parliaments need more fire extinguishers
Everything is based on two enormous falacies.
1.
That all the evils in western society are the fault of the external bogeyman. Putin,
ISIS Refugees, Asian footwear makers, whatever.
That the Trumps, Le Pens, Farages are
not a native virus.
2.
Is that your services & politicians Would never pull a false leak or a controlled
leak or a limited hangout. That they are angels that sit on their hands.
These two underpin the absolute lunacy we have seen unfold before our eyes. An extraordinarily
dangerous situation to be in which is getting worse fast.
"You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false
ones, so the people behind them use up a lot of time trying to figure them out," Mounir Mahjoubi,
the head of Macron's digital team, told The Daily Beast for its earlier article on this subject.
In the end, whoever made the dump may not have known what is real and what is false, which
would explain in part the odd timing. After the disruptive revelations of the Democratic National
Committee hacks in the United States, the public is conditioned to think that if there's a
document dump like this, it has to be incriminating. By putting it out just before the news
blackout, when Macron cannot respond in detail, the dump becomes both the medium and the message.
...
Today's cyberbattles could almost make one nostalgic for the
Cold War . The nuclear
arms race created a sense of existential threat, but at least it was clear who had the weapons. In
contrast, a cyberattack could be the work of almost anyone. After hackers
broke into the U.S. Democratic National Committee's servers in 2016 and released e-mails embarrassing
to the DNC's leadership, the Republican presidential candidate Donald Trump
said the attacker could be China, Russia, or "somebody sitting on their bed that weighs 400 pounds."
U.S.
intelligence officials have said that the attack did indeed come from
Russia , which Trump
later acknowledged . But Trump's comment underscored a larger problem with cyberwarfare: uncertainty.
How does a government respond to an invisible attacker, especially without clear rules of engagement?
How can officials convince other governments and the public that they have fingered the right suspects?
How can a state prevent cyberattacks when without attribution, the logic of deterrence-if you hit
me, I'll hit you back-no longer applies? Two recent books delve into these questions. Dark Territory
, by Fred Kaplan, and The Hacked World Order , by Adam Segal, lay out the history of
cybersecurity in the United States and explain the dangers that future digital conflicts might pose.
Both authors also make clear that although Americans and U.S. institutions increasingly feel themselves
to be in the cross hairs of hackers and other cybercriminals, the United States is itself a powerful
aggressor in cyberspace.
In 2014 alone, the United States suffered more than 80,000 cybersecurity breaches.
In the future, the United States must use its cyberpower judiciously. Every conflict poses the
risk that one party will make a mistake or overreact, causing things to veer out of control. When
it comes to cyberwar, however, the stakes are particularly high for the United States, as the country's
technological sophistication makes it uniquely vulnerable to attack.
Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility, April 2008.
CYBER-SUPERPOWER
The dramatic headlines surrounding Russia's alleged hacking of the DNC and attempts to spread
misinformation online during the U.S. election may have reinforced the perception among Americans
that the United States is primarily a victim of cyber-intrusions. It's not. In Dark Territory
, Kaplan details the United States' long history of aggression in cyberspace. It's not easy
to write an engaging book on cyberwar, and Kaplan, a national security columnist at Slate
, has done an admirable job. He presents a clear account of the United States' evolution into
a formidable cyberpower, guiding the reader through a thicket of technical details and government
acronyms.
It turns out that the U.S. govern ment has been an aggressor for over a quarter century. Kaplan
describes "counter command-control warfare"-attempts to disrupt an enemy's ability to control its
forces-that goes back to the
Gulf War in 1990–91. At a time when U.S. President
George H.
W. Bush had never used a computer, the National Security Agency (NSA) was employing a secret
satellite to monitor the conversations of Iraqi President Saddam Hussein and his generals, which
sometimes revealed the positions of Iraqi soldiers.
The United States flexed its digital muscles again in the late 1990s, when Serbs in Bosnia and
Herzegovina were protesting the presence of NATO soldiers enforcing the 1995 Dayton peace agreement,
which had ended the Bosnian war. U.S. officials learned that local newscasters were telling protesters
when and where to gather and even instructing them to throw rocks at NATO soldiers. It turned out
that 85 percent of Serbs got their television broadcasts from just five transmission towers. U.S.
officials, working with the NATO-led stabilization force, or SFOR, installed devices on those five
transmitters that allowed SFOR engineers to turn them on and off remotely. Whenever a newscaster
began urging people to protest, the engineers shut off the transmitters.
American officials also enlisted the help of Hollywood producers, persuading them to supply programming
to a U.S. -aligned Serbian station. During major anti-NATO protests, Serbians would turn on the television
to find the channel playing episodes of Baywatch . Kaplan asserts, "Many Serbs, who might
otherwise have hit the streets to make trouble , stayed in to watch young women cavorting in bikinis."
Around a decade later, the United States set up what Kaplan calls a "mini -NSA" in Iraq. Kaplan
describes how NSA teams in the Middle East intercepted insurgents' e-mails and shut down many of
their servers with malware. In other cases, they sent insurgents deceptive e-mails directing them
to places where U.S. Special Forces would be waiting to kill them. "In 2007 alone, these sorts of
operations . . . killed nearly four thousand Iraqi insurgents," Kaplan writes.
The United States will likely not win social media wars against countries such as China or Russia.
The United States' most ambitious cyberattack began in 2006, when it teamed up with Israel to
sabotage the Iranian nuclear program. The collab oration, dubbed Operation Olympic Games, targeted
Iran's Natanz reactor, which relied on remote computer controls . Malware designed by American pro
grammers took over the reactor's valve pumps, allowing NSA operatives to remotely increase the flow
of uranium gas into the centrifuges, which eventually burst. By early 2010, the operation had destroyed
almost a quarter of Iran's 8,700 centrifuges.
For years, the Iranians failed to detect the intrusion and must have wondered if the malfunctions
were their own fault. In that sense, Kaplan writes, "Operation Olympic Games was a classic campaign
of information warfare : the target wasn't just the Iranians' nuclear program but also the Iranians'
confidence-in their sensors, their equipment, and themselves." The Iranians and the wider public
might never have learned about the virus, now widely known as Stuxnet, if it had not accidentally
spread from the computers in Natanz to machines in other parts of the world, where private-sector
security researchers ultimately discovered it.
With Olympic Games, the United States "crossed the Rubicon," in the words of the former CIA director
Michael Hayden. Stuxnet was the first major piece of malware to do more than harm other computers
and actually cause physical destruction. The irony was rich, as Kaplan notes: "For more than a decade,
dozens of panels and commissions had warned that America's critical infrastructure was vulnerable
to a cyber attack-and now America was launching the first cyber attack on another
nation's critical infrastructure."
Of course, cyberattackers have often targeted the United States. In 2014 alone, Kaplan reports,
the country suffered more than 80,000 cybersecurity breaches, more than 2,000 of which led to data
losses. He also points out that until recently, U.S. policymakers worried less about Russia than
China, which was "engaging not just in espionage and battlefield preparation, but also in the theft
of trade secrets, intellectual property, and cash."
China and Russia are not the only players. Iran and North Korea have also attacked the United
States. In 2014, the businessman Sheldon Adelson criticized Iran, which responded by hacking into
the servers of Adelson's Las Vegas Sands Corporation, doing $40 million worth of damage. That same
year, hackers calling themselves the Guardians of Peace broke into Sony's network. They destroyed
thousands of computers and hundreds of servers, exposed tens of thousands of Social Security numbers,
and released embarrassing personal e-mails pilfered from the accounts of Sony executives. U.S. government
officials blamed the North Korean government for the attack . Sony Pictures was about to release
The Interview , a silly comedy about a plot to assassinate the North Korean ruler Kim Jong
Un. As opening day neared, the hackers threatened theaters with retaliation if they screened the
movie. When Sony canceled the release, the threats stopped.
EVERYBODY HACKS
The Hacked World Order covers some of the same ground as Dark Territory , although
with a slightly wider lens. In addition to discussing cyberattacks and surveillance, Segal, a fellow
at the Council on Foreign Relations, details how the United States and other countries use social
media for political ends. Russia, for example, tries to shape online discourse by spreading false
news and deploying trolls to post offensive or distracting comments. The Russian government has reportedly
hired English speakers to praise President Vladimir Putin on the websites of foreign news outlets.
The goal is not necessarily to endear Americans to Putin, Segal explains . Rather, it sows confusion
online to "make reasonable, rational conversation impossible." Chinese Internet commenters also try
to muddy the waters of online discussion. Segal claims that the Chinese government pays an estimated
250,000–300,000 people to support the official Communist Party agenda online.
The public understands cyberthreats far less well than it does the threat of nuclear weapons.
Segal suggests that the United States will likely not win social media wars against countries
such as China or Russia . U.S. State Department officials identify themselves on Facebook and Twitter,
react slowly to news, and offer factual, rule-based commentary. Unfortunately, as Segal notes, "content
that is shocking , conspiratorial, or false often crowds out the reasonable, rational, and measured."
Social media battles also play out in the Middle East. In 2012, the Israel Defense Forces and
Hamas fought a war for public opinion using Facebook, Twitter, Google, Pinterest, and Tumblr at the
same time as the two were exchanging physical fire. The Islamic State (also known as ISIS) has launched
digital campaigns that incorporate, in Segal's words, "brutality and barbarism, packaged with sophisticated
production techniques ." The United States has tried to fight back by sharing negative stories about
ISIS and, in 2014, even created a video, using footage released by the group , that featured severed
heads and cruci fixions. The video went viral, but analysts inside and outside the U.S. government
criticized it for embracing extremist tactics similar to ISIS' own. Moreover, as Segal notes, it
seems to have failed to deter ISIS' supporters.
Part of what makes the cyber-era so challenging for governments is that conflict isn't limited
to states. Many actors, including individuals and small groups, can carry out attacks. In 2011, for
example, the hacker collective Anon ymous took down Sony's PlayStation Network, costing the company
$171 million in repairs. Individuals can also disrupt traditional diplomacy, as when WikiLeaks released
thousands of State Department cables in 2010, revealing U.S. diplomats' candid and sometimes embarrassing
assessments of their foreign counterparts.
Segal is at his best in his discussion of China's cyberstrategy, on which he has considerable
expertise. Americans tend to see themselves as a target of Chinese hackers-and indeed they are. The
problem is that China also sees itself as a victim and the United States as hypocritical. In June
2013, U.S. President Barack Obama warned Chinese President Xi Jinping that Chinese hacking could
damage the U.S.-Chinese relationship. Later that month, journalists published documents provided
by Edward Snowden, an NSA contractor, showing that the NSA had hacked Chinese universities and telecommunications
companies. It didn't take long for Chinese state media to brand the United States as "the real hacking
empire."
The U.S.-Chinese relationship also suffers from a more fundamental disagreement. U.S. policymakers
seem to believe that it's acceptable to spy for political and military purposes but that China's
theft of intellectual property crosses a line. The United States might spy on companies and trade
negotiators all over the world, but it does so to protect its national interests, not to benefit
specific U.S. companies. The Chinese don't see this distinction. As Segal explains:
Many states, especially those like China that have developed a form of state capitalism at
home, do not see a difference between public and private actors. Chinese firms are part of an
effort to modernize the country and build comprehensive power, no matter whether they are private
or state owned. Stealing for their benefit is for the benefit of the nation.
The intense secrecy surrounding cyberwarfare makes deciding what kinds of hacking are acceptable
and what behavior crosses the line even harder. The Snowden revelations may have alerted Americans
to the extent of U.S. government surveillance, but the public still remains largely in the dark about
digital conflict. Yet Americans have a lot at stake. The United States may be the world's strongest
cyberpower, but it is also the most vulnerable. Segal writes:
The United States is . . . more exposed than any other country. Smart cities, the Internet
of Things, and self-driving cars may open up vast new economic opportunities as well as new targets
for destructive attacks. Cyberattacks could disrupt and degrade the American way of war, heavily
dependent as it is on sensors, computers, command and control, and information dominance.
Putin and Defence Minister Sergei Ivanov visit the new GRU military intelligence headquarters
building in Moscow, November 2006.
FOREWARNED IS FOREARMED
Neither Kaplan nor Segal offers easy solutions to these challenges. Kaplan argues that the cyber-era
is much murkier than the era of the Cold War. Officials find it difficult to trace attack ers quickly
and reliably, increasing the chances that the targeted country will make an error. The U.S. government
and U.S. firms face cyberattacks every day, and there is no clear line between those that are merely
a nuisance and those that pose a serious threat. The public also understands cyberthreats far less
well than it does the threat of nuclear weapons. Much of the informa tion is classified, inhibiting
public discus sion, Kaplan notes. He concludes that "we are all wandering in dark territory."
The public understands cyberthreats far less well than it does the threat of nuclear weapons.
Segal's conclusions are somewhat more prescriptive. The United States must support research and
technological innovation, for example, and not just by providing more federal funding. Segal recommends
that the United States replace its federal research plan with a public-private partnership to bring
in academic and commercial expertise. Government and private companies need to share more information,
and companies need to talk more openly with one another about digital threats. The United States
should also "develop a code of conduct that draws a clear line between its friends and allies and
its potential adversaries." This would include limiting cyberattacks to military actions and narrowly
targeted covert operations, following international law, rarely spying on friends, and working to
strengthen international norms against economic espionage. If the United States is attacked, it should
not necessarily launch a counterattack, Segal argues; rather, it should explore using sanctions or
other tools. This was apparently the path that Obama took after the attack on the DNC, when the United
States punished Moscow by imposing fresh sanctions and expelling 35 suspected Russian spies.
It's likely only a matter of time before the Trump administration faces a major cyberattack. When
that happens, the government will need to react calmly, without jumping to conclusions. Failure to
do so could have dire consequences. "The United States, Russia, and China are unlikely to launch
destructive attacks against each other unless they are already engaged in military conflict or perceive
core interests as being threatened," Segal writes. "The greatest risks are misperception, miscalculation,
and escalation."
Those risks now seem greater than ever. Some experts have argued that Obama's response to the
Russian cyberattacks in 2016 did not do enough to deter future attackers. But if Obama underreacted,
the United States may now face the opposite problem. Trump has proved willing to make bold, some
times unsubstantiated accusations. This behavior is dangerous in any conflict, but in the fog of
cyberwar, it could spell catastrophe.
Is there anything the American public can do to prevent this? All over the country, people have
been trying to check Trump's worst impulses by protesting, appealing to members of Congress, or simply
demanding more information. Policy about cyberspace generally doesn't draw the same level of public
engagement, in part due to a lack of knowledge. Cyberbattles can seem confusing, technical, and shrouded
in secrecy, perhaps better left to the experts. But cybersecurity is everyone's problem now. The
American public should inform itself, and these two books are a good place to start. If Washington
inadvertently led the United States into a major cyberwar, Americans would have the most to lose.
The mainstream hysteria over Russia has led to dubious or
downright false stories that have deepened the New Cold War
by
Gareth Porter
, January 16, 2017
Print This
|
Share This
In the middle of a major domestic crisis over the U.S. charge that Russia had
interfered with the US election, the Department of Homeland Security (DHS) triggered
a brief national media hysteria by creating and spreading a bogus story of Russian
hacking into US power infrastructure.
DHS had initiated the now-discredited tale of
a hacked computer at the Burlington, Vermont Electricity Department by sending the
utility's managers misleading and alarming information, then leaked a story they
certainly knew to be false and continued to put out a misleading line to the media.
Even more shocking, however, DHS had previously circulated a similar bogus story
of Russian hacking of a Springfield, Illinois water pump in November 2011.
The story of how DHS twice circulated false stories of Russian efforts to sabotage
US "critical infrastructure" is a cautionary tale of how senior leaders in a
bureaucracy-on-the-make take advantage of every major political development to
advance its own interests, with scant regard for the truth.
The DHS had carried out a major public campaign to focus on an alleged Russian
threat to US power infrastructure in early 2016. The campaign took advantage of a US
accusation of a Russian cyber-attack against the Ukrainian power infrastructure in
December 2015 to promote one of the agency's major functions - guarding against
cyber-attacks on America's infrastructure.
Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified
briefings for electric power infrastructure companies in eight cities titled,
"Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly,
"These events represent one of the first known physical impacts to critical
infrastructure which resulted from cyber-attack."
That statement conveniently avoided mentioning that the first cases of such
destruction of national infrastructure from cyber-attacks were not against the United
States, but were inflicted on Iran by the Obama administration and Israel in 2009 and
2012.
Beginning in October 2016, the DHS emerged as one of the two most important
players – along with the CIA-in the political drama over the alleged Russian effort
to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI
distributed a "Joint Analysis Report" to US power utilities across the country with
what it claimed were "indicators" of a Russian intelligence effort to penetrate and
compromise US computer networks, including networks related to the presidential
election, that it called "GRIZZLY STEPPE."
The report clearly conveyed to the utilities that the "tools and infrastructure"
it said had been used by Russian intelligence agencies to affect the election were a
direct threat to them as well. However, according to Robert M. Lee, the founder and
CEO of the cyber-security company Dragos, who had developed one of the earliest US
government programs for defense against cyber-attacks on US infrastructure systems,
the report was certain to mislead the recipients.
"Anyone who uses it would think they were being impacted by Russian operations,"
said Lee. "We ran through the indicators in the report and found that a high
percentage were false positives."
Lee and his staff found only two of a long list of malware files that could be
linked to Russian hackers without more specific data about timing. Similarly a large
proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for
certain specific dates, which were not provided.
The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed
in the report as having been used by Russian hackers were exit nodes for the Tor
Project, a system that allows bloggers, journalists and others – including some
military entities – to keep their Internet communications private.
Lee said the DHS staff that worked on the technical information in the report is
highly competent, but the document was rendered useless when officials classified and
deleted some key parts of the report and added other material that shouldn't have
been in it. He believes the DHS issued the report "for a political purpose," which
was to "show that the DHS is protecting you."
Planting the Story, Keeping it Alive
Upon receiving the DHS-FBI report the Burlington Electric Company network security
team immediately ran searches of its computer logs using the lists of IP addresses it
had been provided. When one of IP addresses cited in the report as an indicator of
Russian hacking was found on the logs, the utility immediately called DHS to inform
it as it had been instructed to do by DHS.
In fact, the IP address on the Burlington Electric Company's computer was simply
the Yahoo e-mail server, according to Lee, so it could not have been a legitimate
indicator of an attempted cyber-intrusion. That should have been the end of the
story. But the utility did not track down the IP address before reporting it to DHS.
It did, however, expect DHS to treat the matter confidentially until it had
thoroughly investigated and resolved the issue.
"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to
keep their mouth shut."
Instead, a DHS official called The Washington Post and passed on word that one of
the indicators of Russian hacking of the DNC had been found on the Burlington
utility's computer network. The Post failed to follow the most basic rule of
journalism, relying on its DHS source instead of checking with the Burlington
Electric Department first. The result was the Post's sensational Dec. 30 story under
the headline "Russian hackers penetrated US electricity grid through a utility in
Vermont, US officials say."
DHS official evidently had allowed the Post to infer that the Russians hack had
penetrated the grid without actually saying so. The Post story said the Russians "had
not actively used the code to disrupt operations of the utility, according to
officials who spoke on condition of anonymity in order to discuss a security matter,"
but then added, and that "the penetration of the nation's electrical grid is
significant because it represents a potentially serious vulnerability."
The electric company quickly issued a firm denial that the computer in question
was connected to the power grid. The Post was forced to retract, in effect, its claim
that the electricity grid had been hacked by the Russians. But it stuck by its story
that the utility had been the victim of a Russian hack for another three days before
admitting that no such evidence of a hack existed.
The day after the story was published, the DHS leadership continued to imply,
without saying so explicitly, that the Burlington utility had been hacked by
Russians. Assistant Secretary for Pubic Affairs J. Todd Breasseale gave CNN a
statement that the "indicators" from the malicious software found on the computer at
Burlington Electric were a "match" for those on the DNC computers.
As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud
server and therefore not an indicator that the same team that allegedly hacked the
DNC had gotten into the Burlington utility's laptop. DHS also learned from the
utility that the laptop in question had been infected by malware called "neutrino,"
which had never been used in "GRIZZLY STEPPE."
