Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

May 28 2013

17:45

Chinese Hackers Steal Plans To Dozens Of U.S. Weapons Systems

The cheapest weapons program? Looting another nation's R&D.

Chinese hackers have compromised designs for more than two dozen U.S. military weapons and technology programs, according to the confidential section of a Pentagon report on cyber security obtained by the Washington Post. These programs include the F-35 Joint Strike Fighter, the Littoral Combat Ship, and a really awesome laser, among others. Combined, these represent decades of research and billions of dollars in development costs.

The list of compromised system designs and technologies comes from the nonpublic version of a Pentagon military and cyber security report. The Department of Defense released the public version of the report in January.

More stolen tech on the list: the vertical takeoff and landing V-22 Osprey, which spent decades in development. Drones (including the Global Hawk), armor, missiles, and torpedoes were also among the compromised systems. Some list items are sweeping categories—"electronic warfare" refers to multiple technologies and an entire doctrine of shutting down electronic communication and functionality in war.

Because the list of compromised systems is so long, and because "compromised" is a maddeningly imprecise term for looking at what exactly the hackers were able to glean from the system, security implications from the espionage are vague. But three things are certain: Any data on a weapon helps a researcher figure out how to counter it. It is far easier and cheaper to develop new technologies when piggy-backing on decades of expensive work. And a breach of this breadth and depth is profoundly troubling for American cybersecurity assets.

    


August 29 2012

18:05

The U.S. Air Force is Officially Seeking Cyber Weapons

Look, we all know the Pentagon is seeking cyber weapons. For defensive purposes only, of course, not for playing dirty cyber tricks on enemies of the state (Stuxnet, anyone?). But it's a bit strange when the military does it so openly. For instance, when it submits a request into the public domain saying “please build us cyber weapons.” Which is what the Air Force just did.

In a recent broad agency announcement--a public document issued by any agency usually requesting something from the private sector or notifying the world at large that there are contracts up for grabs--the Air Force Life Cycle Management Center (AFLCMC) called on contractors to submit proposals for specific “cyberspace warfare operations” (CWO) capabilities, including “cyberspace warfare attack.” It doesn’t get much more explicit than that.

More specifically, the BAA outlines “cyberspace warfare attack” as those capabilities that would allow the Air Force to “destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries ability to use the cyberspace domain for his advantage,” Threatpost reports. It also requests “cyberspace warfare support” capabilities, which are basically the means to intercept enemy cyber attacks, open doors to their networks, and otherwise locate both sources of access and sensitive areas within enemy networks that are ripe for attack.

Let us not forget that this is the air wing of the same Department of Defense that declared acts of cyberwarfare to be considered equivalent to acts of regular war, and thus subject to all the same retaliations, including real-world kinetic strikes. More at Threatpost.

[Threatpost]



18:05

The U.S. Air Force is Officially Seeking Cyber Weapons

USAF Electronic Warfare Simulation USAF

Look, we all know the Pentagon is seeking cyber weapons. For defensive purposes only, of course, not for playing dirty cyber tricks on enemies of the state (Stuxnet, anyone?). But it's a bit strange when the military does it so openly. For instance, when it submits a request into the public domain saying "please build us cyber weapons." Which is what the Air Force just did.

In a recent broad agency announcement--a public document issued by any agency usually requesting something from the private sector or notifying the world at large that there are contracts up for grabs--the Air Force Life Cycle Management Center (AFLCMC) called on contractors to submit proposals for specific "cyberspace warfare operations" (CWO) capabilities, including "cyberspace warfare attack." It doesn't get much more explicit than that.

More specifically, the BAA outlines "cyberspace warfare attack" as those capabilities that would allow the Air Force to "destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries ability to use the cyberspace domain for his advantage," Threatpost reports. It also requests "cyberspace warfare support" capabilities, which are basically the means to intercept enemy cyber attacks, open doors to their networks, and otherwise locate both sources of access and sensitive areas within enemy networks that are ripe for attack.

Let us not forget that this is the air wing of the same Department of Defense that declared acts of cyberwarfare to be considered equivalent to acts of regular war, and thus subject to all the same retaliations, including real-world kinetic strikes. More at Threatpost.

