|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix |
There is a tendency to exaggerate attacks, although genuine cyberwarfare attacks do exist starting from Stuxnet. The term “war” could be applied to “cyber” activity only if there is a deliberate attempt to destroy some kind of infrastructure of foreign state like was the case of Stuxnet.
(Re: It does not take a village — or a country; http://tinyurl.com/yguw93g ).
If country A attacks country B power grid or disrupt government communications that is a clear “cyber warfare”.
Criminal hacking, Web site defacement, denial-of-service attacks — especially those directed against non-military and non-infrastructure targets — aren't “war” of any kind. It's more like (possibly a state-sponsored) terrorism: attempt to get attention to specific group or goals. Not that different from, for example, support of jihadists by the USA during Soviet Afghan war,
Let’s be very clear; "real" war results in people being killed, in property being destroyed, in infrastructure and logistical capabilities being crippled. So for Internet attack to be called cyberwarfare it should meet at least one of this criteria; if not in effect, then in intention. And by “infrastructure” I mean real infrastructure— factories, hospitals, water treatment plants, power-generation facilities, roads and bridges. At least web sites that provide some kind of essential services like financial websites, not the Internet web site with general public information.
Anything short of this is merely cyber terrorism, propaganda war, or "cold war" if you wish.
Hacking high officials email is more like a color revolution inspired trick, the attempt to destabilizes the government.
US Cyber Attack on Russia’s Power Grid is an ‘Act of War’ (According to the US) Dissident Voice
The Times article, the publication of which President Trump decried in a tweet as “close to treason,” was disturbing for a number or reasons. One was that sources told the Times the hacking by the US Cyber Command of Russia’s power grid had been conducted without the president’s knowledge, for fear that he might act to prevent it or might disclose it.
In other words, an action — the hostile hacking of another rival country’s essential infrastructure, which the US government has warned other nations would be viewed as an “act of war,” is being taken by the US military, without the President’s or Congress’s knowledge!
That should be enough to send shivers down the spine of any sane person. In fact, that could lead to Russian “military response.”
If the Times is correct, the current US hacking of Russia’s power grid is evidence of a US military establishment run amok.
Congress should be outraged and calling for immediate hearings to determine the chain of command that allowed this to happen. Either Trump is lying, and knows all about the hacking, or some high-ranking military officers who acted without his knowledge should be fired the way President Truman fired an insubordinate Gen. Douglas McArthur during the Korean War.
But the Times article was disturbing for another reason too. The lengthy investigative piece, while it talked all about the secret cyber war already being fought by the internet forces of the US and Russia, never mentioned Venezuela.
Recall that at the height of opposition militancy a few months ago, when middle-class Venezuelan backers of calls for President Nicolás Maduro’s resignation were taking to the streets of Caracas and confronting police and army soldiers, virtually the whole country was thrown into darkness and chaos by the collapse of its power grid.Maduro’s government claimed to have solid evidence that the grid had been hacked by the US. Meanwhile the US, which was openly calling for a coup to oust Maduro, and seeking to build support for it by blocking food imports to Venezuela and oil exports from the country, squeezing its economy in every way possible, and working underground to try and persuade senior military leaders to turn on the government, denied that it was hacking the country’s power grid.
Many people probably assumed that the idea of the US using cyber tool to bring down a country’s power grid was science fiction, or a paranoid fantasy. But now we know it’s reality. If the Pentagon’s Cyber Command has the capability to plant remote-controlled cyber weapons in the software of Russia’s power grid computer systems, it certainly has the capability of using them to bring down the power grid of a Third World country like Venezuela.
But such an act of sabotage and war has deadly consequences. When Venezuela was out of electricity, hospitals were without power, street lights no longer functioned, frail old people were left in darkness where they were at risk of deadly falls, people in multi-story apartment buildings were without elevators and forced to use dark stairwells to go to and from their apartments, and water, which relies on pumps to reach faucets, became scarce. The list of risks to life and health are endless. If the victims of such an attack were added up, I’m sure it would be staggering.
Did the US bring down the Venezuelan power grid?Given the depth of US involvement in the opposition movement against Maduro, which included creating and propping up the ludicrous self-proclaimed “legitimate President” Juan Guaidó (who self destructed in a fake “coup” attempt orchestrated by the US with help from the US media, when Guaidó was caught pretending to be in control of a “liberated” air force base when he was really with a handful of soldiers standing on a bridge outside the base), it seems harder to believe that the US was not behind the rid collapse than that it caused it.
How could the Times, which clearly had excellent sources inside the Cyber Command to have produced its current story of the successful if deadly risky hacking of Russia’s power grid, not have also mentioned the hacking of the Venezuelan grid, which many observers have already accused the US of being behind? Surely it was relevant to the story. If the reporters left it out, why didn’t an editor say to ask about, and to include a reference to it? If the reporters did their jobs and did ask about and try to include the Venezuela grid story in their piece and it was deleted by the editors, why didn’t the reporters complain publicly?
Well, we know the answer to that. The Times is a “responsible” news organization. It might take sides over a disputed issue within the foreign policy establishment, which surely is why the paper learned about, and decided to report on the hacking of the Russian power grid. The article even mentions that some government and military officials have opposed using cyber attacks on Russian infrastructure to counter alleged Russian hacking of US campaign related organizations and social media platforms. But as a “responsible” news organization, the paper would not publish any information about a cyber attack on a country that its editors agree is led by an “autocrat” who opposes US interests. US backing of a coup to oust the Maduro government, after all, has the backing of the whole US foreign policy establishment.
That, of course, is not real journalism. It’s propaganda.
It’s important to know, which we now do, that our country is at war with Russia in cyberspace. But we need to know too that cyberwars have real flesh-and-blood victims, and that the cyberwar the US almost certainly launched against Venezuela earlier this spring is also underway and killing innocent people.
|
Switchboard | ||||
Latest | |||||
Past week | |||||
Past month |
Jul 23, 2021 | www.zerohedge.com
JUL 22, 2021Authored by Mimi Nguyen Ly via The Epoch Times,
Pennsylvania 's top election official has decertified the voting system of rural Fulton County for future elections, saying that an election assessment by a third party had violated the Keystone State's election code, according to a release on Wednesday.
Acting Secretary of State Veronica Degraffenreid, an appointee of Democratic Gov. Tom Wolf, informed the Fulton County Board of Elections that she "did not arrive at this decision lightly."
Wake Technology Services Inc. (Wake TSI), a software company based in West Chester, Pennsylvania, had carried out an election assessment that involved its workers visiting Fulton County in December 2020 and in early February.
The company in May released a report that concluded the election was "well-run" and did not indicate any signs of fraud in Fulton County. However, five "issues of note" were uncovered , three of which are related to Dominion Voting Systems , whose electronic voting system was used in the county for the 2020 election.
"While these may seem minor, the impact on an election can be huge," Wake TSI said of the five issues. At the time, Dominion disputed the report's findings.
The Pennsylvania Department of State said in a statement on Wednesday that Wake TSI's access to the Fulton County's voting system "undermined the chain of custody requirements and strict access limitations necessary to prevent both intentional and inadvertent tampering with electronic voting systems."
It added that the "unauthorized access" prevents the vendor -- Dominion -- from "affirming that the system continues to meet state and federal certification standards."
Fulton county officials had allowed Wake TSI to "access certain key components of its certified system, including the county's election database, results files, and Windows systems logs," and to "use a system imaging tool to take complete hard drive images of these computers and other digital equipment," the department noted.
"These actions were taken in a manner that was not transparent," Degraffenreid said in her letter to Fulton County officials on Tuesday. She said the access given to Wake TSI has caused Fulton County's voting system to be "compromised," and that neither the county, state officials, nor Dominion could now "verify that the impacted components of Fulton County's leased voting system are safe to use in future elections."
"I have no other choice but to decertify the use of Fulton County's leased Dominion Democracy Suite 5.5A voting system last used in the November 2020 election," Degraffenreid wrote.
The Fulton County Board of Elections and Wake TSI did not immediately respond to requests for comment.
The Pennsylvania Department of State previously said that a risk-limiting audit of the 2020 election has confirmed the state's election results.
The Pennsylvania Capital-Star reported that Fulton County needed to pay $25,000 to lease new equipment for its municipal elections in May, because Dominion refused to let the county use the voting machines that Wake TSI had accessed. According to the outlet, Dominion told the county that it violated its contract in letting a unaccredited and non-certified company inspect the machines.
Wake TSI's assessment in Fulton County was "set" by Pennsylvania Sen. Doug Mastriano, a Republican, according to a Dec. 31, 2020 document signed by the company that was obtained and published by the Arizona Mirror and The Washington Post. Wake TSI said in its report that Mastriano and Pennsylvania Sen. Judy Ward, also a Republican, "were aware of our efforts."
The document also said that Wake TSI was "contracted to Defending the Republic," a nonprofit founded by lawyer Sidney Powell, who has alleged that widespread fraud occurred in the 2020 election.
Mastriano earlier this month issued letters to York, Tioga, and Philadelphia counties requesting that they voluntarily submit information and materials by July 31, to enable what he calls a "forensic investigation" of the 2020 and 2021 elections. He told The Epoch Times that he seeks for an investigation that would be "a big deep dive, like we saw in Arizona, but even deeper."
Wake TSI was also involved in the election audit still underway in Arizona's Maricopa County up until its contract expired in May. The audit in Maricopa County was ordered by the Arizona state Senate's Republican majority. Dominion machines in Maricopa County will also be replaced .
Arizona Senate President Karen Fann, a Republican, said the machines were not tampered with during the audit and questioned the Board of Supervisors' decision to get new machines.
"If their experts can't prove the machines have not been tampered with, then how does the [Secretary of State's office] or County Elections certify the machines before every audit to make sure the machines haven't been tampered with?" she asked in June.
www.zerohedge.com
May 21, 2021
One of the things that makes Wi-Fi work is its ability to break big chunks of data into smaller chunks and combine smaller chunks into bigger chunks, depending on the needs of the network at any given moment. These mundane network plumbing features, it turns out, have been harboring vulnerabilities that can be exploited to send users to malicious websites or exploit or tamper with network-connected devices, newly published research shows.
In all, researcher Mathy Vanhoef found a dozen vulnerabilities, either in the Wi-Fi specification or in the way the specification has been implemented in huge numbers of devices. Vanhoef has dubbed the vulnerabilities FragAttacks , short for fragmentation and aggregation attacks, because they all involve frame fragmentation or frame aggregation. Broadly speaking, they allow people within radio range to inject frames of their choice into networks protected by WPA-based encryption.
Bad news FURTHER READING Serious flaw in WPA2 protocol lets attackers intercept passwords and much more Assessing the impact of the vulnerabilities isn't straightforward. FragAttacks allow data to be injected into Wi-Fi traffic, but they don't make it possible to exfiltrate anything out. That means FragAttacks can't be used to read passwords or other sensitive information the way a previous Wi-Fi attack of Vanhoef, called Krack , did. But it turns out that the vulnerabilities -- some that have been part of Wi-Fi since its release in 1997 -- can be exploited to inflict other kinds of damage, particularly if paired with other types of hacks."It's never good to have someone able to drop packets into your network or target your devices on the network," Mike Kershaw, a Wi-Fi security expert and developer of the open source Kismet wireless sniffer and IDS, wrote in an email. "In some regards, these are no worse than using an unencrypted access point at a coffee shop -- someone can do the same to you there, trivially -- but because they can happen on networks you'd otherwise think are secure and might have configured as a trusted network, it's certainly bad news."
He added: "Overall, I think they give someone who was already targeting an attack against an individual or company a foothold they wouldn't have had before, which is definitely impactful, but probably don't pose as huge a risk as drive-by attacks to the average person."
While the flaws were disclosed last week in an industry-wide effort nine months in the making, it remains unclear in many cases which devices were vulnerable to which vulnerabilities and which vulnerabilities, if any, have received security updates. It's almost a certainty that many Wi-Fi-enabled devices will never be fixed.
Rogue DNS injectionOne of the most severe vulnerabilities in the FragAttacks suite resides in the Wi-Fi specification itself. Tracked as CVE-2020-24588, the flaw can be exploited in a way that forces Wi-Fi devices to use a rogue DNS server, which in turn can deliver users to malicious websites rather than the ones they intended. From there, hackers can read and modify any unencrypted traffic. Rogue DNS servers also allow hackers to perform DNS rebinding attacks , in which malicious websites manipulate a browser to attack other devices connected to the same network.
The rogue DNS server is introduced when an attacker injects an ICMPv6 Router Advertisement into Wi-Fi traffic. Routers typically issue these announcements so other devices on the network can locate them. The injected advertisement instructs all devices to use a DNS specified by the attacker for lookups of both IPv6 and IPv4 addresses.
AdvertisementAn exploit demoed in a video Vanhoef published shows the attacker luring the target to a website that stashes the router advertisement in an image.
Here's a visual overview:
In an email, Vanhoef explained, saying, "The IPv6 router advertisement is put in the payload (i.e. data portion) of the TCP packet. This data is by default passed on to the application that created the TCP connection. In the demo, that would be the browser, which is expecting an image. This means that by default, the client won't process the IPv6 router advertisement but instead process the TCP payload as application data."
Vanhoef said that it's possible to perform the attack without user interaction when the target's access point is vulnerable to CVE-2021-26139 , one of the 12 vulnerabilities that make up the FragAttacks package. The security flaw stems from a kernel flaw in NetBSD 7.1 that causes Wi-Fi access points to forward Extensible Authentication Protocol (AP) over LAN frames to other devices even when the sender has not yet authenticated to the AP.
It's safe to skip ahead, but for those curious about the specific software bug and the reason the video demo uses a malicious image, Vanhoef explained:
Punching a hole in the firewallTo make the victim process the TCP payload (i.e. data portion) as a separate packet, the aggregation design flaw in Wi-Fi is abused. That is, the attacker intercepts the malicious TCP packet at the Wi-Fi layer and sets the "is aggregated" flag in the Wi-Fi header. As a result, the receiver will split the Wi-Fi frame into two network packets. The first network packet contains part of the original TCP header and is discarded. The second packet corresponds with the TCP payload, which we made sure will now correspond to the ICMPv6 packet, and as a result, the ICMPv6 router advertisement is now processed by the victim as a separate packet. So proximity to the victim is required to set the "is aggregated" Wi-Fi flag so that the malicious TCP packet will be split into two by the receiver.