Only days later did the DHS reveal those crucial facts to the Post. And the DHS
was still defending its joint report to the Post, according to Lee, who got part of
the story from Post sources. The DHS official was arguing that it had "led to a
discovery," he said. "The second is, 'See, this is encouraging people to run
indicators.'"
Original DHS False Hacking Story
The false Burlington Electric hack scare is reminiscent of an earlier story of
Russian hacking of a utility for which the DHS was responsible as well. In November
2011, it reported an "intrusion" into a Springfield, Illinois water district computer
that similarly turned out to be a fabrication.
Like the Burlington fiasco, the false report was preceded by a DHS claim that US
infrastructure systems were already under attack. In October 2011, acting DHS deputy
undersecretary Greg Schaffer was quoted by The Washington Post as warning that "our
adversaries" are "knocking on the doors of these systems." And Schaffer added, "In
some cases, there have been intrusions." He did not specify when, where or by whom,
and no such prior intrusions have ever been documented.
On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water
district near Springfield, Illinois, burned out after sputtering several times in
previous months. The repair team brought in to fix it found a Russian IP address on
its log from five months earlier. That IP address was actually from a cell phone call
from the contractor who had set up the control system for the pump and who was
vacationing in Russia with his family, so his name was in the log by the address.
Without investigating the IP address itself, the utility reported the IP address
and the breakdown of the water pump to the Environmental Protection Agency, which in
turn passed it on to the Illinois Statewide Terrorism and Intelligence Center, also
called a fusion center composed of Illinois State Police and representatives from the
FBI, DHS and other government agencies.
On Nov. 10 – just two days after the initial report to EPA – the fusion center
produced a report titled "Public Water District Cyber Intrusion" suggesting a Russian
hacker had stolen the identity of someone authorized to use the computer and had
hacked into the control system causing the water pump to fail.
The contractor whose name was on the log next to the IP address later told Wired
magazine that one phone call to him would have laid the matter to rest. But the DHS,
which was the lead in putting the report out, had not bothered to make even that one
obvious phone call before opining that it must have been a Russian hack.
The fusion center "intelligence report," circulated by DHS Office of Intelligence
and Research, was picked up by a cyber-security blogger, who called The Washington
Post and read the item to a reporter. Thus the Post published the first sensational
story of a Russian hack into a US infrastructure on Nov. 18, 2011.
After the real story came out, DHS disclaimed responsibility for the report,
saying that it was the fusion center's responsibility. But a Senate subcommittee
investigation
revealed
in a report a year later that even after the initial report had been
discredited, DHS had not issued any retraction or correction to the report, nor had
it notified the recipients about the truth.
DHS officials responsible for the false report told Senate investigators such
reports weren't intended to be "finished intelligence," implying that the bar for
accuracy of the information didn't have to be very high. They even claimed that
report was a "success" because it had done what "what it's supposed to do – generate
interest."
Both the Burlington and Curran-Gardner episodes underline a central reality of the
political game of national security in the New Cold War era: major bureaucratic
players like DHS have a huge political stake in public perceptions of a Russian
threat, and whenever the opportunity arises to do so, they will exploit it.
Gareth Porter, an investigative historian and journalist specializing in US
national security policy, received the UK-based Gellhorn Prize for journalism for
2011 for articles on the U.S. war in Afghanistan. His new book is
Manufactured Crisis: the Untold Story of the Iran Nuclear Scare
. He can be
contacted at
[email protected] .
DHS security honchos want to justify their existence. There is not greater danger to national
security then careerists in position of security professionals. Lying and exaggerating the
treats to get this dollars is is what many security professionals do for living. They are
essentially charlatans.
Notable quotes:
"... In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure. ..."
"... Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011. ..."
"... Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack." ..."
"... That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012. ..."
"... Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE." ..."
"... according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients. ..."
"... "Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives." ..."
"... The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private. ..."
"... Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say." ..."
"... DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability." ..."
"... The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed. ..."
"... Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'" ..."
"... The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication. ..."
"... The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack. ..."
The mainstream hysteria over Russia has led to dubious or downright false stories that have
deepened the New Cold War
In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with
the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria
by creating and spreading a bogus story of Russian hacking into US power infrastructure.
DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity
Department by sending the utility's managers misleading and alarming information, then leaked a story
they certainly knew to be false and continued to put out a misleading line to the media.
Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking
of a Springfield, Illinois water pump in November 2011.
The story of how DHS twice circulated false stories of Russian efforts to sabotage US "critical
infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage
of every major political development to advance its own interests, with scant regard for the truth.
The DHS had carried out a major public campaign to focus on an alleged Russian threat to US power
infrastructure in early 2016. The campaign took advantage of a US accusation of a Russian cyber-attack
against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major
functions - guarding against cyber-attacks on America's infrastructure.
Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for
electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications
for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical
impacts to critical infrastructure which resulted from cyber-attack."
That statement conveniently avoided mentioning that the first cases of such destruction of national
infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran
by the Obama administration and Israel in 2009 and 2012.
Beginning in October 2016, the DHS emerged as one of the two most important players – along with
the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald
Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across
the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate
and compromise US computer networks, including networks related to the presidential election, that
it called "GRIZZLY STEPPE."
The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been
used by Russian intelligence agencies to affect the election were a direct threat to them as well.
However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who
had developed one of the earliest US government programs for defense against cyber-attacks on US
infrastructure systems, the report was certain to mislead the recipients.
"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We
ran through the indicators in the report and found that a high percentage were false positives."
Lee and his staff found only two of a long list of malware files that could be linked to Russian
hackers without more specific data about timing. Similarly a large proportion of IP addresses listed
could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.
The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report
as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows
bloggers, journalists and others – including some military entities – to keep their Internet communications
private.
Lee said the DHS staff that worked on the technical information in the report is highly competent,
but the document was rendered useless when officials classified and deleted some key parts of the
report and added other material that shouldn't have been in it. He believes the DHS issued the report
"for a political purpose," which was to "show that the DHS is protecting you."
Planting the Story, Keeping it Alive
Upon receiving the DHS-FBI report the Burlington Electric Company network security team immediately
ran searches of its computer logs using the lists of IP addresses it had been provided. When one
of IP addresses cited in the report as an indicator of Russian hacking was found on the logs, the
utility immediately called DHS to inform it as it had been instructed to do by DHS.
In fact, the IP address on the Burlington Electric Company's computer was simply the Yahoo e-mail
server, according to Lee, so it could not have been a legitimate indicator of an attempted cyber-intrusion.
That should have been the end of the story. But the utility did not track down the IP address before
reporting it to DHS. It did, however, expect DHS to treat the matter confidentially until it had
thoroughly investigated and resolved the issue.
"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to keep their
mouth shut."
Instead, a DHS official called The Washington Post and passed on word that one of the indicators
of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post
failed to follow the most basic rule of journalism, relying on its DHS source instead of checking
with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story
under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont,
US officials say."
DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the
grid without actually saying so. The Post story said the Russians "had not actively used the code
to disrupt operations of the utility, according to officials who spoke on condition of anonymity
in order to discuss a security matter," but then added, and that "the penetration of the nation's
electrical grid is significant because it represents a potentially serious vulnerability."
The electric company quickly issued a firm denial that the computer in question was connected
to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid
had been hacked by the Russians. But it stuck by its story that the utility had been the victim of
a Russian hack for another three days before admitting that no such evidence of a hack existed.
The day after the story was published, the DHS leadership continued to imply, without saying so
explicitly, that the Burlington utility had been hacked by Russians. Assistant Secretary for Pubic
Affairs J. Todd Breasseale gave CNN a statement that the "indicators" from the malicious software
found on the computer at Burlington Electric were a "match" for those on the DNC computers.
As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud server and therefore
not an indicator that the same team that allegedly hacked the DNC had gotten into the Burlington
utility's laptop. DHS also learned from the utility that the laptop in question had been infected
by malware called "neutrino," which had never been used in "GRIZZLY STEPPE."
Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending
its joint report to the Post, according to Lee, who got part of the story from Post sources. The
DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is
encouraging people to run indicators.'"
Original DHS False Hacking Story
The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking
of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion"
into a Springfield, Illinois water district computer that similarly turned out to be a fabrication.
Like the Burlington fiasco, the false report was preceded by a DHS claim that US infrastructure
systems were already under attack. In October 2011, acting DHS deputy undersecretary Greg Schaffer
was quoted by The Washington Post as warning that "our adversaries" are "knocking on the doors of
these systems." And Schaffer added, "In some cases, there have been intrusions." He did not specify
when, where or by whom, and no such prior intrusions have ever been documented.
On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water district near Springfield,
Illinois, burned out after sputtering several times in previous months. The repair team brought in
to fix it found a Russian IP address on its log from five months earlier. That IP address was actually
from a cell phone call from the contractor who had set up the control system for the pump and who
was vacationing in Russia with his family, so his name was in the log by the address.
Without investigating the IP address itself, the utility reported the IP address and the breakdown
of the water pump to the Environmental Protection Agency, which in turn passed it on to the Illinois
Statewide Terrorism and Intelligence Center, also called a fusion center composed of Illinois State
Police and representatives from the FBI, DHS and other government agencies.
On Nov. 10 – just two days after the initial report to EPA – the fusion center produced a report
titled "Public Water District Cyber Intrusion" suggesting a Russian hacker had stolen the identity
of someone authorized to use the computer and had hacked into the control system causing the water
pump to fail.
The contractor whose name was on the log next to the IP address later told Wired magazine
that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in
putting the report out, had not bothered to make even that one obvious phone call before opining
that it must have been a Russian hack.
The fusion center "intelligence report," circulated by DHS Office of Intelligence and Research,
was picked up by a cyber-security blogger, who called The Washington Post and read the item to a
reporter. Thus the Post published the first sensational story of a Russian hack into a US infrastructure
on Nov. 18, 2011.
After the real story came out, DHS disclaimed responsibility for the report, saying that it was
the fusion center's responsibility. But a Senate subcommittee investigation
revealed in
a report a year later that even after the initial report had been discredited, DHS had not issued
any retraction or correction to the report, nor had it notified the recipients about the truth.
DHS officials responsible for the false report told Senate investigators such reports weren't
intended to be "finished intelligence," implying that the bar for accuracy of the information didn't
have to be very high. They even claimed that report was a "success" because it had done what "what
it's supposed to do – generate interest."
Both the Burlington and Curran-Gardner episodes underline a central reality of the political game
of national security in the New Cold War era: major bureaucratic players like DHS have a huge political
stake in public perceptions of a Russian threat, and whenever the opportunity arises to do so, they
will exploit it.
Gareth Porter, an investigative historian and journalist specializing in US national security
policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war
in Afghanistan. His new book is
Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at
[email protected].
"... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors... ..."
"A
mysterious hacking group has been bedeviling the U.S. intelligence community for months, releasing a
tranche of secret National Security Agency hacking tools to the public while offering to sell even more
for the right price. Now with barely a week to go before Donald Trump's inauguration, the self-styled
"Shadow Brokers" on Thursday announced that they were packing it in.
"So long, farewell peoples. TheShadowBrokers is going dark, making exit," the group wrote on its
darknet site...
The message was accompanied by a parting gift...an apparently complete NSA backdoor
kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables,
only one of which was previously known to antivirus vendors...
... ... ...
The Shadow Brokers emerged in August with the announcement that they'd stolen the hacking tools used
by a sophisticated computer-intrusion operation known as the Equation Group, and were putting them up
for sale to the highest bidder. It was a remarkable claim, because the Equation Group is generally understood
to be part of the NSA's elite Tailored Access Operations program and is virtually never detected, much
less penetrated.
... ... ...
Released along with the announcement was a huge cache of specialized malware, including dozens of
backdoor programs and 10 exploits, two of them targeting previously unknown security holes in Cisco
routers-a basic building block of the internet. While Cisco and other companies scrambled for a fix,
security experts pored over the Shadow Brokers tranche like it was the Rosetta Stone. "It was the first
time, as threat-intelligence professionals, that we've had access to what appears to be a relatively
complete toolkit of a nation-state attacker," says Jake Williams, founder of Rendition Infosec. "It
was excitement in some circles, dismay in other circles, and panic and a rush to patch if you're running
vulnerable hardware."
(pcworld.com)
83
Posted by msmash
on Tuesday December 06, 2016 @11:00AM
from the
business-as-usual
dept.
Security experts consider the aging FTP and Telnet protocols unsafe, and HP has
decided to clamp down on access to networked printers through the remote-access
tools
. From a report on PCWorld:
Some of HP's new business printers
will, by default, be closed to remote access via protocols like FTP and Telnet.
However, customers can activate remote printing access through those protocols
if needed. "HP has started the process of closing older, less-maintained
interfaces including ports, protocols and cipher suites" identified by the U.S.
National Institute of Standards and Technology as less than secure, the company
said in a statement. In addition, HP also announced firmware updates to
existing business printers with improved password and encryption settings, so
hackers can't easily break into the devices.
(bleepingcomputer.com)
207
Posted by
BeauHD
on Tuesday December 06, 2016 @08:25PM
from the
hidden-in-plain-sight
dept.
An anonymous reader quotes a report from BleepingComputer:
For the past two
months, a new exploit kit has been
serving malicious code hidden in the pixels of banner ads via a malvertising
campaign
that has been active on several high profile websites.
Discovered by security researchers from ESET
, this new exploit kit is named
Stegano, from the word
steganography
, which is a technique of hiding content inside other files.
In this particular scenario, malvertising campaign operators hid malicious code
inside PNG images used for banner ads. The crooks took a PNG image and altered
the transparency value of several pixels. They then packed the modified image
as an ad, for which they bought ad displays on several high-profile websites.
Since a large number of advertising networks allow advertisers to deliver
JavaScript code with their ads, the crooks also included JS code that would
parse the image, extract the pixel transparency values, and using a
mathematical formula, convert those values into a character. Since images have
millions of pixels, crooks had all the space they needed to pack malicious code
inside a PNG photo. When extracted, this malicious code would redirect the user
to an intermediary ULR, called gate, where the host server would filter users.
This server would only accept connections from Internet Explorer users. The
reason is that the gate would exploit the CVE-2016-0162 vulnerability that
allowed the crooks to determine if the connection came from a real user or a
reverse analysis system employed by security researchers. Additionally, this IE
exploit also allowed the gate server to detect the presence of antivirus
software. In this case, the server would drop the connection just to avoid
exposing its infrastructure and trigger a warning that would alert both the
user and the security firm. If the gate server deemed the target valuable, then
it would redirect the user to the final stage, which was the exploit kit
itself, hosted on another URL. The Stegano exploit kit would use three Adobe
Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack
the user's PC, and forcibly download and launch into execution various strains
of malware.
(pcworld.com)
55
Posted by msmash
on Wednesday December 07, 2016 @12:20PM
from
the
security-woes
dept.
Many network security cameras made by Sony could be taken over by hackers and
infected with botnet malware if their firmware is not updated to the latest
version. Researchers from SEC Consult have
found two backdoor accounts that exist in 80 models of professional Sony
security cameras
, mainly used by companies and government agencies given
their high price, PCWorld reports. From the article:
One set of hard-coded
credentials is in the Web interface and allows a remote attacker to send
requests that would enable the Telnet service on the camera, the SEC Consult
researchers said in an advisory Tuesday. The second hard-coded password is for
the root account that could be used to take full control of the camera over
Telnet. The researchers established that the password is static based on its
cryptographic hash and, while they haven't actually cracked it, they believe
it's only a matter of time until someone does. Sony released a patch to the
affected camera models last week.
(zdnet.com)
30
Posted by msmash
on Thursday December 08, 2016 @11:45AM
from the
security-woes-and-fixes
dept.
Yahoo says it has fixed a severe security vulnerability in its email service
that
allowed an attacker to read a victim's email inbox
. From a report on ZDNet:
The cross-site scripting (XSS) attack only required a victim to view an email
in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko
Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In
a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail
bug, which similarly let an attacker compromise a user's account. Yahoo filters
HTML messages to ensure that malicious code won't make it through into the
user's browser, but the researcher found that the filters didn't catch all of
the malicious data attributes.
(onthewire.io)
25
Posted by
BeauHD
on Friday December 09, 2016 @05:00AM
from the
out-of-the-woodwork
dept.
Trailrunner7
quotes a report
from On the Wire:
Malware gangs, like sad wedding bands bands, love to play
the hits. And one of the hits they keep running back over and over is the Zeus
banking Trojan, which has been in use for many years in a number of different
forms. Researchers have
unearthed a new piece of malware called Floki Bot that is based on the
venerable Zeus source code
and is being used to infect point-of-sale
systems, among other targets. Flashpoint
conducted the analysis
of Floki Bot with Cisco's Talos research team, and
the two organizations said that the author behind the bot maintains a presence
on a number of different underground forums, some of which are in Russian or
other non-native languages for him. Kremez said that attackers sometimes will
participate in foreign language forums as a way to expand their knowledge.
Along with its PoS infection capability, Floki Bot also has a feature that
allows it to use the Tor network to communicate.
"During our analysis of
Floki Bot, Talos identified modifications that had been made to the dropper
mechanism present in the leaked Zeus source code in an attempt to make Floki
Bot more difficult to detect. Talos also observed the introduction of new code
that allows Floki Bot to make use of the Tor network. However, this
functionality does not appear to be active for the time being," Cisco's Talos
team
said in its analysis
.
A patch was pushed to the mainline Linux kernel December 2, four days after it
was privately disclosed. Pettersson has developed a proof-of-concept exploit
specifically for Ubuntu distributions, but told Threatpost his attack could be
ported to other distros with some changes. The vulnerability is a race
condition that was discovered in the
af_packet
implementation in the
Linux kernel, and Pettersson said that a local attacker could exploit the bug
to gain kernel code execution from unprivileged processes. He said the bug
cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug
allows you to trick the kernel into thinking it is working with one kind of
object, while you actually switched it to another kind of object before it
could react."
(securityledger.com)
147
Posted by EditorDavid
on Sunday December 11, 2016 @01:34PM
from the
nixing-the-network
dept.
"By convincing a user to visit a specially crafted web site, a remote attacker
may execute arbitrary commands with root privileges on affected routers," warns
a new vulnerability notice
from Carnegie Mellon University's CERT. Slashdot reader
chicksdaddy
quotes Security
Ledger's story about certain models of Netgear's routers:
Firmware version
1.0.7.2_1.1.93 (and possibly earlier) for the R7000 and version 1.0.1.6_1.0.4
(and possibly earlier) for the R6400 are
known to contain the arbitrary command injection vulnerability
. CERT cited
"community reports" that indicate the R8000, firmware version 1.0.3.4_1.1.2, is
also vulnerable... The flaw was found in new firmware that runs the Netgear
R7000 and R6400 routers. Other models and firmware versions may also be
affected, including the R8000 router, CMU CERT warned.
With no work around to the flaw, CERT recommended that Netgear customers
disable their wifi router until a software patch from the company that
addressed the hole was available... A search of the public internet using the
Shodan search engine finds around 8,000 R6450 and R7000 devices that can be
reached directly from the Internet and that would be vulnerable to takeover
attacks. The vast majority of those are located in the United States.
Proof-of-concept exploit code was released by a Twitter user who, according to
the article, said "he informed Netgear of the flaw more than four months ago,
but did not hear back from the company since then."
(bleepingcomputer.com)
137
Posted by
BeauHD
on Wednesday December 14, 2016 @07:45PM
from
the
connected-devices
dept.
An anonymous reader quotes a report from BleepingComputer:
Malicious ads are
serving exploit code to infect routers
, instead of browsers, in order to
insert ads in every site users are visiting. Unlike previous malvertising
campaigns that targeted users of old Flash or Internet Explorer versions, this
campaign focused on Chrome users, on both desktop and mobile devices. The
malicious ads included in this malvertising campaign contain exploit code for
166 router models, which allow attackers to take over the device and insert ads
on websites that didn't feature ads, or replace original ads with the
attackers' own. Researchers
haven't yet managed to determine an exact list of affected router models
,
but some of the brands targeted by the attackers include Linksys, Netgear,
D-Link, Comtrend, Pirelli, and Zyxel. Because the attack is carried out via the
user's browser, using strong router passwords or disabling the administration
interface is not enough. The only way users can stay safe is if they update
their router's firmware to the most recent versions, which most likely includes
protection against the vulnerabilities used by this campaign.