[Threatpost]



November 10 2011

18:54

Operation Ghost Click, the Biggest Cyber-Bust Ever, Shuts Down Estonian Bot Ring

International raid shuts down a $14 million botnet

In an international cyber sting that is being called the biggest cyber criminal takedown in history, the FBI has arrested six Estonians accused of running a botnet that controlled more than 4 million computers in 100 countries (keep in mind there are only about 200 countries in the world). But as nefarious and far-reaching as that sounds, the scheme itself brings the story to something of an anti-climax. The botnet was simply diverting browsers to sites that served up advertising and then collecting referral fees.

That’s a bit less invasive than, for instance, stealing money out of bank accounts or credit card numbers from retailers, and less threatening than infiltrating Iran’s nuclear facilities and shutting down work there. The “click-jacking” fraud did, however, net more than $14 million over four years, making it a lucrative enterprise for those involved.

The botnet worked by infecting Windows machines via malware known as DNSChanger, which allowed the perpetrators to modify browser settings and redirect Web traffic to advertising sites. They then collected buckets of cash in the form of fraudulent commissions. But when DNSChanger was detected in the NASA computer network, the Estonian IT company that served as a front for the operation found themselves at the wrong end of an FBI investigation dubbed “Operation Ghost Click.”

That was two years ago. As of today, six Estonians are in custody and facing decades in prison under U.S. indictments. One Russian suspect is still at large. U.S. security firm Trend Micro provided some intel to the FBI for Operation Ghost Click, and if you suspect DNSChanger might have infected your system the company has posted tips on diagnosing and eradicating it here.

[Telegraph]

June 15 2011

18:48

Richard Clarke: China is Planting Digital Bombs Throughout the U.S. Power Grid

The U.S. Navy Cyber Defense Operations Command The U.S. military and intelligence arms are already defending the nation from cyber attacks. DARPA hopes to give them another tool.
The U.S. government is doing little to protect American interests from cyber threats, claims Clarke in an op-ed

The cyber-security cat is slowly slinking out of the bag, it seems. It's been a big month in cybersecurity news, ranging from some high-profile hacks at companies like Lockheed (home to sensitive American defense technologies) and a declaration from the Pentagon that cyber attacks perpetrated by foreign governments can be considered acts of war and dealt with accordingly. Now we're hearing more war metaphors and cautionary talk from Richard Clarke in this morning's Wall Street Journal, where he argues that China-backed hackers are systematically attacking America and meeting no resistance when they do so.

Clarke worked in various high-level security roles for every president from Reagan to G.W. Bush, leaving the White House in 2003 with the title Special Advisor to the President on cybersecurity. That is, he's got some background on the topic at hand. And his assessment is pretty bleak: Senior U.S. officials know--and have known--that Chinese hackers are systematically infiltrating our networks, stealing source code, valuable R&D, and trade secrets from corporations while probing our power grids and other critical infrastructure for weaknesses, leaving behind easy access for themselves should they ever need to return and carry out more malicious acts.

Google, he says, has had the stones to stand up and admit it when its networks have been breached. But other companies, usually out of fear of being labeled "not secure," haven't done so. The recent RSA Security breach says it all; Chinese hackers--with government support--are walking all over us digitally, and the U.S. government is doing little to protect jeopardized American interests that aren't on a .gov or .mil server.

How do we know the Chinese government is behind these hacks? The Chinese claim attacks originating on their soil are rogue hackers, not government-backed cyber warriors. But, Clarke says, cyber criminals breach companies for financial gain, swiping credit cards or otherwise making away with funds. There's no money in hacking the U.S. electrical grid, yet President Obama himself has admitted that the grid has been thoroughly probed by hackers. Says Clarke:

"What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a government response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted-especially from our government."

Tough words from a former cybersecurity czar. The op-ed is worth a read if you're staying current on cyber threats and the larger geopolitical situation. Click through below for the whole story.

[WSJ]

18:48

Richard Clarke: China is Planting Digital Bombs Throughout the U.S. Power Grid

The U.S. government is doing little to protect American interests from cyber threats, claims Clarke in an op-ed

The cyber-security cat is slowly slinking out of the bag, it seems. It’s been a big month in cybersecurity news, ranging from some high-profile hacks at companies like Lockheed (home to sensitive American defense technologies) and a declaration from the Pentagon that cyber attacks perpetrated by foreign governments can be considered acts of war and dealt with accordingly. Now we’re hearing more war metaphors and cautionary talk from Richard Clarke in this morning’s Wall Street Journal, where he argues that China-backed hackers are systematically attacking America and meeting no resistance when they do so.