The design flaw is that an adversary can change/set the "is aggregated" flag without the receiver noticing this. This flag should have been authenticated so that a receiver can detect if it has been modified.
It's possible to perform the attack without user interaction when the access point is vulnerable to CVE-2020-26139. Out of four tested home routers, two of them had this vulnerability. It seems that most Linux-based routers are affected by this vulnerability. The research paper discusses in more detail how this works -- essentially, instead of including the ICMPV6 router advertisement in a malicious TCP packet, it can then be included in an unencrypted handshake message (which the AP will then forward to the client after which the adversary can again set the "is aggregated" flag etc).
Four of the 12 vulnerabilities that make up the FragAttacks are implementation flaws, meaning they stem from bugs that software developers introduced when writing code based on the Wi-Fi specification. An attacker can exploit them against access points to bypass a key security benefit they provide.
Besides allowing multiple devices to share a single Internet connection, routers prevent incoming traffic from reaching connected devices unless the devices have requested it. This firewall works by using network address translation, or NAT, which maps private IP addresses that the AP assigns each device on the local network to a single IP address that the AP uses to send data over the Internet.
AdvertisementThe result is that routers forward data to connected devices only when they have previously requested it from a website, email server, or other machine on the Internet. When one of those machines tries to send unsolicited data to a device behind the router, the router automatically discards it. This arrangement isn't perfect , but it does provide a vital defense that protects billions of devices.
Vanhoef figured out how to exploit the four vulnerabilities in a way that allows an attacker to, as he put it, "punch a hole through a router's firewall." With the ability to connect directly to devices behind a firewall, an Internet attacker can then send them malicious code or commands.
In one demo in the video, Vanhoef exploits the vulnerabilities to control an Internet-of-things device, specifically to remotely turn on and off a smart power socket. Normally, NAT would prevent a device outside the network from interacting with the socket unless the socket had first initiated a connection. The implementation exploits remove this barrier.
FURTHER READING Microsoft practically begs Windows users to fix wormable BlueKeep flaw In a separate demo, Vanhoef shows how the vulnerabilities allow a device on the Internet to initiate a connection with a computer running Windows 7, an operating system that stopped receiving security updates years ago. The researcher used that ability to gain complete control over the PC by sending it malicious code that exploited a critical vulnerability called BlueKeep ."That means that when an access point is vulnerable, it becomes easy to attack clients!" Vanhoef wrote. "So we're abusing the Wi-Fi implementation flaws in an access point as a first step in order to subsequently attack (outdated) clients ."
Getting your fixDespite Vanhoef spending nine months coordinating patches with more than a dozen hardware and software makers, it's not easy to figure out which devices or software are vulnerable to which vulnerabilities, and of those vulnerable products, which ones have received fixes.
This page provides the status for products from several companies. A more comprehensive list of known advisories is here . Other advisories are available individually from their respective vendors. The vulnerabilities to look for are:
Design flaws:
CVE-2020-24588 : aggregation attack (accepting non-SPP A-MSDU frames) CVE-2020-24587 : mixed key attack (reassembling fragments encrypted under different keys) CVE-2020-24586 : fragment cache attack (not clearing fragments from memory when (re)connecting to a network)Implementation vulnerabilities allowing the injection of plaintext frames:
CVE-2020-26145 : Accepting plaintext broadcast fragments as full frames (in an encrypted network) CVE-2020-26144 : Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network) CVE-2020-26140 : Accepting plaintext data frames in a protected network CVE-2020-26143 : Accepting fragmented plaintext data frames in a protected networkOther implementation flaws:
CVE-2020-26139 : Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs) CVE-2020-26146 : Reassembling encrypted fragments with non-consecutive packet numbers CVE-2020-26147 : Reassembling mixed encrypted/plaintext fragments CVE-2020-26142 : Processing fragmented frames as full frames CVE-2020-26141 : Not verifying the TKIP MIC of fragmented framesThe most effective way to mitigate the threat posed by FragAttacks is to install all available updates that fix the vulnerabilities. Users will have to do this on each vulnerable computer, router, or other Internet-of-things device. It's likely that a huge number of affected devices will never receive a patch.
The next-best mitigation is to ensure that websites are always using HTTPS connections. That's because the encryption HTTPS provides greatly reduces the damage that can be done when a malicious DNS server directs a victim to a fake website.
Sites that use HTTP Strict Transport Security will always use this protection, but Vanhoef said that only about 20 percent of the web does this. Browser extensions like HTTPS everywhere were already a good idea, and the mitigation they provide against FragAttacks makes them even more worthwhile.
As noted earlier, FragAttacks aren't likely to be exploited against the vast majority of Wi-Fi users, since the exploits require a high degree of skill as well as proximity -- meaning within 100 feet to a half-mile, depending on the equipment used -- to the target. The vulnerabilities pose a higher threat to networks used by high-value targets such as retail chains, embassies, or corporate networks where security is key, and then most likely only in concert with other exploits.
When updates become available, by all means install them, but unless you're in this latter group, remember that drive-by downloads and other more mundane types of attacks will probably pose a bigger threat. Promoted Comments
Artem S. Tashkinov > , As long as you're using DoT/DoH and HTTPS, you're safe.
When I'm networking I always assume the network I'm connected to is completely compromised, so all my devices use these things and are properly firewalled in which case these attacks are pretty much worthless.
While only new versions of Android support DoT out of the box on the system level, Google has recently added the support for DoH to Chrome, so in case your device is running an older version of Android you might want to enable DoH in Chrome to feel safe.
And as for Firefox it's had the support for DoH for years. I've gone as far as to set network.trr.mode to 2 in about:config to be extra safe. 3 is even better: https://wiki.mozilla.org/Trusted_Recursive_Resolver 178 posts | register
May 14, 2021 | www.zerohedge.com
Authored by Zachary Stieber via The Epoch Times (emphasis ours),
Dominion Voting Systems and Maricopa County officials are refusing to hand over passwords for election machines to auditors in Arizona.
Contractors working for Cyber Ninjas, which was hired by the Arizona Senate, examine and recount ballots from the 2020 general election at Veterans Memorial Coliseum in Phoenix, Ariz., on May 1, 2021. (Courtney Pedroza/Getty Images)Dominion said in a statement to news outlets on Thursday that it would comply with the audit, but Cyber Ninjas, the firm hired by the Arizona Senate to conduct it along with three other companies, is not accredited by the U.S. Election Assistance Commission.
" Releasing Dominion's intellectual property to an unaccredited, biased, and plainly unreliable actor such as Cyber Ninjas would be reckless, causing irreparable damage to the commercial interests of the company and the election security interests of the country ," Dominion said. "No company should be compelled to participate in such an irresponsible act."
Cyber Ninjas did not respond to a request for comment.
Maricopa County officials previously said that they did not have passwords to access administrative functions on Dominion Voting Systems machines that were used to scan ballots during the election, according to the Senate's audit liaison, former Republican Secretary of State Ken Bennett.
"They've told us that they don't have that second password, or that they've given us all the passwords they have," Bennett told One America News at the site of the audit in Phoenix last week.
The county is also withholding routers from auditors , claiming security concerns.
Both routers or router images and access to election machines were part of the materials the state Senate subpoenaed late last year. A judge in February ruled that the subpoenas were valid and should be obeyed.
Arizona Senate President Karen Fann, a Republican, recently threatened to subpoena county officials if they didn't stop their noncompliance with the subpoenas, but backed off the threat in a letter on May 12.
Instead, she asked Maricopa County Board of Supervisors Chairman Jack Sellers, also a Republican, to cooperate voluntarily by attending an upcoming meeting at the state Capitol to go over the audit issues.
Fann said auditors have found discrepancies in the ballot count, including one batch that was supposed to be 200 but only numbered 165. She also said the audit teams found an entire database directory from an election machine had been deleted, and that the main database for the election management system software was not located anywhere on the machine, suggesting that the main database for all data related to the 2020 election had been removed.
Sellers on Thursday indicated he would not attend the meeting and disputed the allegations.
Deleting files off the server "would be a crime -- and it is not true," he said.
"After reviewing the letter with County election and IT experts, I can say that the allegations are false and ill-informed. Moreover, the claim that our employees deleted election files and destroyed evidence is outrageous, completely baseless, and beneath the dignity of the Arizona Senate," he added, calling for an immediate retraction of statements senators and their liaison team made on social media and to the press.
The Board of Supervisors, which held a closed-door emergency meeting on Friday, plans on holding a public meeting on Monday to address the matter.
Fann, an Arizona Senate Republican Caucus spokeswoman, and the liaison team did not immediately respond to requests for comment.
Maricopa County ballots cast in the 2020 general election are examined and recounted by contractors working for Florida-based company, Cyber Ninjas, at Veterans Memorial Coliseum in Phoenix, Ariz., on May 6, 2021. (Matt York/Pool/AP Photo) Auditors Pack Up as Senate Signs Lease to Extend AuditAuditors, meanwhile, began packing up on Thursday evening because the audit will take a break due to scheduling conflicts.
The audit has been taking place at the Veterans Memorial Coliseum on the state fairgrounds in Phoenix. High school graduations are scheduled to take place at the building beginning May 15.
Hand counting stopped at 7 p.m. on Thursday and workers began collapsing tables and preparing to move ballots to another location.
About 500,000 of the nearly 2.1 million ballots cast in Maricopa County in the 2020 election have been counted in the audit, according to Bennett.
The Arizona Senate signed an extension to their original agreement that allows auditors to store materials in the Wesley Bolin Building, which is also on the state fairgrounds, from May 12 to May 23.
The approximately 19,000-square foot building has a large open floor plan and two large roll-up doors, according to the Arizona State Fair website.
"Due to temperatures during the summer months, this building is not recommended for use between May through September," the site states.
Bennett told The Epoch Times in a previous interview that the materials will be secure and that the site at which they'll be stored can be tracked online via 24-hour streaming, just like the audit itself.
" There's no deadline for the audit ," Bennett said. " The goal is not speed; the goal is accuracy and completeness. "
The audit teams can resume occupancy of the coliseum on May 23 and use it until June 30, according to a copy of the extended agreement obtained by The Epoch Times .
The original scope of work document from Cyber Ninjas said reviewing voter registration and votes case would take approximately 20 days and that work would be conducted remotely. The vote counting phase would take about 20 more days, it said, while the electronic voting system phase would take some 35 days.
But all three of those phases could be carried out simultaneously, according to the firm. An additional week was said to be required after completing everything else to finalize reporting.
The audit started on April 23.
Follow Zachary on Twitter: @zackstieber Follow Zachary on Parler: @zackstieber
Apr 13, 2021 | thehill.com
Fox News has hired two high-profile defense attorneys to combat a $1.6 billion lawsuit filed against it by voting technology company Dominion.
The media outlet disclosed in a court filing that it had Charles Babcock and Scott Keller for its defense. Fox News confirmed the hirings to The Hill.
... ... ...
Fox News Media told The Hill after Dominion filed its suit that it is "proud of our 2020 election coverage, which stands in the highest tradition of American journalism, and will vigorously defend against this baseless lawsuit in court."
libsrnazi OhNo • 12 minutes ago
Bruce libsrnazi • 8 minutes ago • editedAnd yet discovery will be very interesting, and Fox News is now pitted against Dominion, and their best way to defend themselves is to show that the criticisms were legitimate...
Fox can now subpoena anything relevant from Dominion, and Dominion has to comply or be criminally prosecuted...
Hillaryous
OhNo libsrnazi • 11 minutes agoThere is not much to discover with Dominion. It mainly functions like a windows 10 computer. so it is hackable. It is very easy to install fraudulent software on these machines
See Harryi Hursti KILL CHAIN: THE CYBERWAR ON AMERICA'S ELECTIONS and look at his affidavit See "Investigators for Attorney DePernoReportedly Discover Modem Chips Embedded in Michigan Voting System Computer Motherboards" via today on theGatewayPundit
When testifying before the MI legislature, the Dominion CEO recommended that a full forensic audit be ordered if voters suspect that these machines were connected to the internet.
On Dec 1 election officials deleted the electronic voting data in violation of state la
libsrnazi OhNo • 8 minutes agoIf that is fox news's defense they are done 🤣
Sherman's Tiki Torch #PizzaGaetz • 31 minutes agoKeep tellin' yourself that... Eventually, even YOU might come to believe it...
When they lose the fight against the subpoenas, Dominion will drop the lawsuit, and claim the subpoenas are moot...
The media would like to give the impression that "hands" were the most washed body part in 2020, when in actuality, it was the "brain"..
Grundune Sherman's Tiki Torch • 16 minutes ago • editedTurns out the Kraken was fakin' and now her bacon is about to expire in the fire.
Bruce Man in the Moon!! • 23 minutes ago • editedSidney Powell lit a fuse. She woke the Republicans and others who want election integrity, so the Democrats won't be able to steal any more. At least not with the same tactics
Dutchcourage • 19 minutes ago • editedLou Dobbs might have gotten confused once. I believe he said that an affidavit that criticized Smartmatic had instead criticized Dominion. However, there are so many problems with Dominion, I would consider it to be an immaterial mistake. After all these machines appear to be unusable:
[Vote counting machines] "presents serious system security vulnerability and
operational issues that may place plaintiffs and other voters at risk of
deprivation of their fundamental right to cast an effective vote that is
accurately counted," U.S. District Judge Amy Totenberg wrote in a Oct 2020Electionic vote counting machines were banned in France, Ireland and the in
the Netherlands via Gateway Pundit because they were unreliable.The Gateway pundit could be sued if they make false statements.
via Twitter:
Elections Canada @ElectionsCan_E
· Nov 16
Elections Canada does not use Dominion Voting Systems. We use paper ballots counted by hand in front of scrutineers and have never used voting machines or electronic tabulators to count votes in our
100-year history. #CdnPoli
It is very easy to install fraudulent software on these machines See Harryi Hursti on seeKILL CHAIN: THE CYBERWAR ON AMERICA'S
ELECTIONS and look at his affidavitlabman57 • 19 minutes agoThe actual claim is here (400+ pages):
www DOT documentcloud DOT org/documents/20527880-dominion-v-fox-news-complaintThese lawyers have their work cut out for them. As explained in the claim, Dominion contacted Fox multiple times after the first accusations. They provided Fox with independent assessments and other evidence that their systems were sound. Fox ignored it, never mentioned this and continued presenting that Dominion systems were fraudulent (and stated that as a fact, not as an opinion).