The
"campaign" is called DNSChanger EK and works when attackers buy ads on
legitimate websites and insert malicious JavaScript in these ads, "which use a
WebRTC request to a Mozilla STUN server to determine the user's local IP
address," according to BleepingComputer. "Based on this local IP address, the
malicious code can determine if the user is on a local network managed by a
small home router, and continue the attack. If this check fails, the attackers
just show a random legitimate ad and move on. For the victims the crooks deem
valuable, the attack chain continues. These users receive a tainted ad which
redirects them to the DNSChanger EK home, where the actual exploitation begins.
The next step is for the attackers to send an image file to the user's browser,
which contains an AES (encryption algorithm) key embedded inside the photo
using the technique of steganography. The malicious ad uses this AES key to
decrypt further traffic it receives from the DNSChanger exploit kit. Crooks
encrypt their operations to avoid the prying eyes of security researchers."
(vice.com)
33
Posted by
BeauHD
on Wednesday December 14, 2016 @08:25PM
from
the
buy-one-get-one
dept.
An anonymous reader quotes a report from Motherboard:
The Shadow Brokers --
a hacker or group of hackers that stole computer exploits from the National
Security Agency -- has been quiet for some time. After their auction and
crowd-funded approach for selling the exploits met a lukewarm reception, the
group seemingly stopped posting new messages in October. But a newly uncovered
website, which includes a file apparently signed with The Shadow Brokers'
cryptographic key, suggests the group is
trying to sell hacking tools directly to buyers one by one
, and a cache of
files appears to include more information on specific exploits. On Wednesday,
someone calling themselves Boceffus Cleetus
published a Medium post
called "Are the Shadow Brokers selling NSA tools on
ZeroNet?" Cleetus, who has
an American flag with
swastikas
as their profile picture, also tweeted the post from a Twitter
account created this month. The site includes a long list of supposed items for
sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted
into a type, such as "implant," "trojan," and "exploit," and comes with a price
tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the
whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a
selection of screenshots and files related to each item. Along with those is a
file signed with a PGP key with an identical fingerprint to that linked to the
original Shadow Brokers dump of exploits from August. This newly uncovered file
was apparently signed on 1 September; a different date to any of The Shadow
Brokers'
previously signed messages
.
(netgear.com)
26
Posted by EditorDavid
on Saturday December 17, 2016 @10:34AM
from the
but-they-might-not-work
dept.
The Department of Homeland Security's CERT issued a warning last week that
users
should "strongly
consider"
not using some models of NetGear routers, and the list expanded
this week to include 11 different models. Netgear's now updated their web page,
announcing eight "beta" fixes, along with three more "production" fixes.
chicksdaddy
writes:
The
company said the new [beta] firmware has not been fully tested and "
might
not work for all users
." The company offered it as a "temporary solution"
to address the security hole. "Netgear is working on a production firmware
version that fixes this command injection vulnerability and will release it as
quickly as possible," the company said in a post to its online knowledgebase
early Tuesday.
The move follows publication of a warning from experts at Carnegie Mellon on
December 9 detailing a serious "arbitrary command injection" vulnerability in
the latest version of firmware used by a number of Netgear wireless routers.
The security hole could allow a remote attacker to take control of the router
by convincing a user to visit a malicious web site... The vulnerability was
discovered by an individual...who says
he contacted Netgear about the flaw four months ago
, and went public with
information on it after the company failed to address the issue on its own.
Posted by EditorDavid
on Saturday December 17, 2016 @05:34PM
from the
jeopardized-in-June
dept.
mask.of.sanity
writes:
A
researcher has reported
10 vulnerabilities in McAfee's VirusScan Enterprise for Linux
that when
chained together result in root remote code execution. McAfee took six months
to fix the bugs issuing a patch December 9th.
Citing the
security note
,
CSO adds that "one of the issues
affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8
."
The vulnerability was reported by Andrew Fasano at MIT's federally-funded
security lab, who said he targeted McAfee's client because "it runs as root, it
claims to make your machine more secure, it's not particularly popular, and it
looks like it hasn't been updated in a long time."
Posted by EditorDavid
on Saturday December 17, 2016 @06:34PM
from the
catch-me-if-you-can
dept.
"Following a failed takedown attempt, changes made to the Mirai malware variant
responsible for building one of today's biggest botnets of IoT devices will
make it incredibly harder for authorities and security firms to shut it down,"
reports Bleeping Computer. An anonymous reader writes:
Level3 and others"
have been very close to taking down one of the biggest Mirai botnets around,
the same one that attempted to
knock the Internet offline in Liberia
, and also hijacked 900,000 routers
from
German ISP Deutsche Telekom
.The botnet narrowly escaped due to the fact
that its maintainer, a hacker known as BestBuy, had implemented a
domain-generation algorithm to generate random domain names where he hosted his
servers.
Currently, to avoid further takedown attempts from similar security firms,
BestBuy has
started moving the botnet's command and control servers to Tor
. "It's all
good now. We don't need to pay thousands to ISPs and hosting. All we need is
one strong server," the hacker said. "Try to shut down .onion 'domains' over
Tor," he boasted, knowing that nobody can.
(neowin.net)
35
Posted by EditorDavid
on Sunday December 18, 2016 @02:34PM
from the
profile-views
dept.
Less than four weeks after Microsoft formally
acquired LinkedIn for $26 billion
, there's been a database breach. An
anonymous reader writes:
LinkedIn is sending emails to 9.5 million users of
Lynda.com, its online learning subsidiary,
warning the users of a database breach by "an unauthorized third party"
.
The affected database included contact information for at least some of the
users. An email to customers says "while we have no evidence that your specific
account was accessed or that any data has been made publicly available, we
wanted to notify you as a precautionary measure." Ironically, the breach comes
less than a month after Russia
blocked access to LinkedIn over privacy concerns
.
LinkedIn has also reset the passwords for 55,000 Lynda.com accounts (though
apparently many of its users don't have accounts with passwords).
(bleepingcomputer.com)
211
Posted by EditorDavid
on Sunday December 18, 2016 @04:44PM
from the
denial-of-liberty-counterattack
dept.
This week the FBI arrested a 26-year-old southern California man for launching
a DDoS attack against online chat service Chatango at the end of 2014 and in
early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire"
services. An anonymous reader writes:
Sean Krishanmakoto Sharma, a computer
science graduate student at USC, is now
facing up to 10 years in prison
and/or a fine of up to $250,000.
Court documents
describe a service called Xtreme Stresser as "basically a
Linux botnet DDoS tool," and allege that Sharma rented it for an attack on
Chatango, an online chat service. "Sharma is now free on a $100,000 bail,"
reports Bleeping Computer, adding "As part of his bail release agreement,
Sharma is banned from accessing certain sites such as HackForums and tools such
as VPNs..."
"Sharma's arrest is part of
a bigger operation against DDoS-for-Hire services, called Operation Tarpit
,"
the article points out. "Coordinated by Europol, Operation Tarpit took place
between December 5 and December 9, and concluded with the arrest of 34 users of
DDoS-for-hire services across the globe, in countries such as Australia,
Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal,
Romania, Spain, Sweden, the United Kingdom and the United States." It grew out
of an earlier investigation into a U.K.-based DDoS-for-hire service which had
400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.
(reuters.com)
101
Posted by
BeauHD
on Thursday December 22, 2016 @06:25PM
from the
come-out-come-out-wherever-you-are
dept.
schwit1
quotes a report from
Reuters:
A hacking group linked to the Russian government and high-profile
cyber attacks against Democrats during the U.S. presidential election likely
used a
malware implant on Android devices to track and target Ukrainian artillery
units
from late 2014 through 2016, according to a
new report
released Thursday. The malware was able to retrieve
communications and some locational data from infected devices, intelligence
that would have likely been used to strike against the artillery in support of
pro-Russian separatists fighting in eastern Ukraine, the report from cyber
security firm CrowdStrike found. The hacking group, known commonly as Fancy
Bear or APT 28, is believed by U.S. intelligence officials to work primarily on
behalf of the GRU, Russia's military intelligence agency. The implant leveraged
a legitimate Android application developed by a Ukrainian artillery officer to
process targeting data more quickly, CrowdStrike said. Its deployment "extends
Russian cyber capabilities to the front lines of the battlefield," the report
said, and "could have facilitated anticipatory awareness of Ukrainian artillery
force troop movement, thus providing Russian forces with useful strategic
planning information."
(techcrunch.com)
122
Posted by
BeauHD
on Thursday November 24, 2016 @08:00AM
from the
proof-of-concept
dept.
As if we don't already have enough devices that can listen in on our
conversations, security researchers at Israel's Ben Gurion University have
created malware that will turn your headphones into microphones
that can
slyly record your conversations. TechCrunch reports:
The proof-of-concept,
called "
Speake(a)r
," first
turned headphones connected to a PC into microphones and then tested the
quality of sound recorded by a microphone vs. headphones on a target PC. In
short, the headphones were nearly as good as an unpowered microphone at picking
up audio in a room. It essentially "retasks" the RealTek audio codec chip
output found in many desktop computers into an input channel. This means you
can plug your headphones into a seemingly output-only jack and hackers can
still listen in. This isn't a driver fix, either. The embedded chip does not
allow users to properly prevent this hack which means your earbuds or nice cans
could start picking up conversations instantly. In fact, even if you disable
your microphone, a computer with a RealTek chip could still be hacked and
exploited without your knowledge. The sound quality, as shown by this chart, is
pretty much the same for a dedicated microphone and headphones.
The
researchers have
published a video
on YouTube demonstrating how this malware works.
(reuters.com)
57
Posted by msmash
on Thursday November 24, 2016 @10:04AM
from the
security-woes
dept.
Hackers gained access to sensitive information, including Social Security
numbers,
for
134,386 current and former U.S. sailors, the U.S. Navy has said
. According
to Reuters:
It said a laptop used by a Hewlett Packard Enterprise Services
employee working on a U.S. Navy contract was hacked. Hewlett Packard informed
the Navy of the breach on Oct. 27 and the affected sailors will be notified in
the coming weeks, the Navy said. "The Navy takes this incident extremely
seriously - this is a matter of trust for our sailors," Chief of Naval
Personnel Vice Admiral Robert Burke said in a statement.
(arstechnica.com)
30
Posted by
BeauHD
on Tuesday November 29, 2016 @09:05PM
from the
thank-God-for-backups
dept.
An anonymous reader quotes a report from Ars Technica:
The attacker who
infected servers and desktop computers
at the San Francisco Metropolitan
Transit Agency (SFMTA) with ransomware on November 25 apparently
gained access to the agency's network by way of a known vulnerability in an
Oracle WebLogic server
. That vulnerability is similar to the one used to
hack a Maryland hospital network's systems in April and infect multiple
hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't
specifically targeted by the attackers; the agency just came up as a target of
opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA
spokesperson Paul Rose said that on November 25, "we became aware of a
potential security issue with our computer systems, including e-mail." The
ransomware "encrypted some systems mainly affecting computer workstations," he
said, "as well as access to various systems. However, the SFMTA network was not
breached from the outside, nor did hackers gain entry through our firewalls.
Muni operations and safety were not affected. Our customer payment systems were
not hacked. Also, despite media reports, no data was accessed from any of our
servers." That description of the ransomware attack is not consistent with some
of the evidence of previous ransomware attacks by those behind the SFMTA
incident -- which Rose said primarily affected about 900 desktop computers
throughout the agency. Based on communications uncovered from the ransomware
operator behind the Muni attack published by
security reporter Brian Krebs
, an SFMTA Web-facing server was likely
compromised by what is referred to as a "deserialization" attack after it was
identified by a vulnerability scan. A security researcher told Krebs that he
had been able to gain access to the mailbox used in the malware attack on the
Russian e-mail and search provider Yandex by guessing its owner's security
question, and he provided details from the mailbox and another linked mailbox
on Yandex. Based on details found in e-mails for the accounts, the attacker ran
a server loaded with open source vulnerability scanning tools to identify and
compromise servers to use in spreading the ransomware,
known as HDDCryptor and Mamba
, within multiple organizations' networks.
(reuters.com)
88
Posted by msmash
on Friday December 02, 2016 @12:20PM
from the
hmmm
dept.
Russia said on Friday it had uncovered a plot by foreign spy agencies to sow
chaos in Russia's banking system via a
coordinated wave of cyber attacks and fake social media reports about banks
going bust
. From a report on Reuters:
Russia's domestic intelligence
agency, the Federal Security Service (FSB), said that the servers to be used in
the alleged cyber attack were located in the Netherlands and registered to a
Ukrainian web hosting company called BlazingFast. The attack, which was to
target major national and provincial banks in several Russian cities, was meant
to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber
attack would be accompanied by a mass send-out of SMS messages and publications
in social media of a provocative nature regarding a crisis in the Russian
banking system, bankruptcies and license withdrawals," it said. "The FSB is
carrying out the necessary measures to neutralize threats to Russia's economic
and information security."
Given that the Donald Trump victory already made Yahoo less attractive for
Verizon, the latest billion-account-hack at Yahoo could let Verizon dump their
buy-out and still collect a
$145 million break-up fee .
Yahoo's stock plunged
over 6 percent after the company
admitted its customer data had been hacked again, with at least 1 billion
accounts exposed in 2014. The horribly bad news for Yahoo followed an equally bad
news report in September that
500 million e-mail account were hacked in 2013. Yahoo unfortunately now has
the distinction of suffering both of the history's largest client hacks.
SIGN UP FOR OUR NEWSLETTER
Verizon's top lawyer told reporters after the first Yahoo hack that the
disclosure constituted a "
potential material adverse event
" that would
allow for the mobile powerhouse to pull out of the $4.83 billion deal they
announced on July 25, 2016.
Less than 24 hours after Yahoo
disclosed the
even larger hack of client accounts by a "state-sponsored actor," Bloomberg
reported
that Verizon is "
exploring a price cut or possible exit
" from its
proposed Yahoo acquisition.
Breitbart
reported that Google and other Silicon Valley companies were huge corporate
winners when Chairman Tom Wheeler and the other two Democrat political appointees
on the FCC voted on a party-line vote in mid-February 2015 for a new regulatory
structure called '
Net
Neutrality .
' Although Wheeler claimed, "
These enforceable,
bright-line rules will ban paid prioritization, and the blocking and throttling of
lawful content and services
," they were a huge economic disaster for
Verizon's high-speed broadband business model.
Verizon responded last year by paying
$4.4 billion to buy AOL in order to pick up popular news sites, large
advertising business, and more than 2 million Internet dial-up subscribers. Buying
Yahoo was expected to give the former telephone company to achieve "scale" by
controlling a second web content pioneer.
After President and CEO Marissa Mayer began organizing an auction in March,
Yahoo stock doubled from $26 a share to $51 by September. But she announced on
Wednesday the new hack, Yahoo's stock has been plunging to $38.40 in after-market
trading.
The buyer normally has to pay a break-up fee if an acquisition fails. But Yahoo
chose to run its own
auction that "
communicated with a total of 51 parties to evaluate their
interest in a potential transaction
." Then between February and April 2016, a
"short list" of "
32 parties signed confidentiality agreements with Yahoo
,"
including 10 strategic parties and 22 financial sponsors.
Yahoo's
13D proxy statement filed with the SEC was mostly boilerplate disclosure, but
it seemed that something must have been a potential problem at Yahoo for the
company to offer a $145 million termination fee to Verizon if the deal did not
close.
Yahoo on Wednesday issued a statement saying personal information from more
than a billion user accounts was stolen in 2014. The news followed the company's
announcement in September that hackers had stolen personal data from at least half
a billion accounts in 2013. Yahoo said it believes the two thefts were by
different parties.
Yahoo admitted that both hacks were so extensive that they included users'
names, email addresses, phone numbers, dates of birth, scrambled passwords and
security questions and answers. But Yahoo stated, "
Payment card data and bank
account information are not stored in the system the company believes was affected
."
Yahoo said they have invalidated unencrypted security questions and answers in
user accounts. They are in the process of notifying potentially affected users and
is requiring them to change their passwords.
Yahoo was already facing nearly two dozen class-action lawsuits over the first
breach and the company's failure to report it on a timely basis. A federal 3 judge
panel last week consolidated 5 of the suits into a mass tort in the San Jose U.S.
District Court.
Undoubtedly, there will be a huge number of user lawsuits filed against Yahoo
in the next few weeks.
As the Worm Turns!
For all those Amurican rubes out there who beleived that Homeland Security was protecting them
against foreign terrorists – ha hahahahahaha!
Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1
billion user accounts, breaking the company's own humiliating record for the biggest security breach
in history.
The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate
hack that Yahoo announced nearly three months ago . That breach affected at least 500 million users,
which had been the most far-reaching hack until the latest revelation.
Yahoo has more than a billion monthly active users, although some have multiple accounts and others
have none at all. An unknown number of accounts were affected by both hacks.
In both attacks, the stolen information included names, email addresses, phone numbers, birthdates
and security questions and answers. The company says it believes bank-account information and payment-card
data were not affected.
"... What if the disk is passworded? What about that not all systems are exclusively for business/corporate use (see also BYOD) and therefore may be tuned to varying security postures owing to other factors? ..."
"... Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over. One used to could safely leave someone alone with their computer while one went to the kitchen for a glass of water. Now this tooling has made the time and experience components a bit less relevant to successful, quick pwnage with few or no tracks. Neato! ..."
The "Poison Tap" is not really that big of deal. It's usually trivially easy
to break into any computer that you can physically access. You can boot from a
CD or USB drive, for instance, or even just steal the hard drive. Security on USB
needs to be improved, but this is not even close to being the end of the world.
If you have the time with the physical machine anyway.
I could see kids having fun with this though. Going into a box store that has computers on display,
getting access (even better if they have a web cam on it). Upload porn or shocking material and showing
the customers and watching/recording the reactions and putting it on youtube.
Or more nefarious, the same thing but for casing a store (limited vantage from the web cam .but
may better than nothing).
Etc. lots you could do and more importantly not a lot of skill required. Lower bar for entry for
hacking mischief and a low cost.
LarryB, and how long will that take you? And will you have the computer back
together by the time they see you? And will logs suggest anything funny happened
around that time? What if the disk is passworded? What about that not all systems
are exclusively for business/corporate use (see also BYOD) and therefore may
be tuned to varying security postures owing to other factors?
Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over.
One used to could safely leave someone alone with their computer while one went to the kitchen for
a glass of water. Now this tooling has made the time and experience components a bit less relevant
to successful, quick pwnage with few or no tracks. Neato!
"... WikiLeaks series on deals involving Hillary Clinton campaign Chairman John Podesta. Mr Podesta is a long-term associate of the Clintons and was President Bill Clinton's Chief of Staff from 1998 until 2001. Mr Podesta also owns the Podesta Group with his brother Tony, a major lobbying firm and is the Chair of the Center for American Progress (CAP), a Washington DC-based think tank. ..."
"... if President Obama signs this terrible legislation that blatantly validates Bernie's entire campaign message about Wall Street running our government, this will give Bernie a huge boost and 10,000 -20,000 outraged citizens (who WILL turn up because they will be so angry at the President for preemption vt) will be marching on the Mall with Bernie as their keynote speaker. " ..."
"... But Hirshberg does not stop here. In order to persuade Podesta about the seriousness of the matter, he claims that " It will be terrible to hand Sanders this advantage at such a fragile time when we really need to save our $$$ for the Trump fight. " ..."
WikiLeaks series on deals involving Hillary Clinton campaign Chairman John Podesta. Mr Podesta
is a long-term associate of the Clintons and was President Bill Clinton's Chief of Staff from 1998
until 2001. Mr Podesta also owns the Podesta Group with his brother Tony, a major lobbying firm and
is the Chair of the Center for American Progress (CAP), a Washington DC-based think tank.