Clarke worked in various high-level security roles for every president from Reagan to G.W. Bush, leaving the White House in 2003 with the title Special Advisor to the President on cybersecurity. That is, he’s got some background on the topic at hand. And his assessment is pretty bleak: Senior U.S. officials know--and have known--that Chinese hackers are systematically infiltrating our networks, stealing source code, valuable R&D, and trade secrets from corporations while probing our power grids and other critical infrastructure for weaknesses, leaving behind easy access for themselves should they ever need to return and carry out more malicious acts.

Google, he says, has had the stones to stand up and admit it when its networks have been breached. But other companies, usually out of fear of being labeled “not secure,” haven’t done so. The recent RSA Security breach says it all; Chinese hackers--with government support--are walking all over us digitally, and the U.S. government is doing little to protect jeopardized American interests that aren’t on a .gov or .mil server.

How do we know the Chinese government is behind these hacks? The Chinese claim attacks originating on their soil are rogue hackers, not government-backed cyber warriors. But, Clarke says, cyber criminals breach companies for financial gain, swiping credit cards or otherwise making away with funds. There’s no money in hacking the U.S. electrical grid, yet President Obama himself has admitted that the grid has been thoroughly probed by hackers. Says Clarke:

“What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a government response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government.”

Tough words from a former cybersecurity czar. The op-ed is worth a read if you’re staying current on cyber threats and the larger geopolitical situation. Click through below for the whole story.

[WSJ]

June 09 2011

14:01

Red Team Go! It's NATO's Turn to Build a Cyber Defense Force

NATO HQ USAF

Hacks, cyber strategies, international cyber squads--we could just go ahead and dub this the "summer of cyber," and it's not even mid-June. On the heels of some high-profile hacks (including one at Lockheed Martin), a terse exchange between Google and China following a Gmail breach, and the U.S. DoD declaring that cyber attacks can be considered an act of war, NATO has now said it will develop a special cyber force.

It's even getting a cool name: the "Cyber Red Team." But the urgency that name implies might not carry over to the force's actual functions. For the most part, it sounds like the Red Team would simulate threats to manage readiness and response, probe networks for potential security vulnerabilities, assess the damage of cyber attacks against member states, and carry out the occasional denial of service attack.

In other words, it sounds like Cyber Team Red will be a fast reactive force rather than a proactive force meting out cyber punishment to nations that step out of cyber-line. Still, given the difficulty in identifying and prosecuting cyber crimes across international borders, such an international cyber force could go a long way toward enforcing international law/agreements and protecting states that don't have the resources to mount their own cyber defenses.

[PhysOrg]

14:01

Red Team Go! It's NATO's Turn to Build a Cyber Defense Force

Hacks, cyber strategies, international cyber squads--we could just go ahead and dub this the “summer of cyber,” and it’s not even mid-June. On the heels of some high-profile hacks (including one at Lockheed Martin), a terse exchange between Google and China following a Gmail breach, and the U.S. DoD declaring that cyber attacks can be considered an act of war, NATO has now said it will develop a special cyber force.

It’s even getting a cool name: the “Cyber Red Team.” But the urgency that name implies might not carry over to the force’s actual functions. For the most part, it sounds like the Red Team would simulate threats to manage readiness and response, probe networks for potential security vulnerabilities, assess the damage of cyber attacks against member states, and carry out the occasional denial of service attack.

In other words, it sounds like Cyber Team Red will be a fast reactive force rather than a proactive force meting out cyber punishment to nations that step out of cyber-line. Still, given the difficulty in identifying and prosecuting cyber crimes across international borders, such an international cyber force could go a long way toward enforcing international law/agreements and protecting states that don’t have the resources to mount their own cyber defenses.