This will go a long way to the "with malice" part
Jrgolden Golden • 14 minutes agoOnce again, FOX News will likely claim that they are an entertainment network, not a news agency ... and therefore they should not be expected to propagate facts on their broadcasts.
ballyb11 • 9 minutes agoDiscovery should be fun. Don't settle with FOX, grind their assets into the ground
Fred ballyb11 • 8 minutes agoRe this "The election was stolen" conspiracy theory of Trump's.
How did the Democrats pull off this massive election fraud?
It had to be an insanely well coordinated effort.
And not one Republican infiltrator, not one Democratic operative flipped to expose the fraud.
Done with surgical precision.
An absolutely masterful effort.
And headed up by a guy with dementia.
Astonishin
Apr 13, 2021 | finance.yahoo.com
Roger Parloff · Contributor Tue, April 13, 2021, 5:06 AM · 22 min read... "Instantly," said Steven Bellovin , a professor of computer science at Columbia University with almost 40 years of experience in computer networking and security. That's how long it took him to realize, he said in an interview, that a certain purported spreadsheet that I showed him was "not just fake, but a badly generated fake by someone who didn't know what they were doing."
The spreadsheet, together with an animated film that was said to illustrate its data, formed the crux of a nearly two-hour "docu-movie," called "Absolute Proof," which aired at least 13 times last February on the One America News Network. The movie, presented in a news magazine format, was hosted, co-produced, and relentlessly flacked by Mike Lindell, the irrepressible CEO of MyPillow, Inc. It purported to furnish absolute proof that the 2020 presidential election was stolen from then-President Donald Trump in an international cyberattack exploiting vulnerabilities in voting-machine software that had been intentionally designed to rig elections.
Dominion Voting Systems, which makes voting technology, filed a $1.3 billion defamation suit against Lindell and his company in late February -- the third of four massive cases it has filed since the election -- in part because of "Absolute Proof," which referenced Dominion more than 40 times. (An in-depth analysis of Dominion's suits over bogus election-fraud claims, as well as one brought by a rival voting-device company, Smartmatic, is provided in an earlier story I wrote here .)
... ... ...
Apr 12, 2021 | cepr.net
...Hugo Chavez, the former president of Venezuela who has been dead for eight years, figures prominently in many of the stories. Nonetheless, many Fox News viewers believe them.
For a voting machine manufacturer, the claim that your machines are rigged is pretty much a textbook definition of a damaging statement. Therefore, Dominion should have a pretty solid case.
Sullivan doesn't dispute any of this, instead, she points out that libel or defamation suits can also be used against news outlets doing serious reporting. She highlights the case of Reveal, a nonprofit news outfit that is dedicated to investigative reporting. Reveal was nearly forced out of business due to the cost of defending itself against a charity that it exposed as being run by a cult. Sullivan's takeaway is that defamation lawsuits can be used as a weapon against legitimate news organizations doing serious reporting.
Sullivan is right on this point, but wrong in understanding the implications. Every civil course of action can be abused by those with money to harm people without substantial resources. There are tens of thousands of frivolous tort cases filed every year, but would anyone argue that we should deny people the right to sue a contractor that mistakenly sets their customer's house on fire? The same applies to suits for breach of contract. If I pay someone $10,000 in advance to paint my house and they don't do it, should I not be able to sue to get my money back?
... ... ...
The reality is that our legal system can be abused by the powerful to harm those with less power. That is the result of the enormous disparities of income and power in this country, and the inadequate shields against abuse in the legal system...
... ... ...
Mar 26, 2021 | finance.yahoo.com
On Dec. 22, Coomer filed a defamation suit in Denver state court , seeking unspecified damages, against Oltmann and 14 others, including the Trump Campaign; Giuliani; Powell; the One America News Network (OAN); OAN chief White House correspondent Chanel Rion; Newsmax Media; Newsmax contributor Michelle Malkin; The Gateway Pundit website; and radio and podcast host Eric Metaxas.
Jan 27, 2021 | www.thegatewaypundit.com
When people are denied public records they routinely reach out to us for assistance and more often than not, we are able to request the same records and we get them. When this happens it is an indicator of a problem because if we are able to get those records, so too should others.
The DuPage County Clerk Jean Kaczmarek and her Chief Deputy Scott Mackay signed a contract with Dominion Voting Systems Inc. on January 24, 2020. After a copy of that contract was requested by an individual and denied, we were asked to assist in getting the same records. Our Freedom of Information Act request was granted and we find the Dominion Voting Systems encouragements to avoid transparency very troubling.
00:39 01:34 https://imasdk.googleapis.com/js/core/bridge3.436.0_en.html#goog_1311268489
TRENDING: INSANE: Joe Biden Signs Executive Order Banning the Term "China Virus"
From the Contract:
- 8. Customer shall take any and all action necessary or appropriate to assert all applicable or potentially applicable exemptions from disclosure under the FOIA Statute and take all other legally permissible steps to resist disclosure of the Information including, without limitation, commencement or defense of any legal actions related to such disclosure. In the event Customer receives a request for Information under the FOIA Statute, Customer shall inform Dominion of such request within ten (10) days of Customer's knowledge or such shorter period as necessary under the FOIA Statute to avoid prejudice to Dominion's ability to oppose disclosure , Dominion shall use its best efforts to assist and support Customer's exercise of any statutory exemption in denying a records request under the Freedom of Information Act (5 ILCS 140/1 et seq.). In the event that Customer becomes subject to fines, costs or fees pursuant to Section 11 of the Freedom of Information Act (5 ICLS 140/11) relying upon Dominion's claim that the information requested is exempt, Dominion shall indemnify Customer for those fines, fees and costs, notwithstanding any other provisions In this agreement. In the event Customer is required by court order to disclose any of the Information, Customer shall give written notice to Dominion at the earlier as soon as reasonably practical after tile imposition of such an order.
Advertisement - story continues below
https://lockerdome.com/lad/12826698504932966?pubid=ld-3414-2245&pubo=https%3A%2F%2Fwww.thegatewaypundit.com&rid=www.thegatewaypundit.com&width=728
There are exemptions under FOIA regarding trade secrets and we understand such exemptions and their applicability to certain information. However, the language in this contract focuses on encouraging, in fact, instructing the County that they " shall " take any and all action necessary or appropriate to assert " potentially applicable exemptions from disclosure " and to take all other legally permissible steps to resist disclosure of the information.
Read the rest here .
Jan 25, 2021 | www.rt.com
Donald Trump's lawyer Rudy Giuliani is being sued by Dominion Voting Systems over claims of fraud during the 2020 US presidential election. The company is seeking $1.3 billion in compensatory and punitive damages.The lawsuit was filed in the Federal District Court in Washington, DC on Monday. The massive 107-page document lists over 50 statements from Giuliani which he made on Twitter, his podcast, in the media, and during legislative hearings about Dominion – one of the largest companies selling voting machines used in the US.
Giuliani, like many other prominent supporters of former President Donald Trump, has repeatedly pointed the finger at the company as one of the main culprits behind Trump's election loss. Dominion has been accused of being part of an alleged plot to fix the election in favor of the Democrats, which, alongside mass mail-in voting, allegedly facilitated the "steal" of Trump's presumed 'victory'.
Dominion has accused Giuliani of waging a "viral disinformation campaign" and repeatedly producing "defamatory falsehoods" about it. It also claimed the allegedly false statements from Trump's lawyer have stirred up a storm of death threats against its employees.
To illustrate the damage presumably done by Giuliani, the lawsuit provides a long list of screenshots from assorted internet uses, primarily from Twitter, fuming at Dominion and accusing it of facilitating the election "steal." The voting machines and sharp spikes in vote counts in favor of Joe Biden, widely attributed to the system, have been among the centerpieces of conspiracy theories for the pro-Trump crowd in the aftermath of the turbulent election.
The lawsuit also highlights Giuliani's role in the January 6 Capitol Hill riot, accusing him of stirring up the violence. The document quotes Giuliani's address at the pro-Trump rally shortly before the violence, when he urged supporters to engage in "trial by combat."
The company is seeking at least $1.3 billion in compensatory and punitive damages from Giuliani, demanding a trial by jury, according to the court documents.
The lawsuit against Giuliani largely resembles the one against another pro-Trump lawyer, Sidney Powell, filed by the company earlier this month. Powell has been accused of waging a "viral disinformation campaign" as well, with Dominion seeking the same eye-watering sum of 1.3 billion in damages from her.
Think your friends would be interested? Share this story!
See also
- Dominion Voting Systems suing pro-Trump lawyer Sidney Powell for $1.3 billion
- 'A grave error': Dominion gets victory as American Thinker offers up retraction & apology for election reporting
FelixTcat 8 hours ago 25 Jan, 2021 02:48 PM
"Election results in a county in Michigan had to be corrected to show that President Trump won by nearly 2,000 votes after voting software gave 6,000 of his votes to Biden ." Which probably never would have been check if Antrim County wasn't such a Red county. Hard to find fraud when you refuse to look for it.LeRuscino2 Sue Brown 11 hours ago 25 Jan, 2021 11:08 AMExactly - Scream & shout 1st like MH-17 & when it's settled & Guiliani wins nobody will know or even remember.Banalucki 3 hours ago 25 Jan, 2021 07:46 PMso classic americana - the business that created an electronic voting "process" that eliminates chain of custody protection, signatures and voter ID is suing Rudy for "fraud"...Thomas51 2 hours ago 25 Jan, 2021 08:26 PMPolitical actions of any lawyer should bear consequencesVonnDuff1 2 hours ago 25 Jan, 2021 08:01 PMSLAPP (Strategic Lawsuit Against Public Policy) and nothing more. Unless you throw in Kangaroo Courts with Monkey Judges.Trekker 8 hours ago 25 Jan, 2021 02:36 PMGood to put Giuliani away once and for all for all the damage he has caused.GottaBeMe Skeptic076 7 hours ago 25 Jan, 2021 03:39 PMThey'll have to audit the computer code finally. And they'll have to do it using machines in swing states that haven't been touched since November. Otherwise it's them saying one thing, Giuliani saying something else.Pete Wagner 7 hours ago 25 Jan, 2021 03:11 PMI guess that means they've destroyed all the damning evidence and have their judge briefed, paid off, and ready to rule.Sue Brown 12 hours ago 25 Jan, 2021 10:53 AMTypical USA style, don't defend yourself . . . when wronged = SUE!!!!Enki14 9 hours ago 25 Jan, 2021 01:54 PMMethinks this is a publicity stunt as they would not want a jury of Powell's peers to see the evidence Patrick Byrne PH.D. has amassed and the hundreds of witnesses that would be called to testify on Powell's behalf. Methinks they managed to destroy the evidence on their hard drives and thus feel the evidence would be viewed as circumstantial. However the pathways are real, were tracked and saved.
SPIEGEL ONLINE
Arming for Virtual Battle: The Dangerous New Rules of Cyberwar
By Thomas Darnstaedt, Marcel Rosenbach and Gregor Peter Schmitz
Capt. Carrie Kessler/ U.S. Air Force
Now that wars are also being fought on digital battlefields, experts in international law have established rules for cyberwar. But many questions remain unanswered. Will it be appropriate to respond to a cyber attack with military means in the future?
The attack came via ordinary email, when selected South Korean companies received messages supposedly containing credit card information in the middle of the week before last.
Recipients who opened the emails also opened the door to the enemy, because it was in fact an attack from the Internet. Instead of the expected credit card information, the recipients actually downloaded a time bomb onto their computers, which was programmed to ignite on Wednesday at 2 p.m. Korean time.
At that moment, chaos erupted on more than 30,000 computers in South Korean television stations and banks. The message "Please install an operating system on your hard disk" appeared on the screens of affected computers, and cash machines ceased to operate. The malware, which experts have now dubbed "DarkSeoul," deleted data from the hard disks, making it impossible to reboot the infected computers.
DarkSeoul was one of the most serious digital attacks in the world this year, but cyber defense centers in Western capitals receive alerts almost weekly. The most serious attack to date originated in the United States. In 2010, high-tech warriors, acting on orders from the US president, smuggled the destructive "Stuxnet" computer worm into Iranian nuclear facilities.
The volume of cyber attacks is only likely to grow. Military leaders in the US and its European NATO partners are outfitting new battalions for the impending data war. Meanwhile, international law experts worldwide are arguing with politicians over the nature of the new threat. Is this already war? Or are the attacks acts of sabotage and terrorism? And if a new type of war is indeed brewing, can military means be used to respond to cyber attacks?
The War of the Future
A few days before the computer disaster in Seoul, a group led by NATO published a thin, blue booklet. It provides dangerous responses to all of these questions. The "Tallinn Manual on the International Law Applicable to Cyber Warfare" is probably no thicker than the American president's thumb. It is not an official NATO document, and yet in the hands of President Barack Obama it has the potential to change the world.
The rules that influential international law experts have compiled in the handbook could blur the lines between war and peace and allow a serious data attack to rapidly escalate into a real war with bombs and missiles. Military leaders could also interpret it as an invitation to launch a preventive first strike in a cyberwar.
At the invitation of a NATO think tank in the Estonian capital Tallinn, and at a meeting presided over by a US military lawyer with ties to the Pentagon, leading international law experts had discussed the rules of the war of the future. International law is, for the most part, customary law. Experts determine what is and can be considered customary law.