Hirshberg writes to a familiar person, as he was mentioned at the time as a possible 2008 Democratic
candidate for the U.S. Senate, requesting Obama should not pass the Roberts bill because " if
President Obama signs this terrible legislation that blatantly validates Bernie's entire campaign
message about Wall Street running our government, this will give Bernie a huge boost and 10,000 -20,000
outraged citizens (who WILL turn up because they will be so angry at the President for preemption
vt) will be marching on the Mall with Bernie as their keynote speaker. "
But Hirshberg does not stop here. In order to persuade Podesta about the seriousness of the matter,
he claims that " It will be terrible to hand Sanders this advantage at such a fragile time when
we really need to save our $$$ for the Trump fight. "
"Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive
specialists have hacked into Russia's power grids, telecommunications networks, and the Kremlin's
command systems for a possible sabotage."
"... The emails currently roiling the US presidential campaign are part of some unknown digital collection amassed by the troublesome Anthony Weiner, but if your purpose is to understand the clique of people who dominate Washington today, the emails that really matter are the ones being slowly released by WikiLeaks from the hacked account of Hillary Clinton's campaign chair John Podesta. ..."
The emails currently roiling the US presidential campaign are part of some unknown digital
collection amassed by the troublesome Anthony Weiner, but if your purpose is to understand the
clique of people who dominate Washington today, the emails that really matter are the ones being
slowly released by WikiLeaks from the hacked account of Hillary Clinton's campaign chair John
Podesta. They are last week's scandal in a year running over with scandals, but in truth their
significance goes far beyond mere scandal: they are a window into the soul of the Democratic
party and into the dreams and thoughts of the class to whom the party answers.
The class to which I refer is not rising in angry protest; they are by and large pretty
satisfied, pretty contented. Nobody takes road trips to exotic West Virginia to see what the
members of this class looks like or how they live; on the contrary, they are the ones for whom
such stories are written. This bunch doesn't have to make do with a comb-over TV mountebank for a
leader; for this class, the choices are always pretty good, and this year they happen to be
excellent.
They are the comfortable and well-educated mainstay of our modern Democratic party. They are also
the grandees of our national media; the architects of our software; the designers of our streets;
the high officials of our banking system; the authors of just about every plan to fix social
security or fine-tune the Middle East with precision droning. They are, they think, not a class
at all but rather the enlightened ones, the people who must be answered to but who need never
explain themselves.
REPORTERS RSVP (28) 1. ABC – Liz Kreutz 2. AP – Julie Pace 3. AP - Ken Thomas 4. AP - Lisa Lerer
5. Bloomberg - Jennifer Epstein 6. Buzzfeed - Ruby Cramer 7. CBS – Steve Chagaris 8. CNBC - John
Harwood 9. CNN - Dan Merica 10. Huffington Post - Amanda Terkel 11. LAT - Evan Handler 12. McClatchy
- Anita Kumar 13. MSNBC - Alex Seitz-Wald 14. National Journal - Emily Schultheis 15. NBC – Mark
Murray 16. NPR - Mara Liassion 17. NPR – Tamara Keith 18. NYT - Amy Chozik 19. NYT - Maggie Haberman
20. Politico - Annie Karni 21. Politico - Gabe Debenedetti 22. Politico - Glenn Thrush 23. Reuters
- Amanda Becker 24. Washington Post - Anne Gearan 25. Washington Post – Phil Rucker 26. WSJ -
Colleen McCain Nelson 27. WSJ - Laura Meckler 28. WSJ - Peter Nicholas
Pigeon •Nov 3, 2016 9:49 AM
It bothers me these stories are constantly prefaced with the idea that Wikileaks is saving
Trump's bacon. Hillary wouldn't even be close if the press weren't in the tank for her. How about
Wikileaks evening the playing field with REAL STORIES AND FACTS?
Briefly, it seems Podesta received an email "You need to change your password", asked for professional
advice from his staff if it was legit, was told "Yes, you DO need to change your password", but
then clicked on the link in the original email, which was sent him with malicious intent, as he
suspected at first and then was inappropriately reassured about - rather than on the link sent
him by the IT staffer.
Result - the "phishing" email got his password info, and the world now
gets to see all his emails.
Personally, my hope is that Huma and HRC will be pardoned for all their crimes, by Obama, before
he leaves office.
Then I hope that Huma's divorce will go through, and that once Hillary is sworn
in she will at last be courageous enough to divorce Bill (who actually performed the Huma-Anthony
Weiner nuptials - you don't have to make these things up).
Then it could happen that the first
same-sex marriage will be performed in the White House, probably by the minister of DC's Foundry
United Methodist Church, which has a policy of LBGQT equality. Or maybe Hillary, cautious and
middle-of-the-road as usual, will go to Foundry UMC sanctuary for the ceremony, recognizing that
some Americans' sensibilities would be offended by having the rite in the White House.
As Nobel Laureate Bob Dylan wrote, "Love is all there is, it makes the world go round, love
and only love, it can't be denied. No matter what you think about it, you just can't live without
it, take a tip from one who's tried."
Briefly, it seems Podesta received an email "You need to change your password", asked for professional
advice from his staff if it was legit, was told "Yes, you DO need to change your password", but
then clicked on the link in the original email, which was sent him with malicious intent, as he
suspected at first and then was inappropriately reassured about - rather than on the link sent
him by the IT staffer.
Result - the "phishing" email got his password info, and the world now
gets to see all his emails.
Personally, my hope is that Huma and HRC will be pardoned for all their crimes, by Obama, before
he leaves office.
Then I hope that Huma's divorce will go through, and that once Hillary is sworn
in she will at last be courageous enough to divorce Bill (who actually performed the Huma-Anthony
Weiner nuptials - you don't have to make these things up).
Then it could happen that the first
same-sex marriage will be performed in the White House, probably by the minister of DC's Foundry
United Methodist Church, which has a policy of LBGQT equality. Or maybe Hillary, cautious and
middle-of-the-road as usual, will go to Foundry UMC sanctuary for the ceremony, recognizing that
some Americans' sensibilities would be offended by having the rite in the White House.
As Nobel Laureate Bob Dylan wrote, "Love is all there is, it makes the world go round, love
and only love, it can't be denied. No matter what you think about it, you just can't live without
it, take a tip from one who's tried."
In the aftermath of one of the most memorable (c)october shocks in presidential campaign history,
Wikileaks continues its ongoing broadside attack against the Clinton campaign with the relentless
Podesta dump, by unveiling another 596 emails in the latest Part 22 of its Podesta release, bringing
the total emails released so far to exactly 36,190, leaving less than 30% of the total dump left
to go.
As usual we will go parse through the disclosure and bring you some of the more notable ones.
* * *
In a February 2012
email from Chelsea Clinton's NYU alias, [email protected], to Podesta and Mills, Bill and Hillary's frustrated daughter once again points out the "frustration
and confusion" among Clinton Foundation clients in the aftermath of the previously noted scandals
plaguing the Clinton consultancy, Teneo:
Over the past few days a few people from the Foundation have reached out to me frustrated or
upset about _____ (fill in the blank largely derived meetings Friday or Monday). I've responded
to all w/ essentially the following (ie disintermediating myself, again, emphatically) below.
I also called my Dad last night to tell him of my explicit non-involvement and pushing all back
to you both and to him as I think that is indeed the right answer. Thanks
Sample: Please share any and all concerns, with examples, without pulling punches, with John
and Cheryl as appropriate and also if you feel very strongly with my Dad directly. Transitions
are always challenging and to get to the right answer its critical that voices are heard and understood,
and in the most direct way - ie to them without intermediation. Particularly in an effort to move
more toward a professionalism and efficiency at the Foundation and for my father - and they're
the decision-makers, my Dad most of all
I have moved all the sussman money from unity '09 to cap and am reviewing the others . I will
assess it and keep you informed
Something else for the DOJ to look into after the elections, perhaps?
* * *
And then there is
this email from August 2015 in which German politician Michael Werz advises John Podesta that
Turkish president Erdogan "is making substantial investments in U.S. to counter opposition (CHP,
Kurds, Gulenists etc.) outreach to policymakers" and the US Government.
John, heard this second hand but more than once. Seems Erdogan faction is making substantial
investments in U.S. to counter opposition (CHP, Kurds, Gulenists etc.) outreach to policymakers
and USG. Am told that the Erdogan crew also tries to make inroads via donations to Democratic
candidates, including yours. Two names that you should be aware of are *Mehmet Celebi* and *Ali
Cinar*. Happy to elaborate on the phone, provided you are not shopping at the liquor store.
This should perhaps explain why the US has so far done absolutely nothing to halt Erdogan's unprecedented
crackdown on "coup plotters" which has seen as many as 100,000 workers lose their jobs, be arrested,
or otherwise removed from Erdogan's political opposition.
"... An important thing about that Time article regarding the Sony Hack is that it is almost two years old. Important because I'm still having to tell people that despite what the President and the government said North Korea didn't hack Sony because of a really bad movie, but that insiders did it for reasons that were never part of the media blitz about it. And believe me, considering that Clinton is lying through her teeth beyond even the government about this, I point this out a lot. ..."
"... Something that jumped out at me in December 2014 was a blog post by David E Martin. His blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted the planned story line. It was amazing to read that the whole plot had actually been presented to Congress years before. ..."
"... I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic false flag event, as that is why he wrote his book "Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also discussed it in person.) ..."
"... Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything at all in the history of the entire world that the Russians aren't responsible for? ..."
An important thing about that Time article regarding the Sony Hack is that it is almost two
years old. Important because I'm still having to tell people that despite what the President and
the government said North Korea didn't hack Sony because of a really bad movie, but that insiders
did it for reasons that were never part of the media blitz about it. And believe me, considering
that Clinton is lying through her teeth beyond even the government about this, I point this out
a lot.
Something that jumped out at me in December 2014 was a blog post by David E Martin. His
blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted
the planned story line. It was amazing to read that the whole plot had actually been presented
to Congress years before.
I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic
false flag event, as that is why he wrote his book
"Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also
discussed it in person.)
I had to laugh when I read this in the article though:
"A recent linguistic analysis cited in the New York Times found that the hackers' language
in threats against Sony was written by a native Russian speaker and not a native Korean speaker."
Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything
at all in the history of the entire world that the Russians aren't responsible for?
New evidence appears to show how hackers earlier this year stole more than 50,000 emails
of Hillary Clinton's campaign chairman, an audacious electronic attack blamed on Russia's government
and one that has resulted in embarrassing political disclosures about Democrats in the final
weeks before the U.S. presidential election.
The hackers sent John Podesta an official-looking email on Saturday, March 19, that appeared
to come from Google. It warned that someone in Ukraine had obtained Podesta's personal Gmail
password and tried unsuccessfully to log in, and it directed him to a website where he should
"change your password immediately."
Podesta's chief of staff, Sara Latham, forwarded the email to the operations help desk of
Clinton's campaign, where staffer Charles Delavan in Brooklyn, New York, wrote back 25 minutes
later, "This is a legitimate email. John needs to change his password immediately."
And if the ploy was that low-grade, that means that the Russki superbrains in the KGB didn't
have to be behind it. Dear Lord.
This really is a hubris followed by nemesis thing, isn't it? And how sad it is, how tragic,
that it was Brooklyn that brought Podesta down. Somehow I think Delavan is going to have
a hard time getting a job in politics again, but he did the country a great service.
Social engineering wins again. This was something I learned about long ago when Black Box Voting.org
started (approx. 2004). It was one of the many vulnerabilities in various points of election systems,
both with paper and paperless. Very easy to get officials to reveal passwords that allowed access–that's
in addition to the corruption situations. (Or rather, the social engineering angle would be just
one of the tools used by insiders.)
All their arguments does not stand even entry level programmer scrutiny. Especially silly are "Russian
keyboard and timestamps" argument. As if, say Israelis or, say, Estonians, or any other country with
sizable Russian speaking population can't use those to direct investigation at the wrong track ;-).
If I were a Russian hacker trying to penetrate into DNC servers I would use only NSA toolkit and
libraries that I can find on black market. First on all they are reasonably good. the second that help
to direct people to in a wrong direction. and if knew Spanish or English or French reasonably well I
would use them exclusively. If not I would pay for translation of set of variables into those languages
and "forget" to delete symbol table in one of the module giving raw meat to idiots like those.
Actually you can find a lot of such people even in London, Paris, Madrid and NYC, and some of them
really do not like the US neoliberal administration with its unending wars of expansion of neoliberal
empire :-) But still they are considered to be "security expert". When you hear now the word "security
expert", please substitute it for "security charlatan" for better comprehensions -- that's almost always
the case about people posing as security experts for MSM. The only reliable exception are whistleblowers
-- those people sacrifices their lucrative carriers for telling the truth, so they can usually be trusted.
They might exaggerate things on the negative side, though. I personally highly respect William Binney.
The "regular" security expects especially from tiny, struggling security companies in reality they
are low paid propagandists amplifying the set of prepared talking point. The arguments are usually pretty
childish. BTW, after the USA/Israeli operation against Iran using Stixnet and Flame in Middle East,
complex Trojans are just commonplace and are actually available to more or less qualified hacker, or
even a unqualified person with some money and desire to take risks.
I especially like the phrase "beyond a reasonable doubt that the hack was in fact an operation of
the Russian state." Is not this a slander, or what ? Only two cagagiry of peopel: impetcils and paid
presstitutes has think about complex hacking operation origin "beyond reasonable doubt")
How do we really know that the
breaches of the Democratic National Committee were conducted by organizations working on behalf
of the Russian state? With the CIA considering a major counterstrike against the superpower,
as NBC has reported , it's worthwhile for the public to measure how confident we can be that
Putin's government actually deserves retribution.
"When you're investigating a cybersecurity breach, no one knows whether you're a Russian hacker
or a Chinese hacker pretending to be a Russian hacker or even a U.S. hacker pretending to be a Chinese
hacker pretending to be a Russian hacker," reporter Jordan Robertson says during the third episode
of
a solid new podcast from Bloomberg, called "Decrypted." In the new episode, he and fellow reporter
Aki Ito
break down the facts that put security experts beyond a reasonable doubt that the hack was
in fact an operation of the Russian state.
Here are the key points:
Familiar techniques. Crowdstrike
came in first, once DNC IT teams suspected breaches and recognized the techniques of the two
groups it calls Cozy Bear and Fancy Bear. Others refer to them as APT 28 and 29, where APT stands
for " Advanced
Persistent Threat ." Crowdstrike's co-founder Dmitri Alperovitch broke down his reasoning
on its blog , writing, "We've had lots of experience with both of these actors attempting
to target our customers in the past and know them well. In fact, our team considers them some
of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist
groups we encounter on a daily basis."
Redundancy is Russian. The Crowdstrike post explains that the fact that two organizations
were inside and apparently not working together is consistent with Russian operations. " While
you would virtually never see Western intelligence agencies going after the same target without
de-confliction for fear of compromising each other's operations, in Russia this is not an uncommon
scenario," Alperovitch writes.
Such nice code. Bloomberg turns to an ex-cop at one of the companies that Crowdstrike recruited
to check its work, Mike Buratowski at
Fidelis . His company put the code
discovered on DNC servers into a virtual environment to test it. "You look at the complexity of
what the malware was able to do. The fact that it had the ability to, basically, terminate itself
and wipe its tracks, hide its tracks. You know, that's not stuff you see in commoditized malware,
really," Buratowski said. In other words, this wasn't the kind of malware a cybercriminal could
buy on the black market. It was bespoke stuff made by teams of pros. Buratowski later calls the
code "elegant." Motherboard gives examples of
phishing
emails used , which showed careful attention to detail. Too good, he contends, for one person
or a small team to build.
Russian keyboards and timestamps. Investigators found evidence in the code that it had been
written on a Russian style keyboard and
found timestamps across multiple pieces of code consistent with the Russian workday.
Motive. This was an extremely complex hack that took a lot of time and effort. Again, the
Crowdstrike post helps here. It discusses evidence that the spies returned to the scene of the
crime repeatedly to change out code to avoid detection. Buratowski refers to it as an entity with
more operational discipline than an individual or a loose group could sustain. Which begs the
question: who but a nation-state would have sufficient motive to work that hard? Further, the
same groups were linked both to the hacks on
John Podesta and
Colin Powell , which suggests a multi-front initiative. That goes beyond what a hacker collective
might do for bragging rights or lulz.
Information war. The DNC emails dropped the day before the party's national convention. "Releasing
the emails the evening before the convention started? Now you're looking at it like: that really
smacks of an information operation," Buratowski says.
Official attribution from the US government . Washington sees evidence of breaches all the
time. It seldom points the finger at specific states, the Decrypted team argues. The fact that
it has is powerful. "There are ways the government can really know what's going on," Robertson
said, "in a way that no private cybersecurity could ever match."
From there, the podcast asks: what does this hack mean for the U.S. election. They come to basically
the same conclusions that
the Observer did in September : voting systems are very safe-voter rolls are less so, but nation-states
probably want to discredit our system more than they want to change outcomes.
How sure can we be? Buratowski says, "Barring seeing someone at a keyboard or a confession, you're
relying on that circumstantial evidence." So, we can never really know for sure. In fact, even Crowdstrike's
attribution is based on prior experience, which assumes that they have attributed other hacks correctly
in the past. Former congressional staffer Richard Diamond
in USA Today argues that the hacks can be explained by bad passwords, but he also neglects
to counter Crowdstrike's descriptions of the sophisticated code placed inside the servers. From Bloomberg's
version of events, how the hackers got in was really the least interesting part of their investigation.
So what does it all mean? It's natural for political junkies to wonder if there might be further
disclosures coming before Election Day, but - if this is an information operation-it might be even
more disruptive to hold documents until after the election in order to throw doubt on our final choice.
Either way, further disclosures will probably come.
"... I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself, out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird? Here is a tyrannical government with little regard for its demotivated and demoralized citizens who can not on their own displace it. This government threatens nuclear war and kills an unjustified number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere. In the past the US has set the example for dealing with such troubled states; its time the doctor took his own medicine. ..."
"... Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified in intervening in other countries' business because we see further, with a clearer gaze and a purer heart, than any other country in the world. Mired as they are in ignorance or inertia, no other country is qualified to judge us, and any mistakes that we make only occur because of the depths of our love for others and our passion for freedom. ..."
"... America has entered one of its periods of historical madness, but this the worst I can remember: worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous than the Vietnam War. ~John le Carre ..."
"... It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach to foreign affairs - with little or no push back from the national media, either party or even many citizens. Hell, they are applause lines at her rallies. ..."
"... If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't give one a little pause before advocating more of the same, then we might have a problem. ..."
"... Hillary said twice during the debates that "America is great because America is good." Translation: We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing this and our endless criminal wars. ..."
I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself,
out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government
in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird?
Here is a tyrannical government with little regard for its demotivated and demoralized citizens
who can not on their own displace it. This government threatens nuclear war and kills an unjustified
number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere.
In the past the US has set the example for dealing with such troubled states; its time the
doctor took his own medicine.
The "evidence" for Russian hacking is so suspect that anyone who repeats the story instantly
stamps themselves as either a con or a mark. It's depressing to see media corruption so blatantly
displayed. Now I know what 2003 must have felt like (I was too young to have much of an opinion
back then).
The "17 intelligence agencies" claim is complete Clinton bullshit. I'm kind of amazed that
journalists are now stating this as fact. I could say I'm shocked but nothing the presstitutes
do surprises me anymore. They are busy preening for their future White House access. It kind
of makes me want to get drunk and vote for the orange haired guy.
Just finished trying to "re-educate" my husband after he listened to [and apparently believed]
a report in the CBS Evening News on the "Russian hacking of Clinton's e-mails." They reported
it as complete "fact," without even a perfunctory "alleged."
Too difficult to do this correction one person at a time, while the networks have such massive
reach.
It *is* highly asymmetric warfare. And as is normal when working the insurgent side, the
trick isn't to try to win by a large number of winning individual engagements, but rather of
delegitimatizing the side with the resource advantage in a broader, cultural way. Delegitimize
the mainstream media actively. If you win the culture war, you win the political war too just
as a bonus. Tell the truth, unapologetically. That's as bad-ass as it gets.