[PhysOrg]

Reposted by02mydafsoup-01 02mydafsoup-01

June 07 2011

19:25

RSA Security Offers to Replace Nearly All of its Security Fobs After Lockheed Hack

RSA SecurIDs br1dotcom via Flickr
The cyber security firm's portable password generators were duplicated

Yet another wrinkle in the ongoing flood of cyber security stories emerging over the past couple of weeks: RSA Security--maker of those little keychain tokens that generate constantly changing passwords for users logging into secure networks--is offering increased security monitoring and the complete replacement of SecurID tokens to nearly all of its customers after evidence emerged that the recent cyber attack on Lockheed Martin was perpetrated in part using data stolen from RSA.

That's something of a massive recall. RSA's SecureID tokens add a second layer of protection to employees' static passwords via a keyfob-like device that displays a second numeric password necessary to log on. That password changes every 30 seconds, ensuring that even if someone steals an employee's regular password, the perpetrator still won't be able to access a secure server without possession of the SecureID token.

At least that was the idea. Back in March, RSA experienced its own cyber attack, and in a letter issued to customers yesterday it admitted that it has been working behind the scenes ever since to shore up cyber defenses at its defense-oriented clients, as an analysis of the hack at RSA indicated that the perps were seeking information that could be used to breach defense-related companies.

The letter also admitted that data stolen from RSA was used to breach Lockheed Martin's networks (specifically, the hackers used duplicates of the SecureID tokens issued to Lockheed employees).

That doesn't bode particularly well for RSA or for American corporations' cyber defense abilities on the whole, seeing as cyber security is RSA's bread and butter and its core competency. Considering its SecureID tags are employed by millions of corporate workers--including those at various other defense-related companies--this latest revelation isn't exactly welcome news for anyone (except the hackers who got away with it). RSA is now scrambling to replace tokens and offer additional security monitoring for its non-defense-related clients.

[WSJ]

19:25

RSA Security Offers to Replace Nearly All of its Security Fobs After Lockheed Hack

The cyber security firm's portable password generators were duplicated

Yet another wrinkle in the ongoing flood of cyber security stories emerging over the past couple of weeks: RSA Security--maker of those little keychain tokens that generate constantly changing passwords for users logging into secure networks--is offering increased security monitoring and the complete replacement of SecurID tokens to nearly all of its customers after evidence emerged that the recent cyber attack on Lockheed Martin was perpetrated in part using data stolen from RSA.

That’s something of a massive recall. RSA’s SecureID tokens add a second layer of protection to employees’ static passwords via a keyfob-like device that displays a second numeric password necessary to log on. That password changes every 30 seconds, ensuring that even if someone steals an employee’s regular password, the perpetrator still won’t be able to access a secure server without possession of the SecureID token.

At least that was the idea. Back in March, RSA experienced its own cyber attack, and in a letter issued to customers yesterday it admitted that it has been working behind the scenes ever since to shore up cyber defenses at its defense-oriented clients, as an analysis of the hack at RSA indicated that the perps were seeking information that could be used to breach defense-related companies.

The letter also admitted that data stolen from RSA was used to breach Lockheed Martin’s networks (specifically, the hackers used duplicates of the SecureID tokens issued to Lockheed employees).

That doesn’t bode particularly well for RSA or for American corporations’ cyber defense abilities on the whole, seeing as cyber security is RSA’s bread and butter and its core competency. Considering its SecureID tags are employed by millions of corporate workers--including those at various other defense-related companies--this latest revelation isn’t exactly welcome news for anyone (except the hackers who got away with it). RSA is now scrambling to replace tokens and offer additional security monitoring for its non-defense-related clients.

[WSJ]

May 31 2011

15:45

Pentagon Declares That Cyber-Attacks Can Constitute an Act of War, Deserving an Armed Response

On the heels of a cyber attack that breached defense contractor Lockheed Martin’s network defenses last week, the Pentagon is opening the door to new means of dealing with cyber attacks perpetrated by foreign nations. In a new, formal 30-page cyber strategy document--unclassified portions of which will be made public next month--the Pentagon has deemed that cyber attacks can constitute acts of war, and that responses can include traditional military retaliation.

The question now is: what constitutes a cyber attack from a foreign land? Pinning the blame for digital skullduggery on a foreign government (or anyone else for that matter) is often difficult to do with any degree of certainty. The Pentagon is of the opinion that the largest and most sophisticated attacks require state resources, and as such leave a fingerprint of government complicity if not outright support.