The resulting document, the "Tallinn Manual," is the first informal rulebook for the war of the future. But it has no reassuring effect. On the contrary, it permits nations to respond to data attacks with the weapons of real war.
Two years ago, the Pentagon clarified where this could lead, when it stated that anyone who attempted to shut down the electric grid in the world's most powerful nation with a computer worm could expect to see a missile in response.
A Private Digital Infrastructure
The risks of a cyberwar were invoked more clearly than ever in Washington in recent weeks. In mid-March, Obama assembled 13 top US business leaders in the Situation Room in the White House basement, the most secret of all secret conference rooms. The group included the heads of UPS, JPMorgan Chase and ExxonMobil. There was only one topic: How can America win the war on the Internet?
The day before, Director of National Intelligence James Clapper had characterized the cyber threat as the "biggest peril currently facing the United States."
The White House was unwilling to reveal what exactly the business leaders and the president discussed in the Situation Room. But it was mostly about making it clear to the companies how threatened they are and strengthening their willingness to cooperate, says Rice University IT expert Christopher Bronk.
The president urgently needs their cooperation, because the US has allowed the laws of the market to govern its digital infrastructure. All networks are operated by private companies. If there is a war on the Internet, both the battlefields and the weapons will be in private hands.
This is why the White House is spending so much time and effort to prepare for possible counterattacks. The aim is to scare the country's enemies, says retired General James Cartwright, author of the Pentagon's current cyber strategy.
Responsible for that strategy is the 900-employee Cyber Command at the Pentagon, established three years ago and located in Fort Meade near the National Security Agency, the country's largest intelligence agency. General Keith Alexander heads both organizations. The Cyber Command, which is expected to have about 4,900 employees within a few years, will be divided into various defensive and offensive "Cyber Mission Forces" in the future.
Wild West Online
It's probably no coincidence that the Tallinn manual is being published now. Developed under the leadership of US military lawyer Michael Schmitt, NATO representatives describe the manual as the "most important legal document of the cyber era."
In the past, Schmitt has examined the legality of the use of top-secret nuclear weapons systems and the pros and cons of US drone attacks. Visitors to his office at the Naval War College in Rhode Island, the world's oldest naval academy, must first pass through several security checkpoints.
"Let's be honest," says Schmitt. "Everyone has treated the Internet as a sort of Wild West, a lawless zone. But international law has to be just as applicable to online weapons as conventional weapons."
It's easier said than done, though. When does malware become a weapon? When does a hacker become a warrior, and when does horseplay or espionage qualify as an "armed attack," as defined under international law? The answers to such detailed questions can spell the difference between war and peace.
James Lewis of the Washington-based Center for Strategic and International Studies (CSIS), one of the country's top cyberwar experts, is somewhat skeptical about the new manual. He sees it as "a push to lower the threshold for military action." For Lewis, responding to a "denial of service" attack with military means is "really crazy." He says the Tallinn manual "shows is that you should never let lawyers go off by themselves."
Claus Kress, an international law expert and the director of the Institute for International Peace and Security Law at the University of Cologne, sees the manual as "setting the course," with "consequences for the entire law of the use of force." Important "legal thresholds," which in the past were intended to protect the world against the military escalation of political conflicts or acts of terror, are becoming "subject to renegotiation," he says.
According to Kress, the most critical issue is the "recognition of a national right of self-defense against certain cyber attacks." This corresponds to a state of defense, as defined under Article 51 of the Charter of the United Nations, which grants any nation that becomes the victim of an "armed attack" the right to defend itself by force of arms. The article gained new importance after Sept. 11, 2001, when the US declared the invasion of Afghanistan an act of self-defense against al-Qaida and NATO proclaimed the application of its mutual defense clause to come to the aid of the superpower.
The question of how malicious malware must be to justify a counterattack can be critical when it comes to preserving peace. Under the new doctrine, only those attacks that cause physical or personal damage, but not virtual damage, are relevant in terms of international law. The malfunction of a computer or the loss of data alone is not sufficient justification for an "armed attack."
But what if, as is often the case, computer breakdowns do not result in physical damage but lead to substantial financial losses? A cyber attack on Wall Street, shutting down the market for several days, was the casus belli among the experts in Tallinn. The US representatives wanted to recognize it as a state of defense, while the Europeans preferred not to do so. But the US military lawyers were adamant, arguing that economic damage establishes the right to launch a counterattack if it is deemed "catastrophic."
Ultimately, it is left to each country to decide what amount of economic damage it considers sufficient to venture into war. German expert Kress fears that such an approach could lead to a "dam failure" for the prohibition of the use of force under international law.
So was it an armed attack that struck South Korea on March 20? The financial losses caused by the failure of bank computers haven't been fully calculated yet. It will be up to politicians, not lawyers, to decide whether they are "catastrophic."
Just how quickly the Internet can become a scene of massive conflicts became evident this month, when suddenly two large providers came under constant digital attack that seemed to appear out of nowhere.
The main target of the attack was the website Spamhaus.org, a project that has been hunting down the largest distributors of spam on the Web since 1998. Its blacklists of known spammers enable other providers to filter out junk email. By providing this service, the organization has made powerful enemies and has been targeted in attacks several times. But the current wave of attacks overshadows everything else. In addition to shutting down Spamhaus, it even temporarily affected the US company CloudFlare, which was helping fend off the attack. Analysts estimate the strength of the attack at 300 gigabits per second, which is several times as high as the level at which the Estonian authorities were "fired upon" in 2007. The attack even affected data traffic in the entire Internet. A group called "Stophaus" claimed responsibility and justified its actions as retribution for the fact that Spamhaus had meddled in the affairs of powerful Russian and Chinese Internet companies.
Civilian forces, motivated by economic interests, are playing cyberwar, and in doing so they are upending all previous war logic.
A Question of When, Not If
A field experiment in the US shows how real the threat is. To flush out potential attackers, IT firm Trend Micro built a virtual pumping station in a small American city, or at least it was supposed to look like one to "visitors" from the Internet. They called it a "honeypot," designed to attract potential attackers on the Web.
The trappers installed servers and industrial control systems used by public utilities of that size. To make the experiment setup seem realistic, they even placed deceptively real-looking city administration documents on the computers.
After only 18 hours, the analysts registered the first attempted attack. In the next four weeks, there were 38 attacks from 14 countries. Most came from computers in China (35 percent), followed by the US (19 percent) and Laos (12 percent).
Many attackers tried to insert espionage tools into the supposed water pumping station to probe the facility for weaknesses. International law does not prohibit espionage. But some hackers went further than that, trying to manipulate or even destroy the control devices.
"Some tried to increase the rotation speed of the water pumps to such a degree that they wouldn't have survived in the real world," says Trend Micro employee Udo Schneider, who categorizes these cases as "classic espionage."
"There is no question as to whether there will be a catastrophic cyber attack against America. The only question is when," says Terry Benzel, the woman who is supposed to protect the country from such an attack and make its computer networks safer. The computer specialist is the head of DeterLab in California, a project that was established in 2003, partly with funding from the US Department of Homeland Security, and offers a simulation platform for reactions to cyber attacks.
Benzel's voice doesn't falter when she describes a war scenario she calls "Cyber Pearl Harbor." This is what it could look like: "Prolonged power outages, a collapse of the power grid and irreparable disruptions in the Internet." Suddenly, food would not reach stores in time and cash machines would stop dispensing money. "Everything depends on computers nowadays, even the delivery of rolls to the baker around the corner," she says.
Benzel also describes other crisis scenarios. For example, she says, there are programs that open and close gates on American dams that are potentially vulnerable. Benzel is worried that a clever hacker could open America's dams at will.
Should Preemptive Strikes Be Allowed?
These and other cases are currently being tested in Cyber City, a virtual city US experts have built on their computers in New Jersey to simulate the consequences of data attacks. Cyber City has a water tower, a train station and 15,000 residents. Everything is connected in realistic ways, enabling the experts to study the potentially devastating effects cyber attacks could have on residents.
In Europe, it is primarily intelligence agencies that are simulating digital war games. Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), also has a unit that studies the details of future wars. It is telling that the BND team doesn't just simulate defensive situations but increasingly looks at offensive scenarios, as well, so as to be prepared for a sort of digital second strike.
"Offensive Cyber Operations," or OCOs, are part of the strategy for future cyberwars in several NATO countries. The Tallinn manual now establishes the legal basis for possible preemptive strikes, which have been an issue in international law since former US President George W. Bush launched a preemptive strike against Iraq in March 2003.
The most contentious issue during the meetings in Tallinn was the question of when an offensive strike is permissible as an act of preventive self-defense against cyber attacks. According to the current doctrine, an attack must be imminent to trigger the right to preventive self-defense. The Tallinn manual is more generous in this respect, stating that even if a digital weapon is only likely to unfold its sinister effects at a later date, a first strike can already be justified if it is the last window of opportunity to meet the threat.
The danger inherent in the application of that standard becomes clear in the way that the international law experts at Tallinn treated Stuxnet, the most devastating malware to date, which was apparently smuggled into Iranian nuclear facilities on Obama's command. The data attack destroyed large numbers of centrifuges used for uranium enrichment in the Natanz reprocessing plant. Under the criteria of the Tallinn manual, this would be an act of war.
Could the US be the perpetrator in a war of aggression in violation of international law? Cologne international law expert Kress believes that what the Tallinn manual says parenthetically about the Stuxnet case amounts to a "handout for the Pentagon," namely that Obama's digital attack might be seen as an "act of preventive self-defense" against the nuclear program of Iran's ayatollahs.
The Fog of Cyber War
According to the Tallinn interpretation, countless virtual espionage incidents of the sort that affect all industrialized nations almost daily could act as accelerants. Pure cyber espionage, which American politicians also define as an attack, is not seen an act of war, according to the Tallinn rules. Nevertheless, the international law experts argue that such espionage attacks can be seen as preparations for destructive attacks, so that it can be legitimate to launch a preventive attack against the spy as a means of self-defense.
Some are especially concerned that the Tallinn proposals could also make it possible to expand the rules of the "war on terror." The authors have incorporated the call of US geostrategic expert Joseph Nye to take precautions against a "cyber 9/11" into their manual. This would mean that the superpower could even declare war on organized hacker groups. Combat drones against hackers? Cologne expert Kress cautions that the expansion of the combat zone to the laptops of an only loosely organized group of individuals would constitute a "threat to human rights."
Germany's military, the Bundeswehr, is also voicing concerns over the expansion of digital warfare. Karl Schreiner, a brigadier general with the Bundeswehr's leadership academy in Hamburg, is among those who see the need for "ethical rules" for the Internet battlefield and believe that an international canon for the use of digital weapons is required.
Military leaders must rethink the most important question relating to defense in cyberspace: Who is the attacker? "In most cases," the Tallinn manual reads optimistically, it is possible to identify the source of data attacks. But that doesn't coincide with the experiences of many IT security experts.
The typical fog of cyberwar was evident most recently in the example of South Korea. At first, officials said that DarkSeoul was clearly an attack from the north, but then it was allegedly traced to China, Europe and the United States. Some analysts now suspect patriotically motivated hackers in North Korea, because of the relatively uncomplicated malware. That leaves the question of just who South Korea should launch a counterattack against.
The South Korean case prompts Cologne international law expert Kress to conclude that lawyers will soon have a "new unsolved problem" on their hands -- a "war on the basis of suspicion."
Jan 06, 2021 | www.theamericanconservative.com
Whether or not the company's machines were misused, it poses structural risks, and suppressing criticism will make Trump supporters even more dubious
t is unlikely that many of the 73 million people who cast ballots for Donald Trump in 2020 will ever accept the legitimacy of his loss. Who could convince them? If the media sources demanding Trump's concession held any sway with Trump's voters, they would not have been his voters. They do not know for sure that the election was stolen, but they do know with apodictic certainty that the media would lie to them if it was. So if Donald Trump says the election was stolen, that's good enough for the Deplorables.
Yet even the President's most faithful must have flinched at his recent tweet accusing a leading manufacturer of voting machines of committing election fraud on a mass scale.
It is hard to overstate the irresponsibility of broadcasting such a serious accusation without proof. It shocked me, and my startle response has become pretty desensitized over the last four years. Sure, it turned out Trump was right when he accused the Obama administration of spying on his 2016 campaign, but this is different. Dominion Voting Systems is not staffed with Obama appointees, after all. I decided to poke around a bit to see what, if anything, could possibly be behind Trump's wild accusation.
A Twitter user named Joe Oltmann had tweeted a few screenshots of a Facebook user posting Antifa manifestos and songs about killing police. The Facebook account belonged to Eric Coomer, and Oltmann claimed it was the same Eric Coomer who is the Director of Product Strategy and Security for Dominion Voting Systems. Within hours of Oltmann posting the information, however, the Facebook page of Eric Coomer was taken down, so I was unable to verify that Antifa Coomer and Dominion Coomer were the same person. By the end of the day, Joe Oltmann's Twitter account was suspended as well. I had followed his feed throughout the day. I can say with certainty that he posted nothing remotely offensive or provocative. I have no doubt whatsoever that Twitter suspended him for posting the screenshots of Coomer's Facebook page. Interesting.
Searching around some more, I found that Dominion Coomer is an avid climber who used to post frequently on climbing message boards under his own name. He confirmed it himself in a post where he mentioned getting his nuclear physics Ph.D from Berkeley in 1997. Dominion's Eric Coomer received his nuclear physics Ph.D from Berkeley in 1997. In another post on the same message board, Coomer gave out his email address. It was his old campus address from the Berkeley nuclear physics department. I plugged that email address into the Google machine, and things got weird.
I found Eric Coomer had a long history of posting on websites for skinheads. He was a heavy user of a Google Group for skinheads, and seems to have possibly been a content moderator for papaskin.com. Only these aren't the neo-Nazis our mothers warned us about. These skinheads call themselves SHARPs, or Skinheads Against Racial Prejudice. Think of them as a sort of punk rock Antifa. In 2012, roughly 18 SHARPs attacked a smaller group of suspected racists in a Chicago restaurant with bats and batons. That same year, three neo-Nazis were charged for the 1998 double murder of two SHARPs in Nevada.