This is sound advice. Problem is, how to delegitimate media generally? Actual insurgents
avoid direct confrontations with superior occupying power and opt for a variety of other strategies
of attack, including: IED's, flash attacks, suicide bombings, disruption of civilian life,
etc. What are some equivalent, concrete (and legal) strategies for disrupting the order of
imposed media? The use of social media seems to be one option, and maybe the most successful.
Yet this tends to reach only certain segments of population who are unlikely to watch CNN or
read the Post in any case. How can one harm the media powers where it hurts them most, by reaching
and disrupting their actual consumers, who tend to be older, establishment-minded, white, etc…?
How to delegitimize the media? They are doing that themselves. In spades. Listen to the
people around you, they are getting wise to it. Just point it out to anyone who'll listen.
It isn't the bombs and attacks that win an insurgency, none of that stuff works if the cause
isn't widely understood and shared. The victory is won–to recycle a cliché–in the hearts and
minds of the ordinary people. Naked Capitalism is a big ammo depot and we are the grunts and
the munitions are ideas. And as I alluded to above, the power of truth. Truth will kick ass
and take names if you let it.
"Truth will kick ass and take names if you let it."
Thanks for the spirit-raising exhortation Kurt!! Many Americans are walking around with
heads like over-inflated cognitive dissonance balloons. If you listen closely, you can hear
these balloons popping off all the time, resulting in yet another person able to confront reality.
What other intelligence agencies are there than the CIA and NSA? Does anyone know the other
15, and why are these intelligence agencies never spoken of in the media except when its useful
for Clinton?
The idea is essentially that even if the evidence did exist, it should be welcomed with
the same enthusiasm that US interventions have in Syria and Libya.
Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified
in intervening in other countries' business because we see further, with a clearer gaze and
a purer heart, than any other country in the world. Mired as they are in ignorance or inertia,
no other country is qualified to judge us, and any mistakes that we make only occur because
of the depths of our love for others and our passion for freedom.
America has entered one of its periods of historical madness, but this the worst I can remember:
worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous
than the Vietnam War. ~John le Carre
historical madness/hysterical madness … take your pick.
It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach
to foreign affairs - with little or no push back from the national media, either party or even
many citizens. Hell, they are applause lines at her rallies.
If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands
of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't
give one a little pause before advocating more of the same, then we might have a problem.
she's a scorned woman beginning with her father. she's passive-aggressive with women…projects
her never ending insecurities. SO she has something to prove…vengeance is mine.
Hillary said twice during the debates that "America is great because America is good." Translation:
We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing
this and our endless criminal wars.
NATO hot-heads are playing with fire. What if other nations attack members for Stuxnet and
Flame ?..."James Lewis of the Washington-based Center for Strategic and International Studies (CSIS),
one of the country's top cyberwar experts, is somewhat skeptical about the new manual. He sees it
as "a push to lower the threshold for military action." For Lewis, responding to a "denial of service"
attack with military means is "really crazy." He says the Tallinn manual "shows is that you should never
let lawyers go off by themselves."
Arming for Virtual Battle: The Dangerous New Rules of Cyberwar
By Thomas Darnstaedt, Marcel Rosenbach and Gregor Peter Schmitz
Capt. Carrie Kessler/ U.S. Air Force
Now that wars are also being fought on digital battlefields, experts in international law have
established rules for cyberwar. But many questions remain unanswered. Will it be appropriate to respond
to a cyber attack with military means in the future?
The attack came via ordinary email, when selected South Korean companies received messages supposedly
containing credit card information in the middle of the week before last.
Recipients who opened the emails also opened the door to the enemy, because it was in fact an
attack from the Internet. Instead of the expected credit card information, the recipients actually
downloaded a time bomb onto their computers, which was programmed to ignite on Wednesday at 2 p.m.
Korean time.
At that moment, chaos erupted on more than 30,000 computers in South Korean television stations
and banks. The message "Please install an operating system on your hard disk" appeared on the screens
of affected computers, and cash machines ceased to operate. The malware, which experts have now dubbed
"DarkSeoul," deleted data from the hard disks, making it impossible to reboot the infected computers.
DarkSeoul was one of the most serious digital attacks in the world this year, but cyber defense
centers in Western capitals receive alerts almost weekly. The most serious attack to date originated
in the United States. In 2010, high-tech warriors, acting on orders from the US president, smuggled
the destructive "Stuxnet" computer worm into Iranian nuclear facilities.
The volume of cyber attacks is only likely to grow. Military leaders in the US and its European
NATO partners are outfitting new battalions for the impending data war. Meanwhile, international
law experts worldwide are arguing with politicians over the nature of the new threat. Is this already
war? Or are the attacks acts of sabotage and terrorism? And if a new type of war is indeed brewing,
can military means be used to respond to cyber attacks?
The War of the Future
A few days before the computer disaster in Seoul, a group led by NATO published a thin, blue booklet.
It provides dangerous responses to all of these questions. The "Tallinn Manual on the International
Law Applicable to Cyber Warfare" is probably no thicker than the American president's thumb. It is
not an official NATO document, and yet in the hands of President Barack Obama it has the potential
to change the world.
The rules that influential international law experts have compiled in the handbook could blur
the lines between war and peace and allow a serious data attack to rapidly escalate into a real war
with bombs and missiles. Military leaders could also interpret it as an invitation to launch a preventive
first strike in a cyberwar.
At the invitation of a NATO think tank in the Estonian capital Tallinn, and at a meeting presided
over by a US military lawyer with ties to the Pentagon, leading international law experts had discussed
the rules of the war of the future. International law is, for the most part, customary law. Experts
determine what is and can be considered customary law.
The resulting document, the "Tallinn Manual," is the first informal rulebook for the war of the
future. But it has no reassuring effect. On the contrary, it permits nations to respond to data attacks
with the weapons of real war.
Two years ago, the Pentagon clarified where this could lead, when it stated that anyone who attempted
to shut down the electric grid in the world's most powerful nation with a computer worm could expect
to see a missile in response.
A Private Digital Infrastructure
The risks of a cyberwar were invoked more clearly than ever in Washington in recent weeks. In
mid-March, Obama assembled 13 top US business leaders in the Situation Room in the White House basement,
the most secret of all secret conference rooms. The group included the heads of UPS, JPMorgan Chase
and ExxonMobil. There was only one topic: How can America win the war on the Internet?
The day before, Director of National Intelligence James Clapper had characterized the cyber threat
as the "biggest peril currently facing the United States."
The White House was unwilling to reveal what exactly the business leaders and the president discussed
in the Situation Room. But it was mostly about making it clear to the companies how threatened they
are and strengthening their willingness to cooperate, says Rice University IT expert Christopher
Bronk.
The president urgently needs their cooperation, because the US has allowed the laws of the market
to govern its digital infrastructure. All networks are operated by private companies. If there is
a war on the Internet, both the battlefields and the weapons will be in private hands.
This is why the White House is spending so much time and effort to prepare for possible counterattacks.
The aim is to scare the country's enemies, says retired General James Cartwright, author of the Pentagon's
current cyber strategy.
Responsible for that strategy is the 900-employee Cyber Command at the Pentagon, established three
years ago and located in Fort Meade near the National Security Agency, the country's largest intelligence
agency. General Keith Alexander heads both organizations. The Cyber Command, which is expected
to have about 4,900 employees within a few years, will be divided into various defensive and offensive
"Cyber Mission Forces" in the future.
Wild West Online
It's probably no coincidence that the Tallinn manual is being published now. Developed under the
leadership of US military lawyer Michael Schmitt, NATO representatives describe the manual as the
"most important legal document of the cyber era."
In the past, Schmitt has examined the legality of the use of top-secret nuclear weapons systems
and the pros and cons of US drone attacks. Visitors to his office at the Naval War College in Rhode
Island, the world's oldest naval academy, must first pass through several security checkpoints.
"Let's be honest," says Schmitt. "Everyone has treated the Internet as a sort of Wild West, a
lawless zone. But international law has to be just as applicable to online weapons as conventional
weapons."
It's easier said than done, though. When does malware become a weapon? When does a hacker become
a warrior, and when does horseplay or espionage qualify as an "armed attack," as defined under international
law? The answers to such detailed questions can spell the difference between war and peace.
James Lewis of the Washington-based Center for Strategic and International Studies (CSIS), one
of the country's top cyberwar experts, is somewhat skeptical about the new manual. He sees it
as "a push to lower the threshold for military action." For Lewis, responding to a "denial of
service" attack with military means is "really crazy." He says the Tallinn manual "shows is that
you should never let lawyers go off by themselves."
Claus Kress, an international law expert and the director of the Institute for International Peace
and Security Law at the University of Cologne, sees the manual as "setting the course," with "consequences
for the entire law of the use of force." Important "legal thresholds," which in the past were intended
to protect the world against the military escalation of political conflicts or acts of terror, are
becoming "subject to renegotiation," he says.
According to Kress, the most critical issue is the "recognition of a national right of self-defense
against certain cyber attacks." This corresponds to a state of defense, as defined under Article
51 of the Charter of the United Nations, which grants any nation that becomes the victim of an "armed
attack" the right to defend itself by force of arms. The article gained new importance after Sept.
11, 2001, when the US declared the invasion of Afghanistan an act of self-defense against al-Qaida
and NATO proclaimed the application of its mutual defense clause to come to the aid of the superpower.
The question of how malicious malware must be to justify a counterattack can be critical when
it comes to preserving peace. Under the new doctrine, only those attacks that cause physical or personal
damage, but not virtual damage, are relevant in terms of international law. The malfunction of a
computer or the loss of data alone is not sufficient justification for an "armed attack."
But what if, as is often the case, computer breakdowns do not result in physical damage but lead
to substantial financial losses? A cyber attack on Wall Street, shutting down the market for several
days, was the casus belli among the experts in Tallinn. The US representatives wanted to recognize
it as a state of defense, while the Europeans preferred not to do so. But the US military lawyers
were adamant, arguing that economic damage establishes the right to launch a counterattack if it
is deemed "catastrophic."
Ultimately, it is left to each country to decide what amount of economic damage it considers sufficient
to venture into war. German expert Kress fears that such an approach could lead to a "dam failure"
for the prohibition of the use of force under international law.
So was it an armed attack that struck South Korea on March 20? The financial losses caused by
the failure of bank computers haven't been fully calculated yet. It will be up to politicians, not
lawyers, to decide whether they are "catastrophic."
Just how quickly the Internet can become a scene of massive conflicts became evident this month,
when suddenly two large providers came under constant digital attack that seemed to appear out of
nowhere.
The main target of the attack was the website Spamhaus.org, a project that has been hunting down
the largest distributors of spam on the Web since 1998. Its blacklists of known spammers enable other
providers to filter out junk email. By providing this service, the organization has made powerful
enemies and has been targeted in attacks several times. But the current wave of attacks overshadows
everything else. In addition to shutting down Spamhaus, it even temporarily affected the US company
CloudFlare, which was helping fend off the attack. Analysts estimate the strength of the attack at
300 gigabits per second, which is several times as high as the level at which the Estonian authorities
were "fired upon" in 2007. The attack even affected data traffic in the entire Internet. A group
called "Stophaus" claimed responsibility and justified its actions as retribution for the fact that
Spamhaus had meddled in the affairs of powerful Russian and Chinese Internet companies.
Civilian forces, motivated by economic interests, are playing cyberwar, and in doing so they are
upending all previous war logic.
A Question of When, Not If
A field experiment in the US shows how real the threat is. To flush out potential attackers, IT
firm Trend Micro built a virtual pumping station in a small American city, or at least it was supposed
to look like one to "visitors" from the Internet. They called it a "honeypot," designed to attract
potential attackers on the Web.
The trappers installed servers and industrial control systems used by public utilities of that
size. To make the experiment setup seem realistic, they even placed deceptively real-looking city
administration documents on the computers.
After only 18 hours, the analysts registered the first attempted attack. In the next four weeks,
there were 38 attacks from 14 countries. Most came from computers in China (35 percent), followed
by the US (19 percent) and Laos (12 percent).
Many attackers tried to insert espionage tools into the supposed water pumping station to probe
the facility for weaknesses. International law does not prohibit espionage. But some hackers went
further than that, trying to manipulate or even destroy the control devices.
"Some tried to increase the rotation speed of the water pumps to such a degree that they wouldn't
have survived in the real world," says Trend Micro employee Udo Schneider, who categorizes these
cases as "classic espionage."
"There is no question as to whether there will be a catastrophic cyber attack against America.
The only question is when," says Terry Benzel, the woman who is supposed to protect the country from
such an attack and make its computer networks safer. The computer specialist is the head of DeterLab
in California, a project that was established in 2003, partly with funding from the US Department
of Homeland Security, and offers a simulation platform for reactions to cyber attacks.
Benzel's voice doesn't falter when she describes a war scenario she calls "Cyber Pearl Harbor."
This is what it could look like: "Prolonged power outages, a collapse of the power grid and irreparable
disruptions in the Internet." Suddenly, food would not reach stores in time and cash machines would
stop dispensing money. "Everything depends on computers nowadays, even the delivery of rolls to the
baker around the corner," she says.
Benzel also describes other crisis scenarios. For example, she says, there are programs that open
and close gates on American dams that are potentially vulnerable. Benzel is worried that a clever
hacker could open America's dams at will.
Should Preemptive Strikes Be Allowed?
These and other cases are currently being tested in Cyber City, a virtual city US experts have
built on their computers in New Jersey to simulate the consequences of data attacks. Cyber City has
a water tower, a train station and 15,000 residents. Everything is connected in realistic ways, enabling
the experts to study the potentially devastating effects cyber attacks could have on residents.
In Europe, it is primarily intelligence agencies that are simulating digital war games. Germany's
foreign intelligence service, the Bundesnachrichtendienst (BND), also has a unit that studies the
details of future wars. It is telling that the BND team doesn't just simulate defensive situations
but increasingly looks at offensive scenarios, as well, so as to be prepared for a sort of digital
second strike.
"Offensive Cyber Operations," or OCOs, are part of the strategy for future cyberwars in several
NATO countries. The Tallinn manual now establishes the legal basis for possible preemptive strikes,
which have been an issue in international law since former US President George W. Bush launched a
preemptive strike against Iraq in March 2003.
The most contentious issue during the meetings in Tallinn was the question of when an offensive
strike is permissible as an act of preventive self-defense against cyber attacks. According to the
current doctrine, an attack must be imminent to trigger the right to preventive self-defense. The
Tallinn manual is more generous in this respect, stating that even if a digital weapon is only likely
to unfold its sinister effects at a later date, a first strike can already be justified if it is
the last window of opportunity to meet the threat.
The danger inherent in the application of that standard becomes clear in the way that the international
law experts at Tallinn treated Stuxnet, the most devastating malware to date, which was apparently
smuggled into Iranian nuclear facilities on Obama's command. The data attack destroyed large numbers
of centrifuges used for uranium enrichment in the Natanz reprocessing plant. Under the criteria of
the Tallinn manual, this would be an act of war.
Could the US be the perpetrator in a war of aggression in violation of international law? Cologne
international law expert Kress believes that what the Tallinn manual says parenthetically about the
Stuxnet case amounts to a "handout for the Pentagon," namely that Obama's digital attack might be
seen as an "act of preventive self-defense" against the nuclear program of Iran's ayatollahs.
The Fog of Cyber War
According to the Tallinn interpretation, countless virtual espionage incidents of the sort that
affect all industrialized nations almost daily could act as accelerants. Pure cyber espionage, which
American politicians also define as an attack, is not seen an act of war, according to the Tallinn
rules. Nevertheless, the international law experts argue that such espionage attacks can be seen
as preparations for destructive attacks, so that it can be legitimate to launch a preventive attack
against the spy as a means of self-defense.
Some are especially concerned that the Tallinn proposals could also make it possible to expand
the rules of the "war on terror." The authors have incorporated the call of US geostrategic expert
Joseph Nye to take precautions against a "cyber 9/11" into their manual. This would mean that the
superpower could even declare war on organized hacker groups. Combat drones against hackers? Cologne
expert Kress cautions that the expansion of the combat zone to the laptops of an only loosely organized
group of individuals would constitute a "threat to human rights."
Germany's military, the Bundeswehr, is also voicing concerns over the expansion of digital warfare.
Karl Schreiner, a brigadier general with the Bundeswehr's leadership academy in Hamburg, is among
those who see the need for "ethical rules" for the Internet battlefield and believe that an international
canon for the use of digital weapons is required.
Military leaders must rethink the most important question relating to defense in cyberspace: Who
is the attacker? "In most cases," the Tallinn manual reads optimistically, it is possible to identify
the source of data attacks. But that doesn't coincide with the experiences of many IT security experts.
The typical fog of cyberwar was evident most recently in the example of South Korea. At first,
officials said that DarkSeoul was clearly an attack from the north, but then it was allegedly traced
to China, Europe and the United States. Some analysts now suspect patriotically motivated hackers
in North Korea, because of the relatively uncomplicated malware. That leaves the question of just
who South Korea should launch a counterattack against.
The South Korean case prompts Cologne international law expert Kress to conclude that lawyers
will soon have a "new unsolved problem" on their hands -- a "war on the basis of suspicion."
"... The simplest explanation is usually best. All the indicators, especially the support of the donor class, elites of all kinds etc. points towards a Democratic victory, perhaps a very strong victory if the poll numbers last weekend translate into electoral college numbers. ..."
I stopped by to check if my comment had cleared moderation. What follows is a more thorough examination
(not my own, entirely) on Corey's point 1, and some data that may point towards a much narrower
race than we're led to believe.
The leaked emails from one Democratic super-pac, the over-sampling I cited at zerohedge (@13o)
is part of a two-step process involving over-sampling of Democrats in polls combined with
high frequency polling. The point being to encourage media to promote the idea that the race is
already over. We saw quite a bit of this last weekend. Let's say the leaked emails are reliable.
This suggests to me two things: first – the obvious, the race is much closer than the polls
indicated, certainly the poll cited by Corey in the OP. Corey questioned the validity of this
poll, at least obliquely. Second, at least one super-pac working with the campaign sees the need
to depress Trump turn-out. The first point is the clearest and the most important – the polls,
some at least, are intentionally tilted to support a 'Hillary wins easily' narrative. The second
allows for some possibly useful speculation regarding the Clinton campaigns confidence in their
own GOTV success.
The simplest explanation is usually best. All the indicators, especially the support of
the donor class, elites of all kinds etc. points towards a Democratic victory, perhaps a very
strong victory if the poll numbers last weekend translate into electoral college numbers.
That's a big if. I suggest Hillary continues to lead but by much smaller margins in
key states. It's also useful to point out that Trump's support in traditionally GOP states may
well be equally shaky.
And that really is it from me on this topic barring a double digit swing to Hillary in the
LA Times poll that has the race at dead even.
Layman 10.25.16 at 11:31 am
kidneystones:
"The leaked emails from one Democratic super-pac, the over-sampling I cited at zerohedge
(@13o) is part of a two-step process involving over-sampling of Democrats in polls combined
with high frequency polling."
Excellent analysis, only the email in question is eight years old. And it refers to a request
for internal polling done by the campaign. And it suggests over-sampling of particular demographics
so the campaign could better assess attitudes among those demographics.
And this is a completely normal practice which has nothing to do with the polling carried out
by independent third parties (e.g. Gallup, Ipsos, etc) for the purposes of gauging and reporting
to the public the state of the race.
And when pollsters to over-sample, the over-sampling is used for analysis but is not reflected
in the top-line poll results.
"... Among the initial emails to stand out is this extensive exchange showing just how intimiately the narrative of Hillary's server had been coached. The following September 2015 email exchange between Podesta and Nick Merrill, framed the "core language" to be used in response to questions Clinton could be asked about her email server, and the decision to "bleach" emails from it. The emails contain long and short versions of responses for Clinton. ..."
The daily dump continues. In the now traditional daily routine, one which forces the Clinton campaign
to resort to ever more stark sexual scandals involving Trump to provide a media distraction, moments
ago Wikileaks released yet another 1,803 emails in Part 12 of its ongoing Podesta Email dump, which
brings the total number of released emails to 18,953.
As a reminder among the most recent revelations we got further insights into Hillary's desire
to see Obamacare "
unravel" , her contempt for "doofus" Bernie Sanders, staff exchanges on handling media queries
about Clinton "flip-flopping" on gay marriage, galvanizing Latino support and locking down Clinton's
healthcare policy. Just as notable has been the ongoing revelation of just how "captured" the so-called
independent press has been in its "off the record" discussions with John Podesta which got the head
Politico correspondent, Glenn Thrush, to admit he is a "hack" for allowing Podesta to dictate the
content of his article.
The release comes on the day of the third and final presidential campaign between Hillary Clinton
and Donald Trump, and as a result we are confident it will be scrutinized especially carefully for
any last minute clues that would allow Trump to lob a much needed Hail Mary to boost his standing
in the polls.
As there is a total of 50,000 emails, Wikileaks will keep the media busy over the next three weeks
until the elections with another 30,000 emails still expected to be released.
* * *
Among the initial emails to stand out is this extensive exchange showing just how intimiately
the narrative of Hillary's server had been coached. The
following September
2015 email exchange between Podesta and Nick Merrill, framed the "core language" to be used in
response to questions Clinton could be asked about her email server, and the decision to "bleach"
emails from it. The emails contain long and short versions of responses for Clinton.
"Because the government already had everything that was work-related, and my personal emails
were just that – personal – I didn't see a reason to keep them so I asked that they be deleted,
and that's what the company that managed my server did. And we notified Congress of that back
in March"
She was then presented with the following hypothetical scenario:
* "Why won't you say whether you wiped it?"
"After we went through the process to determine what was work related and what was
not and provided the work related emails to State, I decided not to keep the personal ones."
"We saved the work-related ones on a thumb drive that is now with the Department of Justice.
And as I said in March, I chose not to keep the personal ones. I asked that they be deleted, how
that happened was up to the company that managed the server. And they are cooperating fully with
anyone that has questions."
* * *
Another notable
email reveals the close relationship between the Clinton Foundation and Ukraine billionaire Victor
Pinchuk, a
prominent donor to the Clinton Foundation , in which we see the latter's attempt to get a meeting
with Bill Clinton to show support for Ukraine:
From: Tina Flournoy < [email protected]>
Sent: Monday, March 30, 2015 9:58:55 AM
To: Amitabh Desai
Cc: Jon Davidson; Margaret Steenburg; Jake Sullivan; Dan Schwerin; Huma Abedin; John Podesta
Subject: Re: Victor Pinchuk
Team HRC - we'll get back to you on this
> On Mar 30, 2015, at 9:53 AM, Amitabh Desai < [email protected]> wrote:
>
> Victor Pinchuk is relentlessly following up (including this morning) about a meeting with WJC
in London or anywhere in Europe. Ideally he wants to bring together a few western leaders to show
support for Ukraine, with WJC probably their most important participant. If that's not palatable
for us, then he'd like a bilat with WJC.
>
> If it's not next week, that's fine, but he wants a date. I keep saying we have no Europe plans,
although we do have those events in London in June. Are folks comfortable offering Victor
a private meeting on one of those dates? At this point I get the impression that although I keep
saying WJC cares about Ukraine, Pinchuk feels like WJC hasn't taken enough action to demonstrate
that, particularly during this existential moment for the county and for him.
>
> I sense this is so important because Pinchuk is under Putin's heel right now, feeling a great
degree of pressure and pain for his many years of nurturing stronger ties with the West.
>
> I get all the downsides and share the concerns. I am happy to go back and say no.
It would just be good to know what WJC (and HRC and you all) would like to do, because
this will likely impact the future of this relationship, and slow walking our reply will only
reinforce his growing angst.
>
> Thanks, and sorry for the glum note on a Monday morning...
Sure. Sorry for the delay I was on a plane.
On Apr 30, 2015 9:44 AM, "Glenn Thrush" <
[email protected]>
wrote:
> Can I send u a couple of grafs, OTR, to make sure I'm not fucking
> anything up?
* * *
Another notable moment emerges in the emails, involving Hillary Clinton's selective memory. Clinton's
description of herself as a moderate Democrat at a September 2015 event in Ohio caused an uproar
amongst her team. In a
mail from Clinton
advisor Neera Tanden to Podesta in the days following the comment she asks why she said this.
"I pushed her on this on Sunday night. She claims she didn't remember saying it. Not sure I
believe her," Podesta replies. Tanden insists that the comment has made her job more difficult
after "telling every reporter I know she's actually progressive". " It worries me more
that she doesn't seem to know what planet we are all living in at the moment ," she adds.
* * *
We also get additional insight into Clinton courting the Latino minority. A November 2008
email from Federico
Peña , who was on the Obama-Biden transition team, called for a "Latino media person" to be added
to the list of staff to appeal to Latino voters. Federico de Jesus or Vince Casillas are seen as
ideal candidates, both of whom were working in the Chicago operations.
"More importantly, it would helpful (sic) to Barack to do pro-active outreach to Latino media
across the country to get our positive message out before people start spreading negative rumors,"
Peña writes.
* * *
Another email between
Clinton's foreign policy adviser Jake Sullivan and Tanden from March 2016 discussed how it was
"REALLY dicey territory" for Clinton to comment on strengthening "bribery laws to ensure that politicians
don't change legislation for political donations." Tanden agrees with Sullivan:
" She may be so tainted she's really vulnerable - if so, maybe a message of
I've seen how this sausage is made, it needs to stop, I'm going to stop it will actually work."
* * *
One email suggested,
sarcastically, to kneecap bernie Sanders : Clinton's team issued advise regarding her tactics
for the "make or break" Democratic presidential debate with Sanders in Milwaukee on February 11,
2016. The mail to Podesta came from Philip Munger, a Democratic Party donor. He sent the mail using
an encrypted anonymous email service.
"She's going to have to kneecap him. She is going to have to take him down from his morally
superior perch. She has done so tentatively. She must go further," he says.
Clearly, the desire to get Sanders' supporters was a key imperative for the Clinton campaign.
In a September 2015
email to Podesta , Hill columnist Brent Budowsky criticized the campaign for allegedly giving
Clinton surrogates talking points to attack Bernie Sanders. "I cannot think of anything more stupid
and self-destructive for a campaign to do," he says. "Especially for a candidate who has dangerously
low levels of public trust," and in light of Sanders' campaign being based on "cleaning up politics."
Budowsky warns voters would be "disgusted" by attacks against Sanders and says he wouldn't discourage
Podesta from sharing the note with Clinton because "if she wants to become president she needs to
understand the point I am making with crystal clarity."
"Make love to Bernie and his idealistic supporters, and co-opt as many of his progressive issues
as possible."
Budowsky then adds that he was at a Washington university where " not one student gave
enough of a damn for Hillary to open a booth, or even wear a Hillary button. "
* * *
One email focused
on how to address with the topic of the TPP. National Policy Director for Hillary for America
Amanda Renteria explains, "The goal here was to minimize our vulnerability to the authenticity attack
and not piss off the WH any more than necessary."
Democratic pollster Joel Benenson says, "the reality is HRC is more pro trade than anti and
trying to turn her into something she is not could reinforce our negative [sic] around authenticity.
This is an agreement that she pushed for and largely advocated for."
* * *
While claiming she is part of the people, an email exposes Hillary as being "
part of the system
." Clinton's team acknowledges she is "part of the system" in an email regarding her strategies.
As Stan Greenberg told Podesta:
" We are also going to test some messages that include acknowledgement of being part
of the system, and know how much has to change ,"
* * *
Some more on the topic of Hillary being extensively coached and all her words rehearsed, we find
an email which reveals that
Clinton's words
have to be tightly managed by her team who are wary of what she might say. After the Iowa Democratic
Party's presidential debate in November 2015 adviser Ron Klain mails Podesta to say, "If she says
something three times as an aside during practice (Wall Street supports me due to 9/11), we need
to assume she will say it in the debate, and tell her not to do so." Klain's mail reveals Sanders
was their biggest fear in the debate. "The only thing that would have been awful – a Sanders break
out – didn't happen. So all in all, we were fine," he says.
The mail also reveals Klain's role in securing his daughter Hannah a position on Clinton's team.
"I'm not asking anyone to make a job, or put her in some place where she isn't wanted – it just needs
a nudge over the finish line," Klain says. Hannah Klain worked on Clinton's Surrogates team for nine
months commencing in the month after her father's mail to Podesta, according to her Linkedin.
I love this...Assange is incommunicado, yet the data dumps keep coming!
Horse face looks like such a fool to the world as a result; & due to John Kerry's stupidity which
is drawing major attention to the whole matter; Americans are finally beginning to wake up & pay
attention to this shit!
Looks like the Hitlery for Prez ship is starting to take on MASSIVE amounts of water!
I believe they are beyond the point where any more news of 'pussy grabbing' will save them
from themselves (and Mr. Assange)!
The new lowered expectations federal government just expects to get lucre + bennies for sitting
on their asses and holding the door for gangsters. Traitors. Spies. Enemies foreign and domestic.
Amphisbaegenic pot boiling.
With Creamer's tricks effective in Obama's re-election, it now makes sense why Obama was so
confident when he said Trump would never be president.
Trump is still ahead in the only poll I track. But i conduct my own personal poll on a daily
basis and loads of Trump supporters are in the closet and won't come out until they pull the lever
for Trump on election day.
With his revelations exposing the extent of potential, and actual, pervasive NSA surveillance
over the American population, Edward Snowden has done a great service for the public by finally forcing
it to answer the question: is having Big Brother peek at every private communication and electronic
information, a fair exchange for the alleged benefit of the state's security. Alas, without
further action form a population that appears largely numb and apathetic to disclosures that until
recently would have sparked mass protests and toppled presidents, the best we can hope for within
a political regime that has hijacked the democratic process, is some intense introspection as to
what the concept of "America" truly means.
However, and more importantly, what Snowden's revelations have confirmed, is that behind the scenes,
America is now actively engaged in a new kind of war: an unprecedented cyber war, where collecting,
deciphering, intercepting, and abusing information is the only thing that matters and leads to unprecedented
power, and where enemies both foreign and domestic may be targeted without
due process based on a lowly analyst's "whim."
It has also put spotlight on the man, who until recently deep in the shadows, has been responsible
for building America's secret, absolutely massive cyber army, and which according to a
just released Wired profile is "capable of launching devastating cyberattacks. Now it's ready
to unleash hell."
Meet General Keith Alexander, "a man few even in Washington would likely recognize", which is
troubling because Alexander is now quite possibly the most powerful person in the world, that nobody
talks about. Which is just the way he likes it.
This is the partial and incomplete story of the man who may now be empowered with more unchecked
power than any person in the history of the US, or for that matter, the world. It comes once
again, courtesy of the man who over a year before the Guardian's Snowden bombshell broke the story
about the NSA's secret Utah data storage facility, James Bamford, and whose intimate knowledge
of the NSA's secrets comes by way of being a consultant for the defense team of one Thomas Drake,
one of the original NSA whistleblowers (as we learn from the full Wired article).
But first, by way of background, here is a glimpse of Alexander's ultra-secretive kingdom.
From Wired:
Inside Fort Meade, Maryland, a top-secret city bustles. Tens of thousands of people move through
more than 50 buildings—the city has its own post office, fire department, and police force.
But as if designed by Kafka, it sits among a forest of trees, surrounded by electrified
fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion
detectors, and watched by rotating cameras. To block any telltale electromagnetic signals
from escaping, the inner walls of the buildings are wrapped in protective copper shielding and
the one-way windows are embedded with a fine copper mesh.
This is the undisputed domain of General Keith Alexander, a man few even in
Washington would likely recognize. Never before has anyone in America’s intelligence sphere come
close to his degree of power, the number of people under his command, the expanse of his rule,
the length of his reign, or the depth of his secrecy. A four-star Army general, his authority
extends across three domains: He is director of the world’s largest intelligence service,
the National Security Agency; chief of the Central Security Service; and commander of the US Cyber
Command. As such, he has his own secret military, presiding over the Navy’s 10th Fleet, the 24th
Air Force, and the Second Army.
Schematically, Alexander's empire consists of the following: virtually every piece in America's information intelligence arsenal.
As the Snowden scandal has unfurled, some glimpses into the "introspective" capabilities of the
NSA, and its sister organizations, have demonstrated just how powerful the full "intelligence" arsenal
of the US can be.
However, it is when it is facing outward - as it normally does - that things get really scary.
Because contrary to prevailing conventional wisdom, Alexander's intelligence and information-derived
power is far from simply defensive. In fact, it is when its offensive potential is exposed that the
full destructive power in Alexander's grasp is revealed:
In its tightly controlled public relations, the NSA has focused attention on the threat of
cyberattack against the US—the vulnerability of critical infrastructure like power plants and
water systems, the susceptibility of the military’s command and control structure, the dependence
of the economy on the Internet’s smooth functioning. Defense against these threats was the paramount
mission trumpeted by NSA brass at congressional hearings and hashed over at security conferences.
But there is a flip side to this equation that is rarely mentioned: The military has
for years been developing offensive capabilities, giving it the power not just to defend the US
but to assail its foes. Using so-called cyber-kinetic attacks, Alexander
and his forces now have the capability to physically destroy an adversary’s equipment
and infrastructure, and potentially even to kill. Alexander—who declined to be interviewed
for this article—has concluded that such cyberweapons are as crucial to 21st-century warfare
as nuclear arms were in the 20th.
And he and his cyberwarriors have already launched their first attack. The cyberweapon that
came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli
intelligence in the mid-2000s. The first known piece of malware designed to destroy physical equipment,
Stuxnet was aimed at Iran’s nuclear facility in Natanz. By surreptitiously taking control of an
industrial control link known as a Scada (Supervisory Control and Data Acquisition) system, the
sophisticated worm was able to damage about a thousand centrifuges used to enrich nuclear material.
The success of this sabotage came to light only in June 2010, when the malware spread to outside
computers. It was spotted by independent security researchers, who identified telltale signs that
the worm was the work of thousands of hours of professional development. Despite headlines around
the globe, officials in Washington have never openly acknowledged that the US was behind the attack.
It wasn’t until 2012 that anonymous sources within the Obama administration took credit for it
in interviews with The New York Times.
But Stuxnet is only the beginning. Alexander’s agency has recruited thousands of computer experts,
hackers, and engineering PhDs to expand US offensive capabilities in the digital realm. The Pentagon
has requested $4.7 billion for “cyberspace operations,” even as the budget of the CIA and other
intelligence agencies could fall by $4.4 billion. It is pouring millions into cyberdefense contractors.
And more attacks may be planned.
Alexander's background is equally impressive: a classmate of Petraeus and Dempsey, a favorite
of Rumsfeld, the General had supreme power written all over his career progression. If reaching the
top at all costs meant crushing the fourth amendment and lying to Congress in the process, so be
it:
Born in 1951, the third of five children, Alexander was raised in the small upstate New York
hamlet of Onondaga Hill, a suburb of Syracuse. He tossed papers for the Syracuse Post-Standard
and ran track at Westhill High School while his father, a former Marine private, was involved
in local Republican politics. It was 1970, Richard Nixon was president, and most of the country
had by then begun to see the war in Vietnam as a disaster. But Alexander had been accepted
at West Point, joining a class that included two other future four-star generals, David Petraeus
and Martin Dempsey. Alexander would never get the chance to serve in Vietnam. Just as
he stepped off the bus at West Point, the ground war finally began winding down.
In April 1974, just before graduation, he married his high school classmate Deborah Lynn Douglas,
who grew up two doors away in Onondaga Hill. The fighting in Vietnam was over, but the Cold War
was still bubbling, and Alexander focused his career on the solitary, rarefied world of signals
intelligence, bouncing from secret NSA base to secret NSA base, mostly in the US and Germany.
He proved a competent administrator, carrying out assignments and adapting to the rapidly changing
high tech environment. Along the way he picked up masters degrees in electronic warfare,
physics, national security strategy, and business administration. As a result, he quickly
rose up the military intelligence ranks, where expertise in advanced technology was at a premium.
In 2001, Alexander was a one-star general in charge of the Army Intelligence and Security Command,
the military’s worldwide network of 10,700 spies and eavesdroppers. In March of that year he told
his hometown Syracuse newspaper that his job was to discover threats to the country. “We have
to stay out in front of our adversary,” Alexander said. “It’s a chess game, and you don’t want
to lose this one.” But just six months later, Alexander and the rest of the American intelligence
community suffered a devastating defeat when they were surprised by the attacks on 9/11.
Following the assault, he ordered his Army intercept operators to begin illegally monitoring
the phone calls and email of American citizens who had nothing to do with terrorism, including
intimate calls between journalists and their spouses. Congress later gave retroactive immunity
to the telecoms that assisted the government.
In 2003, Alexander, a favorite of defense secretary Donald Rumsfeld, was named
the Army’s deputy chief of staff for intelligence, the service’s most senior intelligence position.
Among the units under his command were the military intelligence teams involved in the human rights
abuses at Baghdad’s Abu Ghraib prison. Two years later, Rumsfeld appointed Alexander—now
a three-star general—director of the NSA, where he oversaw the illegal, warrantless wiretapping
program while deceiving members of the House Intelligence Committee. In a publicly released
letter to Alexander shortly after The New York Times exposed the program, US representative Rush
Holt, a member of the committee, angrily took him to task for not being forthcoming about the
wiretapping: “Your responses make a mockery of congressional oversight.”
In short: Emperor Alexander.
Inside the government, the general is regarded with a mixture of respect and fear, not unlike
J. Edgar Hoover, another security figure whose tenure spanned multiple presidencies. “We
jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith
wants, Keith gets,” says one former senior CIA official who agreed to speak on condition of anonymity.
“We would sit back literally in awe of what he was able to get from Congress, from the White House,
and at the expense of everybody else.”
What happened next in Alexander's career some time in the mid 2000's, was Stuxnet: the story of
the crushing virus that nearly destroyed the Iranian nuclear program has been widely documented on
these pages and elsewhere, so we won't recount the Wired article's details. However, what was very
odd about the Stuxnet attack is that such a brilliantly conceived and delivered virus could ultimately
be uncovered and traced back to the NSA and Israel. It was almost too good. Still, what happened
after the revelation that Stuxnet could be traced to Fort Meade, is that the middle-east, supposedly,
promptly retaliated:
Sure enough, in August 2012 a devastating virus was unleashed on Saudi Aramco, the giant Saudi
state-owned energy company. The malware infected 30,000 computers, erasing three-quarters of the
company’s stored data, destroying everything from documents to email to spreadsheets and leaving
in their place an image of a burning American flag, according to The New York Times. Just days
later, another large cyberattack hit RasGas, the giant Qatari natural gas company. Then a series
of denial-of-service attacks took America’s largest financial institutions offline. Experts blamed
all of this activity on Iran, which had created its own cyber command in the wake of the US-led
attacks. James Clapper, US director of national intelligence, for the first time declared cyberthreats
the greatest danger facing the nation, bumping terrorism down to second place. In May, the Department
of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team issued a vague
warning that US energy and infrastructure companies should be on the alert for cyberattacks. It
was widely reported that this warning came in response to Iranian cyberprobes of industrial control
systems. An Iranian diplomat denied any involvement.
The cat-and-mouse game could escalate. “It’s a trajectory,” says James Lewis, a cybersecurity
expert at the Center for Strategic and International Studies. “The general consensus is that a
cyber response alone is pretty worthless. And nobody wants a real war.” Under international law,
Iran may have the right to self-defense when hit with destructive cyberattacks. William Lynn,
deputy secretary of defense, laid claim to the prerogative of self-defense when he outlined the
Pentagon’s cyber operations strategy. “The United States reserves the right,” he said, “under
the laws of armed conflict, to respond to serious cyberattacks with a proportional and justified
military response at the time and place of our choosing.” Leon Panetta, the former CIA chief who
had helped launch the Stuxnet offensive, would later point to Iran’s retaliation as a troubling
harbinger. “The collective result of these kinds of attacks could be a cyber Pearl Harbor,” he
warned in October 2012, toward the end of his tenure as defense secretary, “an attack that would
cause physical destruction and the loss of life.”
Almost too good... Because what the so-called hacker "retaliations" originating from
Iran, China, Russia, etc, led to such laughable outcomes as DDOS attacks against - to unprecedented
media fanfare - the portals of such firms as JPMorgan and Wells Fargo, and as Wired adds, "if Stuxnet
was the proof of concept, it also proved that one successful cyberattack begets another.