But the idea that conventional forces might be launched in retaliation for a cyber attack also conjures thoughts of Bond villian-esque plots to thrust the world into chaos. Could some teenager in Estonia with a knack for coding unwittingly (or wittingly) provoke an armed conflict? And even if a cyber attack was unquestioningly perpetrated on behalf of a foreign state, how does one weigh the appropriate military response?

These are the tough questions that will have to be hashed out in coming months and years as cyber warfare takes a place next to conventional might on the global battlefield. We’ll learn more about the DoD’s philosophy here when the unclassified portion of the document is released, but we do know that the document will push for an international doctrine among America’s allies that dictates appropriate responses to cyber threats.

One popular idea is a doctrine of “equivalence.” If a cyber attack produces death, damage, or some kind of economic or commercial disruption equivalent to what might be wrought by a military attack, it could be considered an act of war and a candidate for military retaliation. As one military official told the WSJ: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

It sounds a bit subjective, but so these things go. The current international system of meting out retaliation and justifying military action is based on a patchwork system of international treaties, some dating back decades, as well as a code of (somewhat)mutually agreed upon international practices and methods. The DoD is heading into uncharted territory from an international framework standpoint, as nothing exists in these earlier treaties and agreements that applies to the digital perils of the 21st century.

That leaves a lot of room for uncertainty, but what is absolutely certain is the role cyber warfare will play in global conflicts going forward. The British Ministry of Defense announced just this week that it is placing cyber attacks on equal standing with other military conflicts, and that “cyber troops” will deploy with conventional forces in the field and elsewhere to defend critical networks. In that sense, the age of the true cyber warrior is just getting underway.

[Wall Street Journal, BBC]

August 25 2010

15:58

Pentagon: 2008 Cyber Breach, Considered the Biggest Ever, Was Caused By a Simple Flash Drive

In the first on-the-record, official recognition that a foreign intelligence agency infiltrated sensitive U.S. military CentCom networks in 2008, Deputy Defense Secretary William J. Lynn III has revealed the source of the attack. And it was -- drumroll please -- a flash drive. A simple flash drive inserted into a military laptop at a location in the Middle East allowed malicious code to install and conceal itself on both classified and unclassified servers, opening them to foreign control.

The acknowledgement that such a simple process set off such an egregious breach of security highlights not only the danger that cyber threats pose, but just how fragile sensitive systems -- the systems by which America makes war -- can be.

In an article today in Foreign Affairs, Lynn presents new details about the DoD's cyberstrategy as it pertains to seeking out threats within its own networks, and according to the WaPo he asserts that the Pentagon needs to make efforts to protect important industry networks as well. That means defending not only protecting dot-gov and dot-mil networks, but ensuring that private industries providing critical infrastructure are taking the proper steps to secure their own networks.

But what the Pentagon learned the hard way is also a timely reminder for the rest of us as well. Keep in mind that foreign flash drives are something like sailors during Fleet Week -- there's just no way to know where they've been or what they've been, ahem, uploading. Be safe out there.

[Washington Post]

15:58

Pentagon: 2008 Cyber Breach, Considered the Biggest Ever, Was Caused By a Simple Flash Drive

Flash Drives Beware. Andrezadnik via Wikimedia

In the first on-the-record, official recognition that a foreign intelligence agency infiltrated sensitive U.S. military CentCom networks in 2008, Deputy Defense Secretary William J. Lynn III has revealed the source of the attack. And it was -- drumroll please -- a flash drive. A simple flash drive inserted into a military laptop at a location in the Middle East allowed malicious code to install and conceal itself on both classified and unclassified servers, opening them to foreign control.

The acknowledgement that such a simple process set off such an egregious breach of security highlights not only the danger that cyber threats pose, but just how fragile sensitive systems -- the systems by which America makes war -- can be.

In an article today in Foreign Affairs, Lynn presents new details about the DoD's cyberstrategy as it pertains to seeking out threats within its own networks, and according to the WaPo he asserts that the Pentagon needs to make efforts to protect important industry networks as well. That means defending not only protecting dot-gov and dot-mil networks, but ensuring that private industries providing critical infrastructure are taking the proper steps to secure their own networks.