Given that Dominion's Director of Security and Strategy, Eric Coomer, was an enthusiast of a street fighting anti-racist skinhead culture going back at least into the 1990s, it seems very likely that Joe Oltmann was correct in identifying him as the Facebook user recently endorsing Antifa and posting anti-police rhetoric. I shared this information on a few message boards to let other people run with it. Within hours, Papa Skin, a skinhead website which had been up for over 20 years, was taken offline. (Whoever took it down missed the FAQ page, you can find it here http://www.papaskin.com/faq/faqs.html ).
Of course none of this proves any fraud took place, but we deserve some answers. One need only imagine if it was Joe Biden contesting the election results, and the Director for Strategy & Security at a major voting machine provider turned out to be a Proud Boy with decades of involvement in extremist, even violent, right wing political groups. Democrats would rightly point out that this person endorses engaging in illegal behavior to achieve political goals. They would ask how such a person ended up in such an important position of public trust, and what it might say about the procedures in place to ensure Dominion's responsibilities are handled in good faith.
Another reality of the Dominion fiasco, whether or not there was any fraud using its machines, is the structural risk created by having the same company run machines in more than two dozen states. If there were glitchy machines causing a dispute in one state, like Democrats' claims about Diebold machines in Ohio in 2004, and even if that dispute led to competing slates of electors, that is something the American political system has seen and withstood before. Having potentially tens of millions of people doubting results in a half-dozen different states thanks to the same company running machines in all of them is an unprecedentedly serious problem, whether or not their doubts are well-founded.
Moreover, platforms like Twitter and WordPress would do well to consider that censorship of people discussing Dominion and its employees is likely to have the opposite effect that they think it will: Twitter bans, site removals, and wiping of bios from websites are only going to make Trump's hardcore supporters think Dominion has something to hide. You can't make disagreements go away by banning one side and pretending there is unanimity.
Darryl Cooper is the host of the MartyrMade podcast.
JPH Kiyoshi01 • 8 days agoThis claim is fairly easy to check. The machine prints out a paper record that is viewable by the voter and saved for purposes of auditing.
HistoryProf JPH • 8 days agoActually voting is not audited as any accountant will be able to confirm.
JPH HistoryProf • 8 days agoEvery state that I am aware of conducts random spot audits of election results.
HistoryProf JPH • 8 days agohttps://en.wikipedia.org/wi...
You may have to work on your awareness. And a full audit of the whole process is definitely a lot more than some random spot.Herb Daniels HistoryProf • 8 days agoThe list you just linked showed that most states conduct routine audits of races. The only states that don't seem to are deep red ones. Spot audits are a valid way of discovering errors. If every state had to do full recounts for every single race, the cost to taxpayers would be enormous and wasteful.
TJ Hessmon Kerr Avon • 6 days ago • edited...Places like Georgia where Ds destroyed the system by actually eliminating audit... they just run exactly the same fake ballots through they ran the first time... & they had a 'signature verification' & they didn't even turn the machine on.
wernerpd Dan Penrod • 3 days agoThere are three obvious methods of election fraud occurring in 2020
1) canvasing, where those canvasing voters holding mail in ballots are convincing them to change their vote from republican to democrat, then paying them with what amounts to trinkets. (flash light, pocket knife, tee shirt, those sorts of things)
2) Voting machine weighted votes, which occurs in republican heavy precincts using the Banzhaf Power Index. This system counts votes in decimals less than and greater than one for each vote. An example would be weighting republican votes where each republican vote would count 0.75, meaning 4 voters are necessary to achieve a vote of 3. (1.5 + 1.5 = 3), the weighted scale increases as the number of votes increase. This is known as vote redistribution. In essence a system such as this cold require(at 0.25) 200k republican votes to equal 50k democrat votes
3) Mail in ballots which are rife with fraud of many types
409 Biscayne Sleeper Kerr Avon • 2 days agoThat's not reality for SCOTUS. They don't make those kinds of rulings. What I would expect from a majority opinion if they believed there was substantive fraud that was sufficient to overturn the election results, would go like this: "Based upon the quantity and quality of indicia for illegal ballots being counted, it is the opinion of the court that states X,Y,Z, etc., cannot certify their election results based upon the election held on 3 NOV 20. Accordingly, this case is remanded to the respective state legislatures for cure."
So what can the state legislatures do in accordance with Article II and the 12th Amendment? They can try to do a revote, but that is nearly impossible given the time constraints required by law. They can in many of these states appoint electors independently of the vote held on 3 NOV 20. Keep in mind, not every state permits such a role for the legislature. I don't see that happening, since the **perception** will be that they disenfranchised all of the state's voters. The only logical outcome is all of those respective states will not be able to certify their elections. As such, the 12th Amendment is instructive here. At that point, Congress will decide who becomes president. This also happened in the 1801 and 1825. Each state delegation gets exactly **one** vote. Since republicans control 26 of the 50 state delegations, you can guess how that vote might tilt.
Food for thought.
TJ Hessmon Charles • 6 days agoIsn't that preciously what your radical Dem brothers and sisters are up to hoping to snag the Senate via Georgia on Jan 4th so that a one party America exists indefinitely? You are "projecting" what your ilk is actually hoping to accomplish. 'Jeepers', yeah jeepers is right. Nice try though.
TJ Hessmon Herb Daniels • 6 days agoYou may want to read the complaint and resulting law suit filed by Lin Wood related to Georgia mail in ballots. It eliminates your assumptions with fact. Yes, in Georgia the voter signature validation was usurped for mail in ballots, allowing anyone with a mail in ballot to vote. There are ample undercover videos of union postal workers selling mail in ballots. Further there are many cases where mail in ballots were requested then the voter showed up at the polls to physically vote. The voter indicating they had never requested a mail in ballot. Plenty of documented cases, all you need do is look past you keyboard and tater chip bag...
TJ Hessmon tai • 6 days agoThe secretary of state usurped the law in Georgia, telling polling places to ignore the requirement to verify signatures of mail in ballots. The signatures are compared to the drivers license database. The democrats (Stacey Abrams) worked with the secretary of state to have such voting controls removed so the system could be easily frauded.
glasshalfful HistoryProf • 8 days agoAudits will work if cross auditing is randomly performed and auditors have the authority to either close the polls or invalidate the poll count based upon their discoveries.
TJ Hessmon HistoryProf • 6 days ago • editedCmpared to the Muller investigation, you mean waste of money like that? :)
Riccardo Palagi HistoryProf • 6 days agoAustin Texas = Kelly Reagan Brunner who was working at a Supported Living Center for senior citizens has been arrested and charged with more than 100 counts of voter fraud. (She was canvassing and changing votes).
Wisconsin
3,170,206 votes counted
3,129,ooo Registered Voters.Erie county elections, Poll worker posts on twitter about him throwing out Trump votes.
7 Wards in Milwaukee report more votes than actual registered voters
Republican poll watchers prevented from entering Detroit poll counting center. official states COVID 19 as their reason.
MIT scientists find objective evidence of vote tallies being forced negatively away for the statistical mean by vote software. This was discovered in several states.
And on and on and on .........a landslide of objective evidence.
donthomson1 HistoryProf • 4 days agoI'll tell you what Prof., if you think the cost of recounts is high, wait till you get a load of the cost of the electorate's lack of confidence in the election process. That cost will be measured in human lives.
Denace The Menace HistoryProf • 8 days ago • editedBut the Russians! Not my President. Resistance. Years of investigations into gossip columnist Steele's paid report to the Democrats.
How could anybody with a brain in their head have ever taken Steele seriously? OK, he did speak to a Yank who was once a Russian.
There was also a news aggregator run by Russians just as there are others run by other humans. Only racists think that free speech should be restricted to Yanks. [email protected]
UncleDirtNap Denace The Menace • 8 days agoHave you not been paying attention? The Dems states threw all election safeguards/checks and balances in the garbage like the USPS workers did, and some claim poll workers did. Experts have done audits of the voting in swing states/counties and found highly improbable vote counts......So.......
RepublicanDon Kiyoshi01 • 8 days agoYou mean like:
Georgia
President US Senate Differential
Trump 2,457,880 Purdue 2,458,665 -785
Biden 2,472,002 Ossoff 2,372,086 +99,916That's closer to impossible than improbable and a discrepancy only a leftist could accept as real.
They also export data in JSON to media outlets. The JSON files showed interesting anomalies.
Nov 14, 2020 | twitter.com
Praying Medic @prayingmedic
Jared Thomas, a lobbyist for Dominion Voting Systems, was Georgia Governor Brian Kemp's chief of staff and press secretary from 2012 to 2015.
06/22/2013 | Zero Hedge
With his revelations exposing the extent of potential, and actual, pervasive NSA surveillance over the American population, Edward Snowden has done a great service for the public by finally forcing it to answer the question: is having Big Brother peek at every private communication and electronic information, a fair exchange for the alleged benefit of the state's security. Alas, without further action form a population that appears largely numb and apathetic to disclosures that until recently would have sparked mass protests and toppled presidents, the best we can hope for within a political regime that has hijacked the democratic process, is some intense introspection as to what the concept of "America" truly means.
However, and more importantly, what Snowden's revelations have confirmed, is that behind the scenes, America is now actively engaged in a new kind of war: an unprecedented cyber war, where collecting, deciphering, intercepting, and abusing information is the only thing that matters and leads to unprecedented power, and where enemies both foreign and domestic may be targeted without due process based on a lowly analyst's "whim."
It has also put spotlight on the man, who until recently deep in the shadows, has been responsible for building America's secret, absolutely massive cyber army, and which according to a just released Wired profile is "capable of launching devastating cyberattacks. Now it's ready to unleash hell."
Meet General Keith Alexander, "a man few even in Washington would likely recognize", which is troubling because Alexander is now quite possibly the most powerful person in the world, that nobody talks about. Which is just the way he likes it.
This is the partial and incomplete story of the man who may now be empowered with more unchecked power than any person in the history of the US, or for that matter, the world. It comes once again, courtesy of the man who over a year before the Guardian's Snowden bombshell broke the story about the NSA's secret Utah data storage facility, James Bamford, and whose intimate knowledge of the NSA's secrets comes by way of being a consultant for the defense team of one Thomas Drake, one of the original NSA whistleblowers (as we learn from the full Wired article).
But first, by way of background, here is a glimpse of Alexander's ultra-secretive kingdom. From Wired:
Inside Fort Meade, Maryland, a top-secret city bustles. Tens of thousands of people move through more than 50 buildings-the city has its own post office, fire department, and police force. But as if designed by Kafka, it sits among a forest of trees, surrounded by electrified fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion detectors, and watched by rotating cameras. To block any telltale electromagnetic signals from escaping, the inner walls of the buildings are wrapped in protective copper shielding and the one-way windows are embedded with a fine copper mesh.
This is the undisputed domain of General Keith Alexander, a man few even in Washington would likely recognize. Never before has anyone in America's intelligence sphere come close to his degree of power, the number of people under his command, the expanse of his rule, the length of his reign, or the depth of his secrecy. A four-star Army general, his authority extends across three domains: He is director of the world's largest intelligence service, the National Security Agency; chief of the Central Security Service; and commander of the US Cyber Command. As such, he has his own secret military, presiding over the Navy's 10th Fleet, the 24th Air Force, and the Second Army.
Schematically, Alexander's empire consists of the following: virtually every piece in America's information intelligence arsenal.
As the Snowden scandal has unfurled, some glimpses into the "introspective" capabilities of the NSA, and its sister organizations, have demonstrated just how powerful the full "intelligence" arsenal of the US can be.
However, it is when it is facing outward - as it normally does - that things get really scary. Because contrary to prevailing conventional wisdom, Alexander's intelligence and information-derived power is far from simply defensive. In fact, it is when its offensive potential is exposed that the full destructive power in Alexander's grasp is revealed:
In its tightly controlled public relations, the NSA has focused attention on the threat of cyberattack against the US-the vulnerability of critical infrastructure like power plants and water systems, the susceptibility of the military's command and control structure, the dependence of the economy on the Internet's smooth functioning. Defense against these threats was the paramount mission trumpeted by NSA brass at congressional hearings and hashed over at security conferences.
But there is a flip side to this equation that is rarely mentioned: The military has for years been developing offensive capabilities, giving it the power not just to defend the US but to assail its foes. Using so-called cyber-kinetic attacks, Alexander and his forces now have the capability to physically destroy an adversary's equipment and infrastructure, and potentially even to kill. Alexander-who declined to be interviewed for this article-has concluded that such cyberweapons are as crucial to 21st-century warfare as nuclear arms were in the 20th.
And he and his cyberwarriors have already launched their first attack. The cyberweapon that came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli intelligence in the mid-2000s. The first known piece of malware designed to destroy physical equipment, Stuxnet was aimed at Iran's nuclear facility in Natanz. By surreptitiously taking control of an industrial control link known as a Scada (Supervisory Control and Data Acquisition) system, the sophisticated worm was able to damage about a thousand centrifuges used to enrich nuclear material.
The success of this sabotage came to light only in June 2010, when the malware spread to outside computers. It was spotted by independent security researchers, who identified telltale signs that the worm was the work of thousands of hours of professional development. Despite headlines around the globe, officials in Washington have never openly acknowledged that the US was behind the attack. It wasn't until 2012 that anonymous sources within the Obama administration took credit for it in interviews with The New York Times.
But Stuxnet is only the beginning. Alexander's agency has recruited thousands of computer experts, hackers, and engineering PhDs to expand US offensive capabilities in the digital realm. The Pentagon has requested $4.7 billion for "cyberspace operations," even as the budget of the CIA and other intelligence agencies could fall by $4.4 billion. It is pouring millions into cyberdefense contractors. And more attacks may be planned.