For Alexander, this offered the perfect justification for expanding his empire."
The expansion that took place next for Alexander and his men, all of it under the Obama regime,
was simply unprecedented (and that it steamrolled right through the "sequester" was perfectly expected):
[D]ominance has long been their watchword. Alexander’s Navy calls itself the Information Dominance
Corps. In 2007, the then secretary of the Air Force pledged to “dominate cyberspace” just as “today,
we dominate air and space.” And Alexander’s Army warned, “It is in cyberspace that we must use
our strategic vision to dominate the information environment.” The Army is reportedly treating
digital weapons as another form of offensive capability, providing frontline troops with the option
of requesting “cyber fire support” from Cyber Command in the same way they request air and artillery
support.
All these capabilities require a giant expansion of secret facilities. Thousands of hard-hatted
construction workers will soon begin erecting cranes, driving backhoes, and emptying cement trucks
as they expand the boundaries of NSA’s secret city eastward, increasing its already enormous size
by a third. “You could tell that some of the seniors at NSA were truly concerned that cyber was
going to engulf them,” says a former senior Cyber Command official, “and I think rightfully so.”
In May, work began on a $3.2 billion facility housed at Fort Meade in Maryland. Known
as Site M, the 227-acre complex includes its own 150-megawatt power substation, 14 administrative
buildings, 10 parking garages, and chiller and boiler plants. The server building will have 90,000
square feet of raised floor—handy for supercomputers—yet hold only 50 people. Meanwhile, the 531,000-square-foot
operations center will house more than 1,300 people. In all, the buildings will have a footprint
of 1.8 million square feet. Even more ambitious plans, known as Phase II and III, are
on the drawing board. Stretching over the next 16 years, they would quadruple the footprint to
5.8 million square feet, enough for nearly 60 buildings and 40 parking garages, costing $5.2 billion
and accommodating 11,000 more cyberwarriors.
In short, despite the sequestration, layoffs, and furloughs in the federal government, it’s
a boom time for Alexander. In April, as part of its 2014 budget request, the Pentagon
asked Congress for $4.7 billion for increased “cyberspace operations,” nearly $1 billion more
than the 2013 allocation. At the same time, budgets for the CIA and other intelligence agencies
were cut by almost the same amount, $4.4 billion. A portion of the money going to Alexander
will be used to create 13 cyberattack teams.
In the New Normal, the CIA is no longer relevant: all that matters are Alexanders' armies
of hackers and computer geeks.
But not only has the public espionage sector been unleashed: the private sector is poised to reap
a killing (pardon the pun) too...
What’s good for Alexander is good for the fortunes of the cyber-industrial complex, a burgeoning
sector made up of many of the same defense contractors who grew rich supplying the wars in Iraq
and Afghanistan. With those conflicts now mostly in the rearview mirror, they are looking
to Alexander as a kind of savior. After all, the US spends about $30 billion annually on cybersecurity
goods and services.
In the past few years, the contractors have embarked on their own cyber building binge parallel
to the construction boom at Fort Meade: General Dynamics opened a 28,000-square-foot facility
near the NSA; SAIC cut the ribbon on its new seven-story Cyber Innovation Center; the giant CSC
unveiled its Virtual Cyber Security Center. And at consulting firm Booz Allen Hamilton,
where former NSA director Mike McConnell was hired to lead the cyber effort, the company announced
a “cyber-solutions network” that linked together nine cyber-focused facilities. Not to
be outdone, Boeing built a new Cyber Engagement Center. Leaving nothing to chance, it also hired
retired Army major general Barbara Fast, an old friend of Alexander’s, to run the operation. (She
has since moved on.)
Defense contractors have been eager to prove that they understand Alexander’s worldview. “Our
Raytheon cyberwarriors play offense and defense,” says one help-wanted site. Consulting and engineering
firms such as Invertix and Parsons are among dozens posting online want ads for “computer network
exploitation specialists.” And many other companies, some unidentified, are seeking computer and
network attackers. “Firm is seeking computer network attack specialists for long-term government
contract in King George County, VA,” one recent ad read. Another, from Sunera, a Tampa, Florida,
company, said it was hunting for “attack and penetration consultants.”
It gets better: all those anti-virus programs you have on computer to "make it safe" from backdoors
and trojans? Guess what - they are the backdoors and trojans!
One of the most secretive of these contractors is Endgame Systems, a startup backed by VCs
including Kleiner Perkins Caufield & Byers, Bessemer Venture Partners, and Paladin Capital Group.
Established in Atlanta in 2008, Endgame is transparently antitransparent. “We’ve been
very careful not to have a public face on our company,” former vice president John M. Farrell
wrote to a business associate in an email that appeared in a WikiLeaks dump. “We don’t ever want
to see our name in a press release,” added founder Christopher Rouland. True to form,
the company declined Wired’s interview requests.
Perhaps for good reason: According to news reports, Endgame is developing ways to break
into Internet-connected devices through chinks in their antivirus armor. Like safecrackers
listening to the click of tumblers through a stethoscope, the “vulnerability researchers” use
an extensive array of digital tools to search for hidden weaknesses in commonly used programs
and systems, such as Windows and Internet Explorer. And since no one else has ever discovered
these unseen cracks, the manufacturers have never developed patches for them.
Thus, in the parlance of the trade, these vulnerabilities are known as “zero-day exploits,”
because it has been zero days since they have been uncovered and fixed. They are the
Achilles’ heel of the security business, says a former senior intelligence official involved with
cyberwarfare. Those seeking to break into networks and computers are willing to pay millions
of dollars to obtain them.
Such as the US government. But if you thought PRISM was bad you ain't seen nuthin' yet.
Because tying it all together is Endgame's appropriately named "Bonesaw" - what
it is is practically The Matrix transplanted into the real cyber world.
According to Defense News’ C4ISR Journal and Bloomberg Businessweek, Endgame also offers its
intelligence clients—agencies like Cyber Command, the NSA, the CIA, and British intelligence—a
unique map showing them exactly where their targets are located. Dubbed Bonesaw,
the map displays the geolocation and digital address of basically every device connected
to the Internet around the world, providing what’s called network situational awareness.
The client locates a region on the password-protected web-based map, then picks a country
and city— say, Beijing, China. Next the client types in the name of the target organization, such
as the Ministry of Public Security’s No. 3 Research Institute, which is responsible for computer
security—or simply enters its address, 6 Zhengyi Road. The map will then display what software
is running on the computers inside the facility, what types of malware some may contain, and a
menu of custom-designed exploits that can be used to secretly gain entry. It can also
pinpoint those devices infected with malware, such as the Conficker worm, as well as networks
turned into botnets and zombies— the equivalent of a back door left open.
Bonesaw also contains targeting data on US allies, and it is soon to be upgraded
with a new version codenamed Velocity, according to C4ISR Journal. It will allow Endgame’s
clients to observe in real time as hardware and software connected to the Internet around the
world is added, removed, or changed.
Marketing documents say “the Bonesaw platform provides a complete environment for intelligence
analysts and mission planners to take a holistic approach to target discovery, reducing the time
to create actionable intelligence and operational plans from days to minutes.”
“Bonesaw is the ability to map, basically every device connected to the Internet and
what hardware and software it is,” says a company official who requested anonymity. The
official points out that the firm doesn’t launch offensive cyber ops, it just helps.
Back to Wired:
[S]uch access doesn’t come cheap. One leaked report indicated that annual subscriptions
could run as high as $2.5 million for 25 zero-day exploits.
That's ok though, the US government is happy to collect taxpayer money so it can pay these venture
capital-backed private firms for the best in espionage technology, allowing it to reach, hack and
manipulate every computer system foreign. And domestic.
How ironic: US citizens are funding Big Brother's own unprecedented spying program against
themselves!
Not only that, but by allowing the NSA to develop and utilize technology that is leaps ahead of
everyone else - utilize it against the US citizens themselves - America is
now effectively war against itself... Not to mention every other foreign country that is a intelligence
interest:
The buying and using of such a subscription by nation-states could be seen as an act of war.
“If you are engaged in reconnaissance on an adversary’s systems, you are laying the electronic
battlefield and preparing to use it,” wrote Mike Jacobs, a former NSA director for information
assurance, in a McAfee report on cyberwarfare. “In my opinion, these activities constitute acts
of war, or at least a prelude to future acts of war.” The question is, who else is on the secretive
company’s client list? Because there is as of yet no oversight or regulation of the cyberweapons
trade, companies in the cyber-industrial complex are free to sell to whomever they wish. “It should
be illegal,” says the former senior intelligence official involved in cyberwarfare. “I
knew about Endgame when I was in intelligence. The intelligence community didn’t like it, but
they’re the largest consumer of that business.”
And there you have it: US corporations happily cooperating with the US government's own espionage
services, however since the only thing that matters in the private sector is the bottom line, the
Endgames of the world will gladly sell the same ultra-secret services to everyone else who is willing
to pay top dollar: China, Russia, Iran...
in their willingness to pay top dollar for more and better zero-day exploits, the spy agencies
are helping drive a lucrative, dangerous, and unregulated cyber arms race, one that has developed
its own gray and black markets. The companies trading in this arena can sell their wares
to the highest bidder—be they frontmen for criminal hacking groups or terrorist organizations
or countries that bankroll terrorists, such as Iran. Ironically, having helped create
the market in zero-day exploits and then having launched the world into the era of cyberwar,
Alexander now says the possibility of zero-day exploits falling into the wrong hands is
his “greatest worry.”
Does Alexander have reason to be worried? Oh yes.
In May, Alexander discovered that four months earlier someone, or some group or nation,
had secretly hacked into a restricted US government database known as the National Inventory
of Dams. Maintained by the Army Corps of Engineers, it lists the vulnerabilities
for the nation’s dams, including an estimate of the number of people who might be killed should
one of them fail. Meanwhile, the 2013 “Report Card for America’s Infrastructure” gave
the US a D on its maintenance of dams. There are 13,991 dams in the US that are classified
as high-hazard, the report said. A high-hazard dam is defined as one whose failure would
cause loss of life. “That’s our concern about what’s coming in cyberspace—a destructive element.
It is a question of time,” Alexander said in a talk to a group involved in information
operations and cyberwarfare, noting that estimates put the time frame of an attack within two
to five years. He made his comments in September 2011.
In other words, this massive cyberattack against the US predicted by "Emperor" Alexander, an attack
in which as Alexander himself has said cyberweapons represent the 21st century equivalent of nuclear
arms (and require in kind retaliation) whether false flag or real, is due... some time right
around now.
"TeamSpy" used digitally signed TeamViewer remote access tool to spy on victims.
Researchers have unearthed a decade-long espionage operation that
used the popular TeamViewer remote-access program and proprietary malware to target high-level political
and industrial figures in Eastern Europe.
TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as
"secret" from a variety of high-level targets, according to a
report published Wednesday by
Hungary-based CrySyS Lab.
Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and
the European Union, an industrial manufacturer also located in Russia, multiple research and educational
organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of
the attacks after Hungary's National Security Authority
disclosed intelligence that TeamSpy had hit an unnamed "Hungarian high-profile governmental victim."
Malware used in the attacks indicates that those responsible may have operated for years and may
have also targeted figures in a variety of countries throughout the world. Adding intrigue to the
discovery, techniques used in the attacks bear a striking resemblance to an online banking fraud
ring known as Sheldon, and a separate
analysis from researchers at Kaspersky Lab found similarities to the
Red October espionage campaign that the Russia-based security firm discovered earlier this year.
"Most likely the same attackers are behind the attacks that span for the last 10 years, as there
are clear connections between samples used in different years and campaigns," CrySyS researchers
wrote in their report. "Interestingly, the attacks began to gain new momentum in the second half
of 2012."
They added: "The attackers surely aim for important targets. This conclusion comes from a number
of different facts, including victim IPs, known activities on some targets, traceroute for probably
high-profile targets, file names used in information stealing activities, strange paramilitary language
of some structures, etc."
The attackers relied on a variety of methods, including the use of a digitally signed version
of TeamViewer that has been modified through
a technique known as "DLL hijacking" to spy on targets in real-time. Installation of the compromised
program also provides attackers with a backdoor to install updates and additional malware. Both the
TeamViewer technique and command servers used in the attack harken back to Sheldon. The TeamSpy operation
also relies on more traditional malware tools that were custom-built for the purpose of espionage
or bank fraud.
According to Kaspersky, the operators infected their victims through a series of "watering hole"
attacks that plant malware on websites frequented by the intended victims. When the targets visit
the booby-trapped sites, they also become infected. The attackers also injected malware into advertising
networks to blanket entire regions. In many cases, much of that attack code used to infect victims
was spawned from the
Eleonore exploit kit. Domains used to host command and control servers that communicated with
infected machines included politnews.org, bannetwork.org, planetanews.org, bulbanews.org, and r2bnetwork.org.
The discovery of TeamSpy is only the latest to reveal an international operation that uses malware
to siphon sensitive data from high-profile targets. The most well-known campaign was
dubbed Flame. Other surveillance campaigns include
Gauss and
Duqu, all three of which are believed to have been supported by a
well-resourced nation-state. Last year, researchers also uncovered an espionage campaign
dubbed
Mahdi.
Researchers have unearthed
a decade-long espionage operation that used the popular TeamViewer remote-access program and
proprietary malware to target high-level political and industrial figures in Eastern Europe. TeamSpy,
as the shadow group has been dubbed, collected encryption keys and documents marked as 'secret' from
a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS
Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and
the European Union, an industrial manufacturer also located in Russia, multiple research and educational
organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of
the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit
an unnamed 'Hungarian high-profile governmental victim.'
erroneus
Suspiscious based on what criteria?
We aren't allowed to use open source and so we have to "trust" every 'signed binary'
which executives and leaders want to use. If we could use open source, we could at least read
the source and even compile it to ensure the source we read was the binary which was compiled.
When the malware doesn't do "harm" to anything, the sympoms of malware are non-existant.
No pop-up ads, no unusual crashing (see note about being unable to use open source... the 'other'
operaitng system crashes often enough for inexplicable reasons that no one suspects malware
as the cause any longer) and when a commonly used utility program which performs remote access
is used, how can it be detected as malware?
Arguably, that it was proprietary and commercial software which was exploited is
pretty disturbing. But at the same time, that software makers (and other device and product makers,
and service providers too) frequently enter into deals with government to spy on people is unfortunately
very common. That the "white-hat" (heh, I accidentally typed "white-hate"... apropos?) nation
called the USA has compromised global communications with Echelon and more recently with the much
celebrated NSA wiretapping, does not help matters.
I think no one appreciates the value of trust. Once it's
lost, it's lost. What amount of trust in government... any government... may have existed, it
is gone for most of us.
The unenlightened? Well... they still watch MSM (mainstream media, I have come to
know these initials). What hope have they against that?
Anonymous Coward
Re:A strong push for open source in government (Score:1)
I suspect that as more malware and backdoors are discovered in systems used
by government, the penny will begin to drop more frequently. Closed source is incompatible
with security, by definition, since you cannot validly trust what you cannot see
Bullshit. Open or closed source has no direct bearing on the ability of an attacker
to infect a binary. Open source provides more eyes on a given bug or problem, but once compiled
and running its the exact same problem.
The article mentions use of a modified signed binary. So tell me how open source
is going to remedy that? Unless you're recompiling from scratch (your entire tool chain, plus
dependencies) on each launch, you're just as fucked as the next guy. Are you going to checksum
the binary in memory each time a method is called? Are you going to encrypt/decrypt on each call?
What's to stop an attacker from modifying your checksum code in the same manner as CD checks on
games are trivially broken?
The only thing open source is really going to do for you is ensure that if you compile
from source, the attack didn't originate from that source. So what?
Anonymous Coward
The fact it's open source IS (or can be) the pathway. If it's a small piece of software
that does a specific function that's not of use to many people, your million eyeballs shrink rapidly.
And what you're left with (IMO) is a handful of eyeballs thinking "I don't have the time/skills
for this, it's open source, I'm sure someone will have looked over it" while no one actually does.
Or someone auditing the code but not the stuff around it, or maybe the code as distributed
is clean and will compile into a clean and functioning binary, but the scripts around it actually
add some malicious steps if certain criteria are met.
The U.S. government is developing new computer weapons and driving a black market in “zero-day”
bugs. The result could be a more dangerous Web for everyone.
Every summer, computer security experts get together in Las Vegas for Black Hat and DEFCON, conferences
that have earned notoriety for presentations demonstrating critical security holes discovered in
widely used software. But while the conferences continue to draw big crowds, regular attendees say
the bugs unveiled haven’t been quite so dramatic in recent years.
One reason is that a freshly discovered weakness in a popular piece of software, known in the
trade as a “zero-day” vulnerability, can be cashed in for much more than a reputation boost and some
free drinks at the bar. Information about such flaws can command prices
in the hundreds of thousands of dollars from defense contractors, security agencies and governments.
This trade in zero-day exploits is poorly documented, but it is perhaps
the most visible part of a new industry that in the years to come is likely to swallow growing portions
of the U.S. national defense budget, reshape international relations, and perhaps make the Web less
safe for everyone.
Zero-day exploits are valuable because they can be used to sneak software onto a computer system
without detection by conventional computer security measures, such as antivirus packages or firewalls.
Criminals might do that to intercept credit card numbers. An intelligence agency or military force
might steal diplomatic communications or even shut down a power plant.
It became clear that this type of assault would define a new era in warfare in 2010, when
security researchers discovered a piece of malicious software, or malware, known as Stuxnet.
Now widely believed to have been a project of U.S. and Israeli intelligence (U.S. officials have
yet to publicly acknowledge a role but have done so anonymously to the New York Times and
NPR), Stuxnet was carefully designed to infect multiple systems needed to access and control industrial
equipment used in Iran’s nuclear program. The payload was clearly the work of a group with access
to government-scale resources and intelligence, but it was made possible by four zero-day exploits
for Windows that allowed it to silently infect target computers. That so many precious zero-days
were used at once was just one of Stuxnet’s many striking features.
Since then, more Stuxnet-like malware has been uncovered, and it’s involved even more complex
techniques (see “The
Antivirus Era Is Over”). It is likely that even more have been deployed
but escaped public notice. Meanwhile, governments and companies in the United States
and around the world have begun paying more and more for the exploits needed to make such weapons
work, says
Christopher Soghoian, a principal technologist at the American Civil Liberties Union.
“On the one hand the government is freaking out about cyber-security,
and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the
prices,” says Soghoian, who says he has spoken with people involved in the trade and
that prices range from the thousands to the hundreds of thousands. Even
civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software
onto suspects’ computers or mobile phones.
Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop
computers, mobile systems are rarely updated. Apple sends
updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a
long time. Sometimes the discoverer of a zero day vulnerability
receives a monthly payment as long as a flaw remains undiscovered. “As long as Apple or Microsoft
has not fixed it you get paid,” says Soghioan.
No law directly regulates the sale of zero-days in the United States
or elsewhere, so some traders pursue it quite openly. A Bangkok-based security researcher
who goes by the name The Grugq tweets about acting as a middleman and has spoken to the press about
negotiating deals worth hundreds of thousands of dollars with government buyers from the United States
and western Europe. In an argument on Twitter last month, he denied that his business is equivalent
to arms dealing, as critics within and outside the computer security community have charged. “An
exploit is a component of a toolchain,”
he tweeted.
“The team that produces & maintains the toolchain is the weapon.”
Some small companies are similarly up-front about their involvement in the trade. The French security
company VUPEN states on its website that it
“provides government-grade exploits specifically designed for the Intelligence community
and national security agencies to help them achieve their offensive cyber security and lawful
intercept missions.”
Last year, employees of the company publicly demonstrated a zero-day flaw that compromised Google’s
Chrome browser, but they turned down Google’s offer of a $60,000 reward if they would share how it
worked. What happened to the exploit is unknown.
No U.S. government agency has gone on the record as saying that it buys zero-days. But U.S. defense
agencies and companies have begun to publicly acknowledge that they intend to launch as well as defend
against cyberattacks, a stance that will require new ways to penetrate enemy computers.
General Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber
Command, told a symposium in Washington last October that the United States is prepared to do more
than just block computer attacks. “Part of our defense has to consider offensive measures,” he said,
making him one of the most senior officials to admit that the government will make use of malware.
Earlier in 2012 the U.S. Air Force invited proposals for developing “Cyberspace Warfare Attack capabilities”
that could “destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability
to use the cyberspace domain for his advantage.” And in November, Regina Dugan, the head of the Defense
Advanced Research Projects Agency, delivered another clear signal about the direction U.S. defense
technology is heading. “In the coming years we will focus an increasing portion of our cyber research
on the investigation of offensive capabilities to address military-specific needs,” she said, announcing
that the agency expected to expand cyber-security research from 8 percent of its budget to 12 percent.
Defense analysts say one reason for the shift is that talking about offense introduces an element
of deterrence, an established strategy for nuclear and conventional conflicts. Up to now, U.S. politicians
and defense chiefs have talked mostly about the country’s vulnerability to digital attacks. Last
fall, for example, Defense Secretary Leon Panetta warned frankly that U.S. infrastructure was being
targeted by overseas attackers and that a “digital Pearl Harbor” could result (see “U.S.
Power Grids, Water Plants a Hacking Target”).
Major defense contractors are less forthcoming about their role in making software to attack enemies
of the U.S. government, but they are evidently rushing to embrace the opportunity. “It’s a growing
area of the defense business at the same time that the rest of the defense business is shrinking,”
says Peter Singer, director of the 21st Century Defense Initiative at the Brookings Institution,
a Washington think tank. “They’ve identified two growth areas: drones and cyber.”
Large contractors are hiring many people with computer security skills, and some job openings
make it clear there are opportunities to play more than just defense. Last year, Northrop Grumman
posted ads seeking people to “plan, execute and assess an Offensive Cyberspace Operation (OCO) mission,”
and many current positions at Northrop ask for “hands-on experience of offensive cyber operations.”
Raytheon prefaces its ads for security-related jobs with language designed to appeal to stereotypical
computer hackers: “Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our
Nerf collection dwarfs that of most toy stores. Our research and development projects cover the spectrum
of offensive and defensive security technologies.”
The new focus of America’s military and defense contractors may concern some taxpayers. As more
public dollars are spent researching new ways to attack computer systems, some of that money will
go to people like The Grugq to discover fresh zero-day vulnerabilities. And an escalating cycle of
competition between U.S and overseas government agencies and contractors could make the world more
dangerous for computer users everywhere.
“Every country makes weapons: unfortunately, cyberspace is like that too,” says Sujeet Shenoi,
who leads the U.S.-government-sponsored Cyber Corps Program at the University of Tulsa. His program
trains students for government jobs defending against attacks, but he fears that defense contractors,
also eager to recruit these students, are pushing the idea of offense too hard. Developing powerful
malware introduces the dangerous temptation to use it, says Shenoi, who fears the consequences of
active strikes against infrastructure. “I think maybe the civilian courts ought to get together and
bar these kinds of attacks,” he says.
The ease with which perpetrators of a computer attack can hide their tracks also raises the risk
that such weapons will be used, Shenoi points out. Worse, even if an attack using malware is unsuccessful,
there’s a strong chance that a copy will remain somewhere on the victim’s system—by accident or design—or
accidentally find its way onto computer systems not targeted at all, as Stuxnet did. Some security
firms have already identified criminal malware that uses methods first seen in Stuxnet (see “Stuxnet
Tricks Copied by Criminals”).
“The parallel is dropping the atomic bomb but also leaflets with the design of it,” says Singer.
He estimates that around 100 countries already have cyber-war units of some kind, and around 20
have formidable capabilities: “There’s a lot of people playing this game.”
Stuxnet is definitely a source of a large blowback. It also make the US or Israle or both the first
nations which deployed cyber weapon against other nation, without any declaration of war. "In taking
this step, the perpetrator not only demonstrated that control systems are vulnerable, but also legitimized
this kind of activity by a nation-state, he says."
Three years ago, when electric grid operators were starting to talk about the need to protect
critical infrastructure from cyberattacks, few utilities had even hired a chief information security
officer.
Then came Stuxnet.
In 2010, that malware, widely
reported to have been created by the U.S. and Israel, reportedly destroyed 1,000 centrifuges
that Iran was using to enrich uranium after taking over the computerized systems that operated the
centrifuges.
Gen. Michael Hayden, principal at security consultancy The Chertoff Group, was director of the
National Security Agency, and then the CIA, during the years leading up to the event. "I have to
be careful about this," he says,
"but in a time of peace, someone deployed a cyberweapon to destroy what another nation would
describe as its critical infrastructure."
In taking this step, the perpetrator not only demonstrated that control systems are vulnerable,
but also legitimized this kind of activity by a nation-state, he says.
The attack rattled the industry. "Stuxnet was a game-changer because
it opened people's eyes to the fact that a cyber event can actually result in physical damage," says
Mark Weatherford, deputy undersecretary for cybersecurity in the National Protection Programs Directorate
at the U.S. Department of Homeland Security.
In another development that raised awareness of the threat of cyberwar,
the U.S. government in October accused Iran of launching distributed denial-of-service (DDoS)
attacks against U.S. financial institutions. In a speech intended to build support for stalled
legislation known as the
Cybersecurity Act that would enable greater information sharing and improved cybersecurity standards,
Defense Secretary Leon Panetta warned that the nation faced the possibility of a "cyber Pearl
Harbor" unless action was taken to better protect critical infrastructure.
"Awareness of the problem has been the biggest change" since the release
of Stuxnet, says Tim Roxey, chief cybersecurity officer for the North American Electric Reliability
Corp. (NERC), a trade group serving electrical grid operators. He noted that job titles such as CISO
and cybersecurity officer are much more common than they once were,
new cybersecurity standards are now under development, and there's a greater emphasis on information
sharing, both within the industry and with the DHS through
sector-specific Information Sharing and Analysis
Centers. (Read our
timeline of critical infrastructure
attacks over the years.)
On the other hand, cybersecurity is still not among the top five reliability
concerns for most utilities, according to John Pescatore, an analyst at Gartner. Says Roxey: "It's
clearly in the top 10." But then, so is vegetation management.
Compounding the challenge is the fact that regulated utilities tend to
have tight budgets. That's a big problem, says Paul Kurtz, managing director of international practice
at security engineering company CyberPoint International and former senior director for critical
infrastructure protection at the White House's Homeland Security Council. "We're not offering cost-effective,
measurable solutions," he says. "How do you do this without hemorrhaging cash?"
Should the U.S. Strike Back?
Most best practices on dealing with cyberattacks on critical infrastructure focus on defense:
patching vulnerabilities and managing risk. But should the U.S. conduct preemptive strikes against
suspected attackers -- or at least hit back?
Gen. Michael Hayden, principal at security consultancy The Chertoff Group, and former director
of the NSA and the CIA, says the cybersecurity problem can be understood through the classic risk
equation: Risk (R) = threat (T) x vulnerability (V) x consequences (C). "If I can drive any factor
down to zero, the risk goes down to zero," he says. So far, most efforts have focused on reducing
V, and there's been a shift toward C, with the goal of determining how to rapidly detect an attack,
contain the damage and stay online. "But we are only now beginning to wonder, how do I push T down?
How do I reduce the threat?" Hayden says. "Do I shoot back?"
The DOD is contemplating the merits of "cross-domain" responses, says James Lewis, senior fellow
at the Center for Strategic and International Studies. "We might respond with a missile. That increases
the uncertainty for opponents."
Ultimately, countries that launch such attacks will pay a price, says Howard Schmidt,
former cybersecurity coordinator and special assistant to the president.
--[Does this possibility includes the USA and Israel? -- NNB] The
U.S. response could involve economic sanctions -- or it could involve the use of military power.
Most experts agree that critical infrastructure providers have a long
way to go. Melissa Hathaway, president of Hathaway Global Strategies, was the Obama administration's
acting senior director for cyberspace in 2009. That year, she issued a
Cyberspace Policy Review report that included recommendations for better protecting critical
infrastructure, but there hasn't been much movement toward implementing those recommendations, she
says. A draft National Cyber Incident Response plan has been published, but a national-level exercise,
conducted in June, showed that the plan was insufficient to protect critical infrastructure.
"A lot of critical infrastructure is not even protected from basic hacking.
I don't think the industry has done enough to address the risk, and they're looking for the government
to somehow offset their costs," Hathaway says. There is, however, a broad recognition that critical
infrastructure is vulnerable and that something needs to be done about it.
The Department of Defense has a direct stake in the security of the country's
critical infrastructure because the military depends on it. "The Defense Science Board Task Force
did a review of DOD reliance on critical infrastructure and found that an astute opponent could attack
and harm the DOD's capabilities," says James Lewis, a senior fellow specializing in cybersecurity
at the Center for Strategic and International Studies.
At a forum in July, NSA Director Gen. Keith Alexander was asked to rate
the state of U.S. preparedness for an attack on critical infrastructure on a scale of 1 to 10. He
responded, "I would say around a 3." The reasons include the inability to rapidly detect and respond
to attacks, a lack of cybersecurity standards and a general unwillingness by both private companies
and government agencies to share detailed information about threats and attacks. The DOD and intelligence
agencies don't share information because they tend to overclassify it, says Hayden. And critical
infrastructure providers prefer to keep things to themselves because they don't want to expose customer
data and they're concerned about the liability issues that could arise and the damage their reputations
could suffer if news of an attack were widely reported.
"The rules of the game are a little fuzzy on what you can and cannot
share," says Edward Amoroso, chief security officer and a senior vice president at AT&T, noting that
his biggest concern is the
threat of a large-scale DDoS attack that could take down the Internet's backbone. "I need attorneys,
and I need to exercise real care when interacting with the government," he says.
In some cases, critical infrastructure providers are damned if they do
share information and damned if they don't. "If the government provides a signature to us, some policy
observers would say that we're operating on behalf of that government agency," he says. All parties
agree that, in a crisis, everyone should be able to share information in real time. "But talk to
five different people and you'll get five different opinions about what is OK," says Amoroso. Unfortunately,
government policy initiatives intended to resolve the issue, such as the Cybersecurity Act, have
failed to move forward.
"It was disappointing for us that this nonpartisan issue became so contentious,"
says Weatherford. The lack of progress by policymakers is a problem for the DHS and the effectiveness
of its National Cybersecurity and Communications Integration Center (NCCIC). The center, which is
open around the clock, was designed to be the nexus for information sharing between private-sector
critical infrastructure providers -- and the one place to call when there's a problem. "I want NCCIC
to be the '911' of cybersecurity," he says. "We may not have all the answers or all the right people,
but we know where they are."
Meanwhile, both the number of attacks and their level of sophistication
have been on the rise. Richard Bejtlich, chief security officer at security consultancy Mandiant,
says electric utilities and other businesses are under constant assault by foreign governments. "We
estimate that 30% to 40% of the Fortune 500 have an active Chinese or Russian intrusion problem right
now," he says. However, he adds, "I think the threat in that area is exaggerated," because the goal
of such attacks is to steal intellectual property, not destroy infrastructure. (Read our
timeline of critical infrastructure
attacks over the years.)
Others disagree. "We've seen a new expertise developing around industrial
control systems. We're seeing a ton of people and groups committed to the very technical aspects
of these systems," says Howard Schmidt, who served as cybersecurity coordinator and special assistant
to the president until last May and is now an independent consultant.
"People are too quick to dismiss the link between intellectual property
loss through cyber intrusions and attacks against infrastructure," says Kurtz. "Spear phishing events
can lead to the exfiltration of intellectual property, and that can have a spillover effect into
critical infrastructure control system environments."
Hacking on the Rise
Cyberattackers fall into three primary categories: criminal organizations interested in stealing
for monetary gain, hacktivists bent on furthering their own agendas, and foreign governments, or
their agents, aiming to steal information or lay the groundwork for later attacks.
The Chinese are the most persistent, with several tiers of groups participating, says Richard
Bejtlich, chief security officer at security consultancy Mandiant. Below official state-sponsored
attacks are breaches by state militias, quasi-military and quasi-government organizations, and what
he calls "patriotic hackers."
"It's almost a career path," says Bejtlich.
There's disagreement on which groups are the most sophisticated or dangerous, but that's not what
matters. What matters is that the universe of attackers is expanding and they have ready access to
an ever-growing wealth of knowledge about hacking, along with black hat tools helpful in launching
attacks. "Over the next five years, low-level actors will get more sophisticated and the Internet
[will expand] into areas of the Third World where the rule of law is weaker," says Gen. Michael Hayden,
principal at security consultancy The Chertoff Group. "The part of the world responsible for criminal
groups such as the Somali pirates is going to get wired."
Spear phishing attacks, sometimes called advanced targeted threats or advanced persistent threats,
are efforts to break into an organization's systems by targeting specific people and trying, for
example, to get them to open infected email messages that look like they were sent by friends. Such
attacks have been particularly difficult to defend against.
Then there's the issue of
zero-day attacks. While software and systems vendors have released thousands of vulnerability
patches over the past 10 years, Amoroso says, "I wouldn't be surprised if there are thousands of
zero-day vulnerabilities that go unreported." And while hacktivists may brag about uncovering vulnerabilities,
criminal organizations and foreign governments prefer to keep that information to themselves. "The
nation-state-sponsored attack includes not only the intellectual property piece but the ability to
pre-position something when you want to be disruptive during a conflict," Schmidt says.
Usually in espionage it's much easier to steal intelligence than it is to do physical harm. That's
not true in the cyber domain, says Hayden. "If you penetrate a network for espionage purposes, you've
already got everything you'll want for destruction," he says.
On the other hand, while it's impossible for a private company to defend itself from physical
warfare, that's not true when it comes to cyberattacks. Every attack exploits a weakness. "By closing
that vulnerability, you stop the teenage kid, the criminal and the cyberwarrior," says Pescatore.
Control Anxiety
Computerized control systems are a potential problem area because the same systems are in use
across many different types of critical infrastructure. "Where you used to turn dials or throw a
switch, all of that is done electronically now," Schmidt says.
In addition, many industrial control systems that used to be "air-gapped" from the Internet are
now connected to corporate networks for business reasons. "We've seen spreadsheets with thousands
of control system components that are directly connected to the Internet. Some of those components
contain known vulnerabilities that are readily exploitable without much sophistication," says Marty
Edwards, director of control systems security at the Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT) at the DHS. The organization, with a staff that's grown tenfold to 400 in the past
four years, offers
control system security standards, shares threat data with critical infrastructure providers
and has a rapid response team of "cyberninjas," high-level control systems engineers and cybersecurity
analysts who can be deployed at a moment's notice.
Last year, ICS-CERT issued 5,200 alerts and advisories to private industry and government. "[Edwards]
had teams fly out seven times last year to help businesses respond to events that either took them
offline or severely impacted operations," says Weatherford, who declined to provide details on the
nature of those events.
Control systems also suffer from another major weakness: They're usually relatively old and can't
easily be patched. "A lot of them were never designed to operate in a network environment, and they
aren't designed to take upgrades," Schmidt says. "Its firmware is soldered onto the device, and the
only way to fix it is to replace it." Since the systems were designed to last 10 to 20 years, organizations
need to build protections around them until they can be replaced. In other cases, updates can be
made, but operators have to wait for the service providers who maintain the equipment to do the patching.
So where should the industry go from here?
The place to start is with better standards and best practices, real-time detection and containment,
and faster and more detailed information sharing both among critical infrastructure providers and
with all branches of government.
Telecoms Deal With Escalating DDoS Threat
Electric grid operators worry about compromised computerized industrial control systems taking
them offline. Telecommunications companies worry that a large-scale distributed denial-of-service
(DDoS) attack will take out another type of critical infrastructure: the Internet.
Until 2009 or so, AT&T might have seen one major DDoS attack a year, says Edward Amoroso, chief
security officer and a senior vice president at the telecommunications giant. Today, Tier 1 Internet
service providers find themselves fending off a few dozen attacks at any given moment. "It used to
be two guys bailing out the ship. Now we have 40, 50 or 60 people dumping the water out all the time,"
he says. In fact, attacks have been scaling up to the point where Amoroso says he worries they could
potentially flood backbone networks, taking portions of the Internet offline.
It would take just 64,000 PCs infected with a virus similar to Conficker to spew out about 10Gbps
of traffic, he says. "Multiply that by four, and you've got 40Gbps, which is the size of most backbones,"
says Amoroso.
AT&T hasn't yet seen an attack generate enough traffic to flood a backbone, but it may just be
a matter of time. "So far no one has pushed that button," he says. "But we need to be prepared."
Telecommunications providers must constantly scramble and innovate to keep ahead. They devise
new defense techniques, then those techniques become popular and adversaries figure out new ways
to defeat them. "We're going to have to change the mechanisms we now use to stop DDoS [attacks],"
he says.
While some progress has been made with standards at both the DHS and industry
groups such as the NERC, some argue that government procurement policy could be used to drive higher
security standards from manufacturers of hardware and software used to operate critical infrastructure.
Today, no such policy exists across all government agencies.
"Government would be better off using its buying power to drive higher
levels of security than trying to legislate higher levels of security," argues Pescatore. But the
federal government doesn't require suppliers to meet a consistent set of security standards across
all agencies.
Even basic changes in contract terms would help, says Schmidt. "There's
a belief held by me and others in the West Wing that there's nothing to preclude one from writing
a contract today that says if you are providing IT services to the government you must have state-of-the-art
cybersecurity protections in place. You must have mechanisms in place to notify the government of
any intrusions, and you must have the ability to disconnect networks," he says.
But government procurement policy's influence on standards can go only
so far. "The government isn't buying turbines" and control systems for critical infrastructure, says
Lewis.
When it comes to shutting down attacks, faster reaction times are key,
says Bejtlich. "Attackers are always going to find a way in, so you need to have skilled people who
can conduct rapid and accurate detection and containment," he says. For high-end threats, he adds,
that's the only effective countermeasure. Analysts need high visibility into the host systems, Bejtlich
says, and the network and containment should be achieved within one hour of intrusion.
Opening the Kimono
Perhaps the toughest challenge will be creating the policies and fostering
the trust required to encourage government and private industry to share what they know more openly.
The government not only needs to pass legislation that provides the incentives and protections that
critical infrastructure businesses need to share information on cyberthreats, but it also needs to
push the law enforcement, military and intelligence communities to open up. For example, if the DOD
is planning a cyberattack abroad against a type of critical infrastructure that's also used in the
U.S., should information on the weakness being exploited be shared with U.S. companies so they can
defend against counterattacks?
"There is a need for American industry to be plugged into some of the
most secretive elements of the U.S. government -- people who can advise them in a realistic way of
what it is that they need to be concerned about," says Hayden. Risks must be taken on both sides
so everyone has a consistent view of the threats and what's going on out there.
One way to do that is to share some classified information with selected
representatives from private industry. The House of Representatives recently passed an intelligence
bill, the Cyber Intelligence Sharing and Protection Act, which would give security clearance to officials
of critical industry operators. But the bill has been
widely criticized by privacy groups, which say it's too broad. Given the current political climate,
Hayden says he expects the bill to die in the Senate.
Information sharing helps, and standards form a baseline for protection,
but ultimately, every critical infrastructure provider must customize and differentiate its security
strategy, Amoroso says. "Right now, every business has exactly the same cybersecurity defense, usually
dictated by some auditor," he says. But as in football, you can't win using just the standard defense.
A good offense will find a way around it. "You've got to mix it up," Amoroso says. "You don't tell
the other guys what you're doing."
The Last but not LeastTechnology is dominated by
two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt.
Ph.D
FAIR USE NOTICEThis site contains
copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available
to advance understanding of computer science, IT technology, economic, scientific, and social
issues. We believe this constitutes a 'fair use' of any such
copyrighted material as provided by section 107 of the US Copyright Law according to which
such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free)
site written by people for whom English is not a native language. Grammar and spelling errors should
be expected. The site contain some broken links as it develops like a living tree...
You can use PayPal to to buy a cup of coffee for authors
of this site
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or
referenced source) and are
not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society.We do not warrant the correctness
of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be
tracked by Google please disable Javascript for this site. This site is perfectly usable without
Javascript.