But what the Pentagon learned the hard way is also a timely reminder for the rest of us as well. Keep in mind that foreign flash drives are something like sailors during Fleet Week -- there's just no way to know where they've been or what they've been, ahem, uploading. Be safe out there.

[Washington Post]

July 27 2010

20:36

An Order of Seven Global Cyber-Guardians Now Hold Keys to the Internet

The Keys to the Internet Each smart card contains a portions of the DNSSEC root key, which would be necessary to reboot the Internet as we know it if connections were severed to stem a cyber attack.

You may have heard the rumor that swirled briefly last month about an Internet "kill switch" that could power down the Web in the case of a critical cyber attack. Those rumors turned out to be largely overblown, but it turns out there are now seven individuals out there holding keys to the Internet. In the aftermath of a cataclysmic cyber attack, these members of a "chain of trust" will be responsible for rebooting the Web.

The seven members of this holy order of cyber security hail from around the world and recently received their keys while locked deep in a U.S. bunker. But the team isn't military in nature. The Internet safety program is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit watchdog group that has access to a security system designed to protect users from cyber fraud and cyber attacks.

Part of ICANN's security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and "signed" (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate site). Most major servers are a part of DNSSEC, as it's known, and during a major international attack, the system might sever connections between important servers to contain the damage.

A minimum of five of the seven keyholders - one each from Britain, the U.S., Burkina Faso, Trinidad and Tobago, Canada, China, and the Czech Republic - would have to converge at a U.S. base with their keys to restart the system and connect eveything once again. We're imagining a large medieval chamber filled with techno-religious imagery where these knights cyber must simultaneously turn hybrid thumb drive/skeleton keys in a massive router, filling the room with the blinking light of connectivity.

In reality, it's not so dramatic. The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it. Find out more about these cryptographic keys and how/why they're made here.

[BBC]

20:36

An Order of Seven Global Cyber-Guardians Now Hold Keys to the Internet

You may have heard the rumor that swirled briefly last month about an Internet “kill switch” that could power down the Web in the case of a critical cyber attack. Those rumors turned out to be largely overblown, but it turns out there are now seven individuals out there holding keys to the Internet. In the aftermath of a cataclysmic cyber attack, these members of a “chain of trust” will be responsible for rebooting the Web.

The seven members of this holy order of cyber security hail from around the world and recently received their keys while locked deep in a U.S. bunker. But the team isn’t military in nature. The Internet safety program is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit watchdog group that has access to a security system designed to protect users from cyber fraud and cyber attacks.

Part of ICANN’s security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and “signed” (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate site). Most major servers are a part of DNSSEC, as it's known, and during a major international attack, the system might sever connections between important servers to contain the damage.

A minimum of five of the seven keyholders – one each from Britain, the U.S., Burkina Faso, Trinidad and Tobago, Canada, China, and the Czech Republic – would have to converge at a U.S. base with their keys to restart the system and connect eveything once again. We’re imagining a large medieval chamber filled with techno-religious imagery where these knights cyber must simultaneously turn hybrid thumb drive/skeleton keys in a massive router, filling the room with the blinking light of connectivity.

In reality, it’s not so dramatic. The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it. Find out more about these cryptographic keys and how/why they’re made here.

[BBC]

July 08 2010

16:25

NSA Launching "Perfect Citizen" Surveillance Program to Monitor Private Networks for Cyber Attacks

Old School Infrastructure A lot of America's critical infrastructure, like the control rooms at nuclear plants or the technology that governs power grids (this control panel is from a '70s-era nuclear power experiment site), was designed in a pre-Web world. The NSA wants to shore up cyber security holes by getting inside private companies' networks and monitoring their data traffic for signs of impending cyber attack.

In a move that is poised to become extremely unpopular with privacy advocates, the National Security Agency -- you may remember them from the warrant-less wiretapping scandal -- is launching a program dubbed "Perfect Citizen" to detect cyber attacks on private companies running critical infrastructure like the electricity grid or nuclear plants. All companies have to do is let the NSA deploy a bunch of sensors within their networks, and trust that the nation's best eavesdropping agency won't abuse the system.