Alexander's background is equally impressive: a classmate of Petraeus and Dempsey, a favorite of Rumsfeld, the General had supreme power written all over his career progression. If reaching the top at all costs meant crushing the fourth amendment and lying to Congress in the process, so be it:
Born in 1951, the third of five children, Alexander was raised in the small upstate New York hamlet of Onondaga Hill, a suburb of Syracuse. He tossed papers for the Syracuse Post-Standard and ran track at Westhill High School while his father, a former Marine private, was involved in local Republican politics. It was 1970, Richard Nixon was president, and most of the country had by then begun to see the war in Vietnam as a disaster. But Alexander had been accepted at West Point, joining a class that included two other future four-star generals, David Petraeus and Martin Dempsey. Alexander would never get the chance to serve in Vietnam. Just as he stepped off the bus at West Point, the ground war finally began winding down.
In April 1974, just before graduation, he married his high school classmate Deborah Lynn Douglas, who grew up two doors away in Onondaga Hill. The fighting in Vietnam was over, but the Cold War was still bubbling, and Alexander focused his career on the solitary, rarefied world of signals intelligence, bouncing from secret NSA base to secret NSA base, mostly in the US and Germany. He proved a competent administrator, carrying out assignments and adapting to the rapidly changing high tech environment. Along the way he picked up masters degrees in electronic warfare, physics, national security strategy, and business administration. As a result, he quickly rose up the military intelligence ranks, where expertise in advanced technology was at a premium.
In 2001, Alexander was a one-star general in charge of the Army Intelligence and Security Command, the military's worldwide network of 10,700 spies and eavesdroppers. In March of that year he told his hometown Syracuse newspaper that his job was to discover threats to the country. "We have to stay out in front of our adversary," Alexander said. "It's a chess game, and you don't want to lose this one." But just six months later, Alexander and the rest of the American intelligence community suffered a devastating defeat when they were surprised by the attacks on 9/11. Following the assault, he ordered his Army intercept operators to begin illegally monitoring the phone calls and email of American citizens who had nothing to do with terrorism, including intimate calls between journalists and their spouses. Congress later gave retroactive immunity to the telecoms that assisted the government.
In 2003, Alexander, a favorite of defense secretary Donald Rumsfeld, was named the Army's deputy chief of staff for intelligence, the service's most senior intelligence position. Among the units under his command were the military intelligence teams involved in the human rights abuses at Baghdad's Abu Ghraib prison. Two years later, Rumsfeld appointed Alexander-now a three-star general-director of the NSA, where he oversaw the illegal, warrantless wiretapping program while deceiving members of the House Intelligence Committee. In a publicly released letter to Alexander shortly after The New York Times exposed the program, US representative Rush Holt, a member of the committee, angrily took him to task for not being forthcoming about the wiretapping: "Your responses make a mockery of congressional oversight."
In short: Emperor Alexander.
Inside the government, the general is regarded with a mixture of respect and fear, not unlike J. Edgar Hoover, another security figure whose tenure spanned multiple presidencies. "We jokingly referred to him as Emperor Alexander-with good cause, because whatever Keith wants, Keith gets," says one former senior CIA official who agreed to speak on condition of anonymity. "We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else."
What happened next in Alexander's career some time in the mid 2000's, was Stuxnet: the story of the crushing virus that nearly destroyed the Iranian nuclear program has been widely documented on these pages and elsewhere, so we won't recount the Wired article's details. However, what was very odd about the Stuxnet attack is that such a brilliantly conceived and delivered virus could ultimately be uncovered and traced back to the NSA and Israel. It was almost too good. Still, what happened after the revelation that Stuxnet could be traced to Fort Meade, is that the middle-east, supposedly, promptly retaliated:
Sure enough, in August 2012 a devastating virus was unleashed on Saudi Aramco, the giant Saudi state-owned energy company. The malware infected 30,000 computers, erasing three-quarters of the company's stored data, destroying everything from documents to email to spreadsheets and leaving in their place an image of a burning American flag, according to The New York Times. Just days later, another large cyberattack hit RasGas, the giant Qatari natural gas company. Then a series of denial-of-service attacks took America's largest financial institutions offline. Experts blamed all of this activity on Iran, which had created its own cyber command in the wake of the US-led attacks. James Clapper, US director of national intelligence, for the first time declared cyberthreats the greatest danger facing the nation, bumping terrorism down to second place. In May, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team issued a vague warning that US energy and infrastructure companies should be on the alert for cyberattacks. It was widely reported that this warning came in response to Iranian cyberprobes of industrial control systems. An Iranian diplomat denied any involvement.
The cat-and-mouse game could escalate. "It's a trajectory," says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. "The general consensus is that a cyber response alone is pretty worthless. And nobody wants a real war." Under international law, Iran may have the right to self-defense when hit with destructive cyberattacks. William Lynn, deputy secretary of defense, laid claim to the prerogative of self-defense when he outlined the Pentagon's cyber operations strategy. "The United States reserves the right," he said, "under the laws of armed conflict, to respond to serious cyberattacks with a proportional and justified military response at the time and place of our choosing." Leon Panetta, the former CIA chief who had helped launch the Stuxnet offensive, would later point to Iran's retaliation as a troubling harbinger. "The collective result of these kinds of attacks could be a cyber Pearl Harbor," he warned in October 2012, toward the end of his tenure as defense secretary, "an attack that would cause physical destruction and the loss of life."
Almost too good... Because what the so-called hacker "retaliations" originating from Iran, China, Russia, etc, led to such laughable outcomes as DDOS attacks against - to unprecedented media fanfare - the portals of such firms as JPMorgan and Wells Fargo, and as Wired adds, "if Stuxnet was the proof of concept, it also proved that one successful cyberattack begets another. For Alexander, this offered the perfect justification for expanding his empire."
The expansion that took place next for Alexander and his men, all of it under the Obama regime, was simply unprecedented (and that it steamrolled right through the "sequester" was perfectly expected):
[D]ominance has long been their watchword. Alexander's Navy calls itself the Information Dominance Corps. In 2007, the then secretary of the Air Force pledged to "dominate cyberspace" just as "today, we dominate air and space." And Alexander's Army warned, "It is in cyberspace that we must use our strategic vision to dominate the information environment." The Army is reportedly treating digital weapons as another form of offensive capability, providing frontline troops with the option of requesting "cyber fire support" from Cyber Command in the same way they request air and artillery support.
All these capabilities require a giant expansion of secret facilities. Thousands of hard-hatted construction workers will soon begin erecting cranes, driving backhoes, and emptying cement trucks as they expand the boundaries of NSA's secret city eastward, increasing its already enormous size by a third. "You could tell that some of the seniors at NSA were truly concerned that cyber was going to engulf them," says a former senior Cyber Command official, "and I think rightfully so."
In May, work began on a $3.2 billion facility housed at Fort Meade in Maryland. Known as Site M, the 227-acre complex includes its own 150-megawatt power substation, 14 administrative buildings, 10 parking garages, and chiller and boiler plants. The server building will have 90,000 square feet of raised floor-handy for supercomputers-yet hold only 50 people. Meanwhile, the 531,000-square-foot operations center will house more than 1,300 people. In all, the buildings will have a footprint of 1.8 million square feet. Even more ambitious plans, known as Phase II and III, are on the drawing board. Stretching over the next 16 years, they would quadruple the footprint to 5.8 million square feet, enough for nearly 60 buildings and 40 parking garages, costing $5.2 billion and accommodating 11,000 more cyberwarriors.
In short, despite the sequestration, layoffs, and furloughs in the federal government, it's a boom time for Alexander. In April, as part of its 2014 budget request, the Pentagon asked Congress for $4.7 billion for increased "cyberspace operations," nearly $1 billion more than the 2013 allocation. At the same time, budgets for the CIA and other intelligence agencies were cut by almost the same amount, $4.4 billion. A portion of the money going to Alexander will be used to create 13 cyberattack teams.
In the New Normal, the CIA is no longer relevant: all that matters are Alexanders' armies of hackers and computer geeks.
But not only has the public espionage sector been unleashed: the private sector is poised to reap a killing (pardon the pun) too...
What's good for Alexander is good for the fortunes of the cyber-industrial complex, a burgeoning sector made up of many of the same defense contractors who grew rich supplying the wars in Iraq and Afghanistan. With those conflicts now mostly in the rearview mirror, they are looking to Alexander as a kind of savior. After all, the US spends about $30 billion annually on cybersecurity goods and services.
In the past few years, the contractors have embarked on their own cyber building binge parallel to the construction boom at Fort Meade: General Dynamics opened a 28,000-square-foot facility near the NSA; SAIC cut the ribbon on its new seven-story Cyber Innovation Center; the giant CSC unveiled its Virtual Cyber Security Center. And at consulting firm Booz Allen Hamilton, where former NSA director Mike McConnell was hired to lead the cyber effort, the company announced a "cyber-solutions network" that linked together nine cyber-focused facilities. Not to be outdone, Boeing built a new Cyber Engagement Center. Leaving nothing to chance, it also hired retired Army major general Barbara Fast, an old friend of Alexander's, to run the operation. (She has since moved on.)
Defense contractors have been eager to prove that they understand Alexander's worldview. "Our Raytheon cyberwarriors play offense and defense," says one help-wanted site. Consulting and engineering firms such as Invertix and Parsons are among dozens posting online want ads for "computer network exploitation specialists." And many other companies, some unidentified, are seeking computer and network attackers. "Firm is seeking computer network attack specialists for long-term government contract in King George County, VA," one recent ad read. Another, from Sunera, a Tampa, Florida, company, said it was hunting for "attack and penetration consultants."
It gets better: all those anti-virus programs you have on computer to "make it safe" from backdoors and trojans? Guess what - they are the backdoors and trojans!
One of the most secretive of these contractors is Endgame Systems, a startup backed by VCs including Kleiner Perkins Caufield & Byers, Bessemer Venture Partners, and Paladin Capital Group. Established in Atlanta in 2008, Endgame is transparently antitransparent. "We've been very careful not to have a public face on our company," former vice president John M. Farrell wrote to a business associate in an email that appeared in a WikiLeaks dump. "We don't ever want to see our name in a press release," added founder Christopher Rouland. True to form, the company declined Wired's interview requests.
Perhaps for good reason: According to news reports, Endgame is developing ways to break into Internet-connected devices through chinks in their antivirus armor. Like safecrackers listening to the click of tumblers through a stethoscope, the "vulnerability researchers" use an extensive array of digital tools to search for hidden weaknesses in commonly used programs and systems, such as Windows and Internet Explorer. And since no one else has ever discovered these unseen cracks, the manufacturers have never developed patches for them.
Thus, in the parlance of the trade, these vulnerabilities are known as "zero-day exploits," because it has been zero days since they have been uncovered and fixed. They are the Achilles' heel of the security business, says a former senior intelligence official involved with cyberwarfare. Those seeking to break into networks and computers are willing to pay millions of dollars to obtain them.
Such as the US government. But if you thought PRISM was bad you ain't seen nuthin' yet. Because tying it all together is Endgame's appropriately named "Bonesaw" - what it is is practically The Matrix transplanted into the real cyber world.
According to Defense News' C4ISR Journal and Bloomberg Businessweek, Endgame also offers its intelligence clients-agencies like Cyber Command, the NSA, the CIA, and British intelligence-a unique map showing them exactly where their targets are located. Dubbed Bonesaw, the map displays the geolocation and digital address of basically every device connected to the Internet around the world, providing what's called network situational awareness. The client locates a region on the password-protected web-based map, then picks a country and city- say, Beijing, China. Next the client types in the name of the target organization, such as the Ministry of Public Security's No. 3 Research Institute, which is responsible for computer security-or simply enters its address, 6 Zhengyi Road. The map will then display what software is running on the computers inside the facility, what types of malware some may contain, and a menu of custom-designed exploits that can be used to secretly gain entry. It can also pinpoint those devices infected with malware, such as the Conficker worm, as well as networks turned into botnets and zombies- the equivalent of a back door left open.
Bonesaw also contains targeting data on US allies, and it is soon to be upgraded with a new version codenamed Velocity, according to C4ISR Journal. It will allow Endgame's clients to observe in real time as hardware and software connected to the Internet around the world is added, removed, or changed.
More on Bonesaw:
Marketing documents say "the Bonesaw platform provides a complete environment for intelligence analysts and mission planners to take a holistic approach to target discovery, reducing the time to create actionable intelligence and operational plans from days to minutes."
"Bonesaw is the ability to map, basically every device connected to the Internet and what hardware and software it is," says a company official who requested anonymity. The official points out that the firm doesn't launch offensive cyber ops, it just helps.
Back to Wired:
[S]uch access doesn't come cheap. One leaked report indicated that annual subscriptions could run as high as $2.5 million for 25 zero-day exploits.
That's ok though, the US government is happy to collect taxpayer money so it can pay these venture capital-backed private firms for the best in espionage technology, allowing it to reach, hack and manipulate every computer system foreign. And domestic.
How ironic: US citizens are funding Big Brother's own unprecedented spying program against themselves!
Not only that, but by allowing the NSA to develop and utilize technology that is leaps ahead of everyone else - utilize it against the US citizens themselves - America is now effectively war against itself... Not to mention every other foreign country that is a intelligence interest:
The buying and using of such a subscription by nation-states could be seen as an act of war. "If you are engaged in reconnaissance on an adversary's systems, you are laying the electronic battlefield and preparing to use it," wrote Mike Jacobs, a former NSA director for information assurance, in a McAfee report on cyberwarfare. "In my opinion, these activities constitute acts of war, or at least a prelude to future acts of war." The question is, who else is on the secretive company's client list? Because there is as of yet no oversight or regulation of the cyberweapons trade, companies in the cyber-industrial complex are free to sell to whomever they wish. "It should be illegal," says the former senior intelligence official involved in cyberwarfare. "I knew about Endgame when I was in intelligence. The intelligence community didn't like it, but they're the largest consumer of that business."
And there you have it: US corporations happily cooperating with the US government's own espionage services, however since the only thing that matters in the private sector is the bottom line, the Endgames of the world will gladly sell the same ultra-secret services to everyone else who is willing to pay top dollar: China, Russia, Iran...
in their willingness to pay top dollar for more and better zero-day exploits, the spy agencies are helping drive a lucrative, dangerous, and unregulated cyber arms race, one that has developed its own gray and black markets. The companies trading in this arena can sell their wares to the highest bidder-be they frontmen for criminal hacking groups or terrorist organizations or countries that bankroll terrorists, such as Iran. Ironically, having helped create the market in zero-day exploits and then having launched the world into the era of cyberwar, Alexander now says the possibility of zero-day exploits falling into the wrong hands is his "greatest worry."
Does Alexander have reason to be worried? Oh yes.
In May, Alexander discovered that four months earlier someone, or some group or nation, had secretly hacked into a restricted US government database known as the National Inventory of Dams. Maintained by the Army Corps of Engineers, it lists the vulnerabilities for the nation's dams, including an estimate of the number of people who might be killed should one of them fail. Meanwhile, the 2013 "Report Card for America's Infrastructure" gave the US a D on its maintenance of dams. There are 13,991 dams in the US that are classified as high-hazard, the report said. A high-hazard dam is defined as one whose failure would cause loss of life. "That's our concern about what's coming in cyberspace-a destructive element. It is a question of time," Alexander said in a talk to a group involved in information operations and cyberwarfare, noting that estimates put the time frame of an attack within two to five years. He made his comments in September 2011.
In other words, this massive cyberattack against the US predicted by "Emperor" Alexander, an attack in which as Alexander himself has said cyberweapons represent the 21st century equivalent of nuclear arms (and require in kind retaliation) whether false flag or real, is due... some time right around now.
Mar 20 2013 | Ars Technica
"TeamSpy" used digitally signed TeamViewer remote access tool to spy on victims.
Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.
TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as "secret" from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab.
Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed "Hungarian high-profile governmental victim."
Malware used in the attacks indicates that those responsible may have operated for years and may have also targeted figures in a variety of countries throughout the world. Adding intrigue to the discovery, techniques used in the attacks bear a striking resemblance to an online banking fraud ring known as Sheldon, and a separate analysis from researchers at Kaspersky Lab found similarities to the Red October espionage campaign that the Russia-based security firm discovered earlier this year.
"Most likely the same attackers are behind the attacks that span for the last 10 years, as there are clear connections between samples used in different years and campaigns," CrySyS researchers wrote in their report. "Interestingly, the attacks began to gain new momentum in the second half of 2012."
They added: "The attackers surely aim for important targets. This conclusion comes from a number of different facts, including victim IPs, known activities on some targets, traceroute for probably high-profile targets, file names used in information stealing activities, strange paramilitary language of some structures, etc."
The attackers relied on a variety of methods, including the use of a digitally signed version of TeamViewer that has been modified through a technique known as "DLL hijacking" to spy on targets in real-time. Installation of the compromised program also provides attackers with a backdoor to install updates and additional malware. Both the TeamViewer technique and command servers used in the attack harken back to Sheldon. The TeamSpy operation also relies on more traditional malware tools that were custom-built for the purpose of espionage or bank fraud.
According to Kaspersky, the operators infected their victims through a series of "watering hole" attacks that plant malware on websites frequented by the intended victims. When the targets visit the booby-trapped sites, they also become infected. The attackers also injected malware into advertising networks to blanket entire regions. In many cases, much of that attack code used to infect victims was spawned from the Eleonore exploit kit. Domains used to host command and control servers that communicated with infected machines included politnews.org, bannetwork.org, planetanews.org, bulbanews.org, and r2bnetwork.org.
The discovery of TeamSpy is only the latest to reveal an international operation that uses malware to siphon sensitive data from high-profile targets. The most well-known campaign was dubbed Flame. Other surveillance campaigns include Gauss and Duqu, all three of which are believed to have been supported by a well-resourced nation-state. Last year, researchers also uncovered an espionage campaign dubbed Mahdi.
Slashdot
Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe. TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as 'secret' from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed 'Hungarian high-profile governmental victim.'
erroneus
Suspiscious based on what criteria?
We aren't allowed to use open source and so we have to "trust" every 'signed binary' which executives and leaders want to use. If we could use open source, we could at least read the source and even compile it to ensure the source we read was the binary which was compiled.
When the malware doesn't do "harm" to anything, the sympoms of malware are non-existant. No pop-up ads, no unusual crashing (see note about being unable to use open source... the 'other' operaitng system crashes often enough for inexplicable reasons that no one suspects malware as the cause any longer) and when a commonly used utility program which performs remote access is used, how can it be detected as malware?
Arguably, that it was proprietary and commercial software which was exploited is pretty disturbing. But at the same time, that software makers (and other device and product makers, and service providers too) frequently enter into deals with government to spy on people is unfortunately very common. That the "white-hat" (heh, I accidentally typed "white-hate"... apropos?) nation called the USA has compromised global communications with Echelon and more recently with the much celebrated NSA wiretapping, does not help matters.
I think no one appreciates the value of trust. Once it's lost, it's lost. What amount of trust in government... any government... may have existed, it is gone for most of us.
The unenlightened? Well... they still watch MSM (mainstream media, I have come to know these initials). What hope have they against that?
Anonymous Coward
Re:A strong push for open source in government (Score:1)
I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see
Bullshit. Open or closed source has no direct bearing on the ability of an attacker to infect a binary. Open source provides more eyes on a given bug or problem, but once compiled and running its the exact same problem.
The article mentions use of a modified signed binary. So tell me how open source is going to remedy that? Unless you're recompiling from scratch (your entire tool chain, plus dependencies) on each launch, you're just as fucked as the next guy. Are you going to checksum the binary in memory each time a method is called? Are you going to encrypt/decrypt on each call? What's to stop an attacker from modifying your checksum code in the same manner as CD checks on games are trivially broken?
The only thing open source is really going to do for you is ensure that if you compile from source, the attack didn't originate from that source. So what?
Anonymous Coward
The fact it's open source IS (or can be) the pathway. If it's a small piece of software that does a specific function that's not of use to many people, your million eyeballs shrink rapidly. And what you're left with (IMO) is a handful of eyeballs thinking "I don't have the time/skills for this, it's open source, I'm sure someone will have looked over it" while no one actually does.
Or someone auditing the code but not the stuff around it, or maybe the code as distributed is clean and will compile into a clean and functioning binary, but the scripts around it actually add some malicious steps if certain criteria are met.
Open source isn't a magic bullet.
February 13, 2013 | MIT Technology Review
The U.S. government is developing new computer weapons and driving a black market in "zero-day" bugs. The result could be a more dangerous Web for everyone.
Every summer, computer security experts get together in Las Vegas for Black Hat and DEFCON, conferences that have earned notoriety for presentations demonstrating critical security holes discovered in widely used software. But while the conferences continue to draw big crowds, regular attendees say the bugs unveiled haven't been quite so dramatic in recent years.
One reason is that a freshly discovered weakness in a popular piece of software, known in the trade as a "zero-day" vulnerability, can be cashed in for much more than a reputation boost and some free drinks at the bar. Information about such flaws can command prices in the hundreds of thousands of dollars from defense contractors, security agencies and governments.
This trade in zero-day exploits is poorly documented, but it is perhaps the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget, reshape international relations, and perhaps make the Web less safe for everyone.
Zero-day exploits are valuable because they can be used to sneak software onto a computer system without detection by conventional computer security measures, such as antivirus packages or firewalls. Criminals might do that to intercept credit card numbers. An intelligence agency or military force might steal diplomatic communications or even shut down a power plant.
It became clear that this type of assault would define a new era in warfare in 2010, when security researchers discovered a piece of malicious software, or malware, known as Stuxnet. Now widely believed to have been a project of U.S. and Israeli intelligence (U.S. officials have yet to publicly acknowledge a role but have done so anonymously to the New York Times and NPR), Stuxnet was carefully designed to infect multiple systems needed to access and control industrial equipment used in Iran's nuclear program. The payload was clearly the work of a group with access to government-scale resources and intelligence, but it was made possible by four zero-day exploits for Windows that allowed it to silently infect target computers. That so many precious zero-days were used at once was just one of Stuxnet's many striking features.
Since then, more Stuxnet-like malware has been uncovered, and it's involved even more complex techniques (see "The Antivirus Era Is Over"). It is likely that even more have been deployed but escaped public notice. Meanwhile, governments and companies in the United States and around the world have begun paying more and more for the exploits needed to make such weapons work, says Christopher Soghoian, a principal technologist at the American Civil Liberties Union.
"On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices," says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects' computers or mobile phones.
Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop computers, mobile systems are rarely updated. Apple sends updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a long time. Sometimes the discoverer of a zero day vulnerability receives a monthly payment as long as a flaw remains undiscovered. "As long as Apple or Microsoft has not fixed it you get paid," says Soghioan.
No law directly regulates the sale of zero-days in the United States or elsewhere, so some traders pursue it quite openly. A Bangkok-based security researcher who goes by the name The Grugq tweets about acting as a middleman and has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and western Europe. In an argument on Twitter last month, he denied that his business is equivalent to arms dealing, as critics within and outside the computer security community have charged. "An exploit is a component of a toolchain," he tweeted. "The team that produces & maintains the toolchain is the weapon."
Some small companies are similarly up-front about their involvement in the trade. The French security company VUPEN states on its website that it
"provides government-grade exploits specifically designed for the Intelligence community and national security agencies to help them achieve their offensive cyber security and lawful intercept missions."
Last year, employees of the company publicly demonstrated a zero-day flaw that compromised Google's Chrome browser, but they turned down Google's offer of a $60,000 reward if they would share how it worked. What happened to the exploit is unknown.
No U.S. government agency has gone on the record as saying that it buys zero-days. But U.S. defense agencies and companies have begun to publicly acknowledge that they intend to launch as well as defend against cyberattacks, a stance that will require new ways to penetrate enemy computers.
General Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, told a symposium in Washington last October that the United States is prepared to do more than just block computer attacks. "Part of our defense has to consider offensive measures," he said, making him one of the most senior officials to admit that the government will make use of malware. Earlier in 2012 the U.S. Air Force invited proposals for developing "Cyberspace Warfare Attack capabilities" that could "destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage." And in November, Regina Dugan, the head of the Defense Advanced Research Projects Agency, delivered another clear signal about the direction U.S. defense technology is heading. "In the coming years we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs," she said, announcing that the agency expected to expand cyber-security research from 8 percent of its budget to 12 percent.
Defense analysts say one reason for the shift is that talking about offense introduces an element of deterrence, an established strategy for nuclear and conventional conflicts. Up to now, U.S. politicians and defense chiefs have talked mostly about the country's vulnerability to digital attacks. Last fall, for example, Defense Secretary Leon Panetta warned frankly that U.S. infrastructure was being targeted by overseas attackers and that a "digital Pearl Harbor" could result (see "U.S. Power Grids, Water Plants a Hacking Target").
Major defense contractors are less forthcoming about their role in making software to attack enemies of the U.S. government, but they are evidently rushing to embrace the opportunity. "It's a growing area of the defense business at the same time that the rest of the defense business is shrinking," says Peter Singer, director of the 21st Century Defense Initiative at the Brookings Institution, a Washington think tank. "They've identified two growth areas: drones and cyber."
Large contractors are hiring many people with computer security skills, and some job openings make it clear there are opportunities to play more than just defense. Last year, Northrop Grumman posted ads seeking people to "plan, execute and assess an Offensive Cyberspace Operation (OCO) mission," and many current positions at Northrop ask for "hands-on experience of offensive cyber operations." Raytheon prefaces its ads for security-related jobs with language designed to appeal to stereotypical computer hackers: "Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our Nerf collection dwarfs that of most toy stores. Our research and development projects cover the spectrum of offensive and defensive security technologies."
The new focus of America's military and defense contractors may concern some taxpayers. As more public dollars are spent researching new ways to attack computer systems, some of that money will go to people like The Grugq to discover fresh zero-day vulnerabilities. And an escalating cycle of competition between U.S and overseas government agencies and contractors could make the world more dangerous for computer users everywhere.
"Every country makes weapons: unfortunately, cyberspace is like that too," says Sujeet Shenoi, who leads the U.S.-government-sponsored Cyber Corps Program at the University of Tulsa. His program trains students for government jobs defending against attacks, but he fears that defense contractors, also eager to recruit these students, are pushing the idea of offense too hard. Developing powerful malware introduces the dangerous temptation to use it, says Shenoi, who fears the consequences of active strikes against infrastructure. "I think maybe the civilian courts ought to get together and bar these kinds of attacks," he says.
The ease with which perpetrators of a computer attack can hide their tracks also raises the risk that such weapons will be used, Shenoi points out. Worse, even if an attack using malware is unsuccessful, there's a strong chance that a copy will remain somewhere on the victim's system-by accident or design-or accidentally find its way onto computer systems not targeted at all, as Stuxnet did. Some security firms have already identified criminal malware that uses methods first seen in Stuxnet (see "Stuxnet Tricks Copied by Criminals").
"The parallel is dropping the atomic bomb but also leaflets with the design of it," says Singer. He estimates that around 100 countries already have cyber-war units of some kind, and around 20 have formidable capabilities: "There's a lot of people playing this game."
Computerworld
Three years ago, when electric grid operators were starting to talk about the need to protect critical infrastructure from cyberattacks, few utilities had even hired a chief information security officer.
Then came Stuxnet.
In 2010, that malware, widely reported to have been created by the U.S. and Israel, reportedly destroyed 1,000 centrifuges that Iran was using to enrich uranium after taking over the computerized systems that operated the centrifuges.
Gen. Michael Hayden, principal at security consultancy The Chertoff Group, was director of the National Security Agency, and then the CIA, during the years leading up to the event. "I have to be careful about this," he says,
"but in a time of peace, someone deployed a cyberweapon to destroy what another nation would describe as its critical infrastructure."
In taking this step, the perpetrator not only demonstrated that control systems are vulnerable, but also legitimized this kind of activity by a nation-state, he says.
The attack rattled the industry. "Stuxnet was a game-changer because it opened people's eyes to the fact that a cyber event can actually result in physical damage," says Mark Weatherford, deputy undersecretary for cybersecurity in the National Protection Programs Directorate at the U.S. Department of Homeland Security.
In another development that raised awareness of the threat of cyberwar, the U.S. government in October accused Iran of launching distributed denial-of-service (DDoS) attacks against U.S. financial institutions. In a speech intended to build support for stalled legislation known as the Cybersecurity Act that would enable greater information sharing and improved cybersecurity standards, Defense Secretary Leon Panetta warned that the nation faced the possibility of a "cyber Pearl Harbor" unless action was taken to better protect critical infrastructure.
"Awareness of the problem has been the biggest change" since the release of Stuxnet, says Tim Roxey, chief cybersecurity officer for the North American Electric Reliability Corp. (NERC), a trade group serving electrical grid operators. He noted that job titles such as CISO and cybersecurity officer are much more common than they once were, new cybersecurity standards are now under development, and there's a greater emphasis on information sharing, both within the industry and with the DHS through sector-specific Information Sharing and Analysis Centers. (Read our timeline of critical infrastructure attacks over the years.)
On the other hand, cybersecurity is still not among the top five reliability concerns for most utilities, according to John Pescatore, an analyst at Gartner. Says Roxey: "It's clearly in the top 10." But then, so is vegetation management.
Compounding the challenge is the fact that regulated utilities tend to have tight budgets. That's a big problem, says Paul Kurtz, managing director of international practice at security engineering company CyberPoint International and former senior director for critical infrastructure protection at the White House's Homeland Security Council. "We're not offering cost-effective, measurable solutions," he says. "How do you do this without hemorrhaging cash?"
Should the U.S. Strike Back?
Most best practices on dealing with cyberattacks on critical infrastructure focus on defense: patching vulnerabilities and managing risk. But should the U.S. conduct preemptive strikes against suspected attackers -- or at least hit back?
Gen. Michael Hayden, principal at security consultancy The Chertoff Group, and former director of the NSA and the CIA, says the cybersecurity problem can be understood through the classic risk equation: Risk (R) = threat (T) x vulnerability (V) x consequences (C). "If I can drive any factor down to zero, the risk goes down to zero," he says. So far, most efforts have focused on reducing V, and there's been a shift toward C, with the goal of determining how to rapidly detect an attack, contain the damage and stay online. "But we are only now beginning to wonder, how do I push T down? How do I reduce the threat?" Hayden says. "Do I shoot back?"
The DOD is contemplating the merits of "cross-domain" responses, says James Lewis, senior fellow at the Center for Strategic and International Studies. "We might respond with a missile. That increases the uncertainty for opponents."
Ultimately, countries that launch such attacks will pay a price, says Howard Schmidt, former cybersecurity coordinator and special assistant to the president. --[Does this possibility includes the USA and Israel? -- NNB] The U.S. response could involve economic sanctions -- or it could involve the use of military power.
Falling Behind
Most experts agree that critical infrastructure providers have a long way to go. Melissa Hathaway, president of Hathaway Global Strategies, was the Obama administration's acting senior director for cyberspace in 2009. That year, she issued a Cyberspace Policy Review report that included recommendations for better protecting critical infrastructure, but there hasn't been much movement toward implementing those recommendations, she says. A draft National Cyber Incident Response plan has been published, but a national-level exercise, conducted in June, showed that the plan was insufficient to protect critical infrastructure.
"A lot of critical infrastructure is not even protected from basic hacking. I don't think the industry has done enough to address the risk, and they're looking for the government to somehow offset their costs," Hathaway says. There is, however, a broad recognition that critical infrastructure is vulnerable and that something needs to be done about it.
The Department of Defense has a direct stake in the security of the country's critical infrastructure because the military depends on it. "The Defense Science Board Task Force did a review of DOD reliance on critical infrastructure and found that an astute opponent could attack and harm the DOD's capabilities," says James Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies.
At a forum in July, NSA Director Gen. Keith Alexander was asked to rate the state of U.S. preparedness for an attack on critical infrastructure on a scale of 1 to 10. He responded, "I would say around a 3." The reasons include the inability to rapidly detect and respond to attacks, a lack of cybersecurity standards and a general unwillingness by both private companies and government agencies to share detailed information about threats and attacks. The DOD and intelligence agencies don't share information because they tend to overclassify it, says Hayden. And critical infrastructure providers prefer to keep things to themselves because they don't want to expose customer data and they're concerned about the liability issues that could arise and the damage their reputations could suffer if news of an attack were widely reported.
"The rules of the game are a little fuzzy on what you can and cannot share," says Edward Amoroso, chief security officer and a senior vice president at AT&T, noting that his biggest concern is the threat of a large-scale DDoS attack that could take down the Internet's backbone. "I need attorneys, and I need to exercise real care when interacting with the government," he says.
In some cases, critical infrastructure providers are damned if they do share information and damned if they don't. "If the government provides a signature to us, some policy observers would say that we're operating on behalf of that government agency," he says. All parties agree that, in a crisis, everyone should be able to share information in real time. "But talk to five different people and you'll get five different opinions about what is OK," says Amoroso. Unfortunately, government policy initiatives intended to resolve the issue, such as the Cybersecurity Act, have failed to move forward.
"It was disappointing for us that this nonpartisan issue became so contentious," says Weatherford. The lack of progress by policymakers is a problem for the DHS and the effectiveness of its National Cybersecurity and Communications Integration Center (NCCIC). The center, which is open around the clock, was designed to be the nexus for information sharing between private-sector critical infrastructure providers -- and the one place to call when there's a problem. "I want NCCIC to be the '911' of cybersecurity," he says. "We may not have all the answers or all the right people, but we know where they are."
Meanwhile, both the number of attacks and their level of sophistication have been on the rise. Richard Bejtlich, chief security officer at security consultancy Mandiant, says electric utilities and other businesses are under constant assault by foreign governments. "We estimate that 30% to 40% of the Fortune 500 have an active Chinese or Russian intrusion problem right now," he says. However, he adds, "I think the threat in that area is exaggerated," because the goal of such attacks is to steal intellectual property, not destroy infrastructure. (Read our timeline of critical infrastructure attacks over the years.)
Others disagree. "We've seen a new expertise developing around industrial control systems. We're seeing a ton of people and groups committed to the very technical aspects of these systems," says Howard Schmidt, who served as cybersecurity coordinator and special assistant to the president until last May and is now an independent consultant.
"People are too quick to dismiss the link between intellectual property loss through cyber intrusions and attacks against infrastructure," says Kurtz. "Spear phishing events can lead to the exfiltration of intellectual property, and that can have a spillover effect into critical infrastructure control system environments."
Hacking on the Rise
Cyberattackers fall into three primary categories: criminal organizations interested in stealing for monetary gain, hacktivists bent on furthering their own agendas, and foreign governments, or their agents, aiming to steal information or lay the groundwork for later attacks.
The Chinese are the most persistent, with several tiers of groups participating, says Richard Bejtlich, chief security officer at security consultancy Mandiant. Below official state-sponsored attacks are breaches by state militias, quasi-military and quasi-government organizations, and what he calls "patriotic hackers."
"It's almost a career path," says Bejtlich.
There's disagreement on which groups are the most sophisticated or dangerous, but that's not what matters. What matters is that the universe of attackers is expanding and they have ready access to an ever-growing wealth of knowledge about hacking, along with black hat tools helpful in launching attacks. "Over the next five years, low-level actors will get more sophisticated and the Internet [will expand] into areas of the Third World where the rule of law is weaker," says Gen. Michael Hayden, principal at security consultancy The Chertoff Group. "The part of the world responsible for criminal groups such as the Somali pirates is going to get wired."
Spear phishing attacks, sometimes called advanced targeted threats or advanced persistent threats, are efforts to break into an organization's systems by targeting specific people and trying, for example, to get them to open infected email messages that look like they were sent by friends. Such attacks have been particularly difficult to defend against.
Then there's the issue of zero-day attacks. While software and systems vendors have released thousands of vulnerability patches over the past 10 years, Amoroso says, "I wouldn't be surprised if there are thousands of zero-day vulnerabilities that go unreported." And while hacktivists may brag about uncovering vulnerabilities, criminal organizations and foreign governments prefer to keep that information to themselves. "The nation-state-sponsored attack includes not only the intellectual property piece but the ability to pre-position something when you want to be disruptive during a conflict," Schmidt says.
Usually in espionage it's much easier to steal intelligence than it is to do physical harm. That's not true in the cyber domain, says Hayden. "If you penetrate a network for espionage purposes, you've already got everything you'll want for destruction," he says.
On the other hand, while it's impossible for a private company to defend itself from physical warfare, that's not true when it comes to cyberattacks. Every attack exploits a weakness. "By closing that vulnerability, you stop the teenage kid, the criminal and the cyberwarrior," says Pescatore.
Control Anxiety
Computerized control systems are a potential problem area because the same systems are in use across many different types of critical infrastructure. "Where you used to turn dials or throw a switch, all of that is done electronically now," Schmidt says.
In addition, many industrial control systems that used to be "air-gapped" from the Internet are now connected to corporate networks for business reasons. "We've seen spreadsheets with thousands of control system components that are directly connected to the Internet. Some of those components contain known vulnerabilities that are readily exploitable without much sophistication," says Marty Edwards, director of control systems security at the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the DHS. The organization, with a staff that's grown tenfold to 400 in the past four years, offers control system security standards, shares threat data with critical infrastructure providers and has a rapid response team of "cyberninjas," high-level control systems engineers and cybersecurity analysts who can be deployed at a moment's notice.
Last year, ICS-CERT issued 5,200 alerts and advisories to private industry and government. "[Edwards] had teams fly out seven times last year to help businesses respond to events that either took them offline or severely impacted operations," says Weatherford, who declined to provide details on the nature of those events.
Control systems also suffer from another major weakness: They're usually relatively old and can't easily be patched. "A lot of them were never designed to operate in a network environment, and they aren't designed to take upgrades," Schmidt says. "Its firmware is soldered onto the device, and the only way to fix it is to replace it." Since the systems were designed to last 10 to 20 years, organizations need to build protections around them until they can be replaced. In other cases, updates can be made, but operators have to wait for the service providers who maintain the equipment to do the patching.
So where should the industry go from here?
The place to start is with better standards and best practices, real-time detection and containment, and faster and more detailed information sharing both among critical infrastructure providers and with all branches of government.
Telecoms Deal With Escalating DDoS Threat
Electric grid operators worry about compromised computerized industrial control systems taking them offline. Telecommunications companies worry that a large-scale distributed denial-of-service (DDoS) attack will take out another type of critical infrastructure: the Internet.
Until 2009 or so, AT&T might have seen one major DDoS attack a year, says Edward Amoroso, chief security officer and a senior vice president at the telecommunications giant. Today, Tier 1 Internet service providers find themselves fending off a few dozen attacks at any given moment. "It used to be two guys bailing out the ship. Now we have 40, 50 or 60 people dumping the water out all the time," he says. In fact, attacks have been scaling up to the point where Amoroso says he worries they could potentially flood backbone networks, taking portions of the Internet offline.
It would take just 64,000 PCs infected with a virus similar to Conficker to spew out about 10Gbps of traffic, he says. "Multiply that by four, and you've got 40Gbps, which is the size of most backbones," says Amoroso.
AT&T hasn't yet seen an attack generate enough traffic to flood a backbone, but it may just be a matter of time. "So far no one has pushed that button," he says. "But we need to be prepared."
Telecommunications providers must constantly scramble and innovate to keep ahead. They devise new defense techniques, then those techniques become popular and adversaries figure out new ways to defeat them. "We're going to have to change the mechanisms we now use to stop DDoS [attacks]," he says.
While some progress has been made with standards at both the DHS and industry groups such as the NERC, some argue that government procurement policy could be used to drive higher security standards from manufacturers of hardware and software used to operate critical infrastructure. Today, no such policy exists across all government agencies.
"Government would be better off using its buying power to drive higher levels of security than trying to legislate higher levels of security," argues Pescatore. But the federal government doesn't require suppliers to meet a consistent set of security standards across all agencies.
Even basic changes in contract terms would help, says Schmidt. "There's a belief held by me and others in the West Wing that there's nothing to preclude one from writing a contract today that says if you are providing IT services to the government you must have state-of-the-art cybersecurity protections in place. You must have mechanisms in place to notify the government of any intrusions, and you must have the ability to disconnect networks," he says.
But government procurement policy's influence on standards can go only so far. "The government isn't buying turbines" and control systems for critical infrastructure, says Lewis.
When it comes to shutting down attacks, faster reaction times are key, says Bejtlich. "Attackers are always going to find a way in, so you need to have skilled people who can conduct rapid and accurate detection and containment," he says. For high-end threats, he adds, that's the only effective countermeasure. Analysts need high visibility into the host systems, Bejtlich says, and the network and containment should be achieved within one hour of intrusion.
Opening the Kimono
Perhaps the toughest challenge will be creating the policies and fostering the trust required to encourage government and private industry to share what they know more openly. The government not only needs to pass legislation that provides the incentives and protections that critical infrastructure businesses need to share information on cyberthreats, but it also needs to push the law enforcement, military and intelligence communities to open up. For example, if the DOD is planning a cyberattack abroad against a type of critical infrastructure that's also used in the U.S., should information on the weakness being exploited be shared with U.S. companies so they can defend against counterattacks?
"There is a need for American industry to be plugged into some of the most secretive elements of the U.S. government -- people who can advise them in a realistic way of what it is that they need to be concerned about," says Hayden. Risks must be taken on both sides so everyone has a consistent view of the threats and what's going on out there.
One way to do that is to share some classified information with selected representatives from private industry. The House of Representatives recently passed an intelligence bill, the Cyber Intelligence Sharing and Protection Act, which would give security clearance to officials of critical industry operators. But the bill has been widely criticized by privacy groups, which say it's too broad. Given the current political climate, Hayden says he expects the bill to die in the Senate.
Information sharing helps, and standards form a baseline for protection, but ultimately, every critical infrastructure provider must customize and differentiate its security strategy, Amoroso says. "Right now, every business has exactly the same cybersecurity defense, usually dictated by some auditor," he says. But as in football, you can't win using just the standard defense. A good offense will find a way around it. "You've got to mix it up," Amoroso says. "You don't tell the other guys what you're doing."
Google matched content |
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: February, 03, 2021