Both the NSA and Raytheon, who was awarded the initial contract to develop the surveillance effort (valued at up to $100 million), are naturally being very hush-hush about Perfect Citizen. But according to the WSJ, it seems the system would rely on a series of sensors physically installed within networks that would allow the NSA to monitor activity for the telltale signs of an impending cyber attack.

The NSA insists the failsafe measures would only kick in when suspicious activity arises and would not continuously monitor the data streaming through a private company's networks. But there's a Big Brother aspect to Perfect Citizen that has some in government and industry grumbling about an intrusion by the government in to private affairs.

But it might be the kind intrusion that is necessary. Government officials are constantly worried about the capabilities of Chinese cyber warriors (not to mention those employed by rogue states or terror groups), and the patchwork nature of American utilities and other key infrastructure providers makes it nearly impossible for the government's security arms to provide a common defense. One military official claims the violation of privacy is no greater than that caused by traffic cameras, as the sensors will more or less keep an eye out for suspicious patterns in network traffic among other things.

For now, Perfect Citizen is not a mandatory program, and that should allay some privacy concerns. The look of the finalized program is still unclear, as the NSA is working with private companies to persuade them of the gravity of the threat and come to agreeable terms with the government on how best to implement the sensors. Some companies might install their own sensors and then offer the NSA restricted access, a deal that might be far more agreeable to those IT departments worried about having Big Brother wandering the cyber hallways.

[Wall Street Journal]

January 26 2010

17:35

To Solve Cyber Crimes, DARPA Wants a "Cyber Genome Program"

Digital times mean digital crimes. But catching and convicting criminals, or even nations, that dabble in digital espionage, cyber attacks, and cyber terrorism is no easy task. Google - and the U.S. State Department - recently pointed the finger at China for a string of sophisticated cyber attacks on U.S. companies, but proving guilt in the matter will be tricky. Then there are the buckets of data that intelligence agencies pull from captured laptops and hard drives in terror sweeps; we have the files, but it can be difficult to figure out who's aiding America's enemies or what they are up to. Enter DARPA's Cyber Genome Program, aimed at creating a paternity test for digital artifacts.

The DoD's future-tech think tank has issued a call for technologies that will bolster America's digital defenses by collecting, identifying and tracing the lineage of software, data and digital files. To wit:

The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.

The ability to look at a file and trace it back to its source would help intelligence and law enforcement not only seek justice when cyber crimes are committed, but intercept threats as they are unfolding in cyberspace.

Of course, there's the dark side to all this. If this kind of digital "genome" is developed, it means the government can trace any document you create straight back to your PC - and you. The law-abiding among us may not mind, but the privacy protection types will likely have something to say about the government snatching data from the Web and tracing it back to the source. If Facebook and "To Catch A Predator" have taught us anything, it's that someone is always watching what we do online, but we might have felt a bit more comfortable when it wasn't necessarily Big Brother.

17:35

To Solve Cyber Crimes, DARPA Wants a "Cyber Genome Program"

Digital times mean digital crimes. But catching and convicting criminals, or even nations, that dabble in digital espionage, cyber attacks, and cyber terrorism is no easy task. Google – and the U.S. State Department – recently pointed the finger at China for a string of sophisticated cyber attacks on U.S. companies, but proving guilt in the matter will be tricky. Then there are the buckets of data that intelligence agencies pull from captured laptops and hard drives in terror sweeps; we have the files, but it can be difficult to figure out who’s aiding America’s enemies or what they are up to. Enter DARPA’s Cyber Genome Program, aimed at creating a paternity test for digital artifacts.

The DoD’s future-tech think tank has issued a call for technologies that will bolster America’s digital defenses by collecting, identifying and tracing the lineage of software, data and digital files. To wit:

The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.

The ability to look at a file and trace it back to its source would help intelligence and law enforcement not only seek justice when cyber crimes are committed, but intercept threats as they are unfolding in cyberspace.

Of course, there’s the dark side to all this. If this kind of digital “genome” is developed, it means the government can trace any document you create straight back to your PC – and you. The law-abiding among us may not mind, but the privacy protection types will likely have something to say about the government snatching data from the Web and tracing it back to the source. If Facebook and “To Catch A Predator” have taught us anything, it’s that someone is always watching what we do online, but we might have felt a bit more comfortable when it wasn’t necessarily Big Brother.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl