Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

August 29 2012

18:05

The U.S. Air Force is Officially Seeking Cyber Weapons

Look, we all know the Pentagon is seeking cyber weapons. For defensive purposes only, of course, not for playing dirty cyber tricks on enemies of the state (Stuxnet, anyone?). But it's a bit strange when the military does it so openly. For instance, when it submits a request into the public domain saying “please build us cyber weapons.” Which is what the Air Force just did.

In a recent broad agency announcement--a public document issued by any agency usually requesting something from the private sector or notifying the world at large that there are contracts up for grabs--the Air Force Life Cycle Management Center (AFLCMC) called on contractors to submit proposals for specific “cyberspace warfare operations” (CWO) capabilities, including “cyberspace warfare attack.” It doesn’t get much more explicit than that.

More specifically, the BAA outlines “cyberspace warfare attack” as those capabilities that would allow the Air Force to “destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries ability to use the cyberspace domain for his advantage,” Threatpost reports. It also requests “cyberspace warfare support” capabilities, which are basically the means to intercept enemy cyber attacks, open doors to their networks, and otherwise locate both sources of access and sensitive areas within enemy networks that are ripe for attack.

Let us not forget that this is the air wing of the same Department of Defense that declared acts of cyberwarfare to be considered equivalent to acts of regular war, and thus subject to all the same retaliations, including real-world kinetic strikes. More at Threatpost.

[Threatpost]



18:05

The U.S. Air Force is Officially Seeking Cyber Weapons

USAF Electronic Warfare Simulation USAF

Look, we all know the Pentagon is seeking cyber weapons. For defensive purposes only, of course, not for playing dirty cyber tricks on enemies of the state (Stuxnet, anyone?). But it's a bit strange when the military does it so openly. For instance, when it submits a request into the public domain saying "please build us cyber weapons." Which is what the Air Force just did.

In a recent broad agency announcement--a public document issued by any agency usually requesting something from the private sector or notifying the world at large that there are contracts up for grabs--the Air Force Life Cycle Management Center (AFLCMC) called on contractors to submit proposals for specific "cyberspace warfare operations" (CWO) capabilities, including "cyberspace warfare attack." It doesn't get much more explicit than that.

More specifically, the BAA outlines "cyberspace warfare attack" as those capabilities that would allow the Air Force to "destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries ability to use the cyberspace domain for his advantage," Threatpost reports. It also requests "cyberspace warfare support" capabilities, which are basically the means to intercept enemy cyber attacks, open doors to their networks, and otherwise locate both sources of access and sensitive areas within enemy networks that are ripe for attack.

Let us not forget that this is the air wing of the same Department of Defense that declared acts of cyberwarfare to be considered equivalent to acts of regular war, and thus subject to all the same retaliations, including real-world kinetic strikes. More at Threatpost.

[Threatpost]



April 17 2012

18:32

Secret Cyber War Games Between U.S. and China Let Countries Role-Play Their Frustrations

China and the U.S. are playing pretend war to vent their mutual frustrations and avoid a real one, according to a report by the Guardian. The State and Defense departments participated in two hypothetical-conflict sessions last year, and another round is planned for May. The war games were designed to prevent a “sudden military escalation” amid burgeoning anger in Washington over cyber attacks that the U.S. says are originating in China.

For its part, China is feeling a bit bellicose, the Guardian reports.

These war games are designed to let officials talk about hypothetical conflicts in a way that indirectly addresses their pent-up frustrations. The Guardian extensively quotes Jim Lewis, a senior fellow and director at the Center for Strategic and International Studies in Washington, who helped organize the war games.

During the first round, officials had to talk about what they would do if they were attacked by a computer virus like the Stuxnet worm that disabled nuclear facilities in Iran. Then they had to discuss how they’d react if they found out the attack was launched by the other side. “Known as "Track 1.5" diplomacy, it is the closest governments can get in conflict management without full-blown talks,” the newspaper reports.

This is an interesting way to handle a potentially volatile situation, talking around it as if it’s hypothetical and not reality or eventuality. But using pretend situations can be a diplomatic, non-confrontational way for the U.S. to puff its chest. A description of how we’d react if China sanctioned a cyber-attack — we know you won’t do it, China, but just in case, here’s what we’d do to you — is a tacit deterrent to would-be attackers.

The U.S. has been ramping up its cyber-defense systems and awareness, and even warning would-be hackers that cyber attacks can constitute an act of war. But attackers have also been turning up the heat — recently, Chinese officials had to deny they were involved in a China-based hacking of U.S. space assets. This sort of incident is becoming more common, to the increasing frustration and anger of American officials.

While it sounds like the Stuxnet imaginary situation went well, the second didn’t go so smoothly, according to Lewis’ account to the Guardian, which you can read here. The Chinese deeply distrust our government and feel like they’ve been treated unfairly. And Lewis believes the U.S. is bracing for a potential escalating conflict, too.

Maybe role-playing will help both sides understand the potential fallout if cooler heads don't continue to prevail.

[Guardian]

April 12 2012

19:57

Pentagon Announces New Strategy: Rapidly Develop Cyberweapons to Attack Specific Targets

The Pentagon wants cyberweapons, and it wants them fast. Deftly recognizing that cyberweapons are nothing like the materiel of physical warfare, the DoD is devising a means to fast-track and field certain cyberweapons, some of which will take only days to go from development to deployment.

The Washington Post has obtained a Pentagon-prepared report for Congress outlining and acquisition process that will respond to “mission-critical” needs when cyber weapons are absolutely necessary and time isn’t on the side of U.S. personnel. It’s a strategy that addresses the fact that cyberwarfare isn’t like anything that’s come before it.

In conventional warfare, you build your weapons, you warehouse them, and if the time comes, you pull them out of storage and you deploy them wherever in the world they are needed. Procurement times are long, but so is the shelf life of something like an F-16--an all-purpose platform that can flies and fights the same way regardless of hemisphere. Cyberwarfare is nothing like this. Generally, a specific threat requires a specific response, and specific cyber targets require specific cyberweapons that may be used once and never used again. As such, cyberweapons can’t effectively come off the shelf. They have to be tailor made for the situation, and fast.

To that end, the two-year-old Cyber Command is in the process of inventorying the Pentagon’s current cyber capabilities and basic off-the-shelf cyberweapons platforms that could be quickly tailored for specific tasks. It will then set up two different silos of cyberweapons development. In the rapid silo, cyberweapons will be developed in months or even just days from existing or nearly complete hardware and software assets to deal with immediate threats. The deliberate silo will house cyberweapons that are designed over longer timelines for specific purposes but whose deployments are far riskier (“cough STUXNET cough”).

It’s important to note that these cyberweapons won’t just be defensive, but offensive as well. Which is troubling in its own way, since the building of new and powerful offensive weapons tends to lead to escalation. But at least it shows that the Pentagon fully (and finally) grasps that this kind of warfare requires a high degree of nimbleness. In the same way that you don’t want to show up to an IED fight with an unarmored humvee, you can’t expect to compete in the cyber conflicts of the future with yesterday’s cyber tools.

[WaPo]

Reposted by02mydafsoup-01 02mydafsoup-01

November 01 2011

14:07

Chinese Officials Deny Hacking U.S. Environment-Monitoring Satellites

Landsat-7 NASA

Beijing officials are denying accusations the Chinese military interfered with two U.S. Earth-monitoring satellites, the wires are reporting today. On Friday, a draft report to Congress said at least two satellites were tampered with four or more times in 2007 and 2008, and that the breaches were consistent with Chinese military strategy. Given that the Pentagon has said cyberattacks are akin to an opening salvo in a traditional military conflict, this sounds like very troubling news.

Here's what happened: The U.S.-China Economic and Security Review Commission, which typically reports on Sino-American trade relations, reported the satellite interference in a draft message to Congress, but added the events have not been traced to China. It's just pointing to the Chinese military because "the techniques appear consistent with authoritative Chinese military writings," which advocate disabling an enemy's space systems, according to a writeup by Reuters. The official report will be delivered to Congress Nov. 16.

Beijing cried foul on Monday, accusing the commission of viewing China with "colored lenses."

"This report is untrue and has ulterior motives. It's not worth a comment," said Foreign Ministry spokesman Hong Lei.

Nothing happened to the satellites - they neither sent nor received any data - but they were contacted and interfered with, according to the report. The signals came via a ground station in Norway.

The assets in question should be familiar to anyone who enjoys Earth-from-space imagery: Landsat-7 and Terra AM-1. Landsat-7 experienced at least 12 minutes of interference in October 2007 and July 2008, and Terra was similarly treated for two minutes on June 20, 2008, and for at least nine minutes on Oct. 22, 2008, Reuters reported. Whoever contacted Terra "achieved all steps required to command the satellite," as Business Week quotes the report. But the party didn't do anything to it.

"Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions," the draft report says (also quoting Business Week). "Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission."

This is certainly not the first time Chinese officials have been accused of orchestrating cyber attacks, however, and it's also not the first time Beijing has denied the same. It's difficult if not impossible to prove the provenance of a cyber-attack, so we may never know who really did it. But it's yet another reminder that protection of data and of technological assets could be the powder keg of the future.

[Reuters, Business Week]

Reposted by02mydafsoup-01 02mydafsoup-01

June 09 2011

14:01

Red Team Go! It's NATO's Turn to Build a Cyber Defense Force

NATO HQ USAF

Hacks, cyber strategies, international cyber squads--we could just go ahead and dub this the "summer of cyber," and it's not even mid-June. On the heels of some high-profile hacks (including one at Lockheed Martin), a terse exchange between Google and China following a Gmail breach, and the U.S. DoD declaring that cyber attacks can be considered an act of war, NATO has now said it will develop a special cyber force.

It's even getting a cool name: the "Cyber Red Team." But the urgency that name implies might not carry over to the force's actual functions. For the most part, it sounds like the Red Team would simulate threats to manage readiness and response, probe networks for potential security vulnerabilities, assess the damage of cyber attacks against member states, and carry out the occasional denial of service attack.

In other words, it sounds like Cyber Team Red will be a fast reactive force rather than a proactive force meting out cyber punishment to nations that step out of cyber-line. Still, given the difficulty in identifying and prosecuting cyber crimes across international borders, such an international cyber force could go a long way toward enforcing international law/agreements and protecting states that don't have the resources to mount their own cyber defenses.

[PhysOrg]

14:01

Red Team Go! It's NATO's Turn to Build a Cyber Defense Force

Hacks, cyber strategies, international cyber squads--we could just go ahead and dub this the “summer of cyber,” and it’s not even mid-June. On the heels of some high-profile hacks (including one at Lockheed Martin), a terse exchange between Google and China following a Gmail breach, and the U.S. DoD declaring that cyber attacks can be considered an act of war, NATO has now said it will develop a special cyber force.

It’s even getting a cool name: the “Cyber Red Team.” But the urgency that name implies might not carry over to the force’s actual functions. For the most part, it sounds like the Red Team would simulate threats to manage readiness and response, probe networks for potential security vulnerabilities, assess the damage of cyber attacks against member states, and carry out the occasional denial of service attack.

In other words, it sounds like Cyber Team Red will be a fast reactive force rather than a proactive force meting out cyber punishment to nations that step out of cyber-line. Still, given the difficulty in identifying and prosecuting cyber crimes across international borders, such an international cyber force could go a long way toward enforcing international law/agreements and protecting states that don’t have the resources to mount their own cyber defenses.

[PhysOrg]

Reposted by02mydafsoup-01 02mydafsoup-01

June 01 2011

18:22

The Pentagon Has a Classified List of Cyber Weapons Approved for Cyber Warfare

The U.S. Navy Cyber Defense Operations Command The U.S. military and intelligence arms are already defending the nation from cyber attacks. DARPA hopes to give them another tool.

More news on the cyber warfare front today as more details leak out about the Pentagon's ongoing efforts to produce a cyber operation framework. Today we learn via the Washington Post that the Pentagon has a classified list of approved cyber weapons and tools that are ready to be deployed if necessary, just as the DoD has an approved list of traditional military responses to certain scenarios.

This list has actually existed for several months and has been accepted by other agencies like the CIA, and joins the battery of other approved weaponry the DoD can deploy under certain circumstances. But as with the Pentagon's other tools of war, those capabilities come with restrictions.

One senior official told the Post that placing cyber weapons in the arsenal right next to cruise missiles, airstrikes, and M-16s is "perhaps the most significant operational development in military cyber-doctrine in years." Indeed, it brings clarity to an otherwise murky area of international military relations where the rules of engagement are somewhat opaque. And, perhaps most notably, it establishes the chain of command.

For instance, it specifies when a cyber attack requires presidential authorization and when it does not. For instance, if the military wishes to plant a virus in a foreign nation's networks that can be activated later, it needs a presidential nod. But a variety of other activities, including spying on other nations' cyber capabilities or leaving "beacons" behind to mark vulnerable sites in foreign systems, need no approval from the Commander in Chief.

But the situation is still far from crystal clear. The rules change when the U.S. is engaged in a state of hostilities versus a state of peace with the intended target (outside of a zone of hostility, presidential approval is almost always required). During wartime, a president can pre-authorize commanders to use a range of tools so that they can remain nimble on the ground. And, as in physical warfare, there are a range of mission-specific variables, like collateral damage and potential civilian casualties, that have to be weighed. Says the Post:

Under the new framework, the use of a weapon such as Stuxnet could occur only if the president granted approval, even if it were used during a state of hostilities, military officials said. The use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties.

Stuxnet is a prime example of the real challenge the Pentagon faces here. The Stuxnet worm is largely thought to have been designed specifically to disable Iranian nuclear technologies. It is also thought to have been created by the United States or Israel. But once loose in cyberspace, the worm did not discriminate, affecting systems in several nations around the world, including the United States.

Therein lies the real cyber warfare challenge. Traditional battlefields are confined to a physical space, and while the repercussions of what happens there can quickly reverberate around the world, the raw physical impact is limited in scope. In cyber warfare, the battlefield is always global, reaching everywhere all the time, and it's here the Pentagon must aggressively limit the law of unintended consequences.

[Washington Post]

18:22

The Pentagon Has a Classified List of Cyber Weapons Approved for Cyber Warfare

More news on the cyber warfare front today as more details leak out about the Pentagon’s ongoing efforts to produce a cyber operation framework. Today we learn via the Washington Post that the Pentagon has a classified list of approved cyber weapons and tools that are ready to be deployed if necessary, just as the DoD has an approved list of traditional military responses to certain scenarios.

This list has actually existed for several months and has been accepted by other agencies like the CIA, and joins the battery of other approved weaponry the DoD can deploy under certain circumstances. But as with the Pentagon’s other tools of war, those capabilities come with restrictions.

One senior official told the Post that placing cyber weapons in the arsenal right next to cruise missiles, airstrikes, and M-16s is “perhaps the most significant operational development in military cyber-doctrine in years.” Indeed, it brings clarity to an otherwise murky area of international military relations where the rules of engagement are somewhat opaque. And, perhaps most notably, it establishes the chain of command.

For instance, it specifies when a cyber attack requires presidential authorization and when it does not. For instance, if the military wishes to plant a virus in a foreign nation’s networks that can be activated later, it needs a presidential nod. But a variety of other activities, including spying on other nations’ cyber capabilities or leaving “beacons” behind to mark vulnerable sites in foreign systems, need no approval from the Commander in Chief.

But the situation is still far from crystal clear. The rules change when the U.S. is engaged in a state of hostilities versus a state of peace with the intended target (outside of a zone of hostility, presidential approval is almost always required). During wartime, a president can pre-authorize commanders to use a range of tools so that they can remain nimble on the ground. And, as in physical warfare, there are a range of mission-specific variables, like collateral damage and potential civilian casualties, that have to be weighed. Says the Post:

Under the new framework, the use of a weapon such as Stuxnet could occur only if the president granted approval, even if it were used during a state of hostilities, military officials said. The use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties.

Stuxnet is a prime example of the real challenge the Pentagon faces here. The Stuxnet worm is largely thought to have been designed specifically to disable Iranian nuclear technologies. It is also thought to have been created by the United States or Israel. But once loose in cyberspace, the worm did not discriminate, affecting systems in several nations around the world, including the United States.

Therein lies the real cyber warfare challenge. Traditional battlefields are confined to a physical space, and while the repercussions of what happens there can quickly reverberate around the world, the raw physical impact is limited in scope. In cyber warfare, the battlefield is always global, reaching everywhere all the time, and it’s here the Pentagon must aggressively limit the law of unintended consequences.

[Washington Post]

May 31 2011

15:45

Pentagon Declares That Cyber-Attacks Can Constitute an Act of War, Deserving an Armed Response

On the heels of a cyber attack that breached defense contractor Lockheed Martin’s network defenses last week, the Pentagon is opening the door to new means of dealing with cyber attacks perpetrated by foreign nations. In a new, formal 30-page cyber strategy document--unclassified portions of which will be made public next month--the Pentagon has deemed that cyber attacks can constitute acts of war, and that responses can include traditional military retaliation.

The question now is: what constitutes a cyber attack from a foreign land? Pinning the blame for digital skullduggery on a foreign government (or anyone else for that matter) is often difficult to do with any degree of certainty. The Pentagon is of the opinion that the largest and most sophisticated attacks require state resources, and as such leave a fingerprint of government complicity if not outright support.

But the idea that conventional forces might be launched in retaliation for a cyber attack also conjures thoughts of Bond villian-esque plots to thrust the world into chaos. Could some teenager in Estonia with a knack for coding unwittingly (or wittingly) provoke an armed conflict? And even if a cyber attack was unquestioningly perpetrated on behalf of a foreign state, how does one weigh the appropriate military response?

These are the tough questions that will have to be hashed out in coming months and years as cyber warfare takes a place next to conventional might on the global battlefield. We’ll learn more about the DoD’s philosophy here when the unclassified portion of the document is released, but we do know that the document will push for an international doctrine among America’s allies that dictates appropriate responses to cyber threats.

One popular idea is a doctrine of “equivalence.” If a cyber attack produces death, damage, or some kind of economic or commercial disruption equivalent to what might be wrought by a military attack, it could be considered an act of war and a candidate for military retaliation. As one military official told the WSJ: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

It sounds a bit subjective, but so these things go. The current international system of meting out retaliation and justifying military action is based on a patchwork system of international treaties, some dating back decades, as well as a code of (somewhat)mutually agreed upon international practices and methods. The DoD is heading into uncharted territory from an international framework standpoint, as nothing exists in these earlier treaties and agreements that applies to the digital perils of the 21st century.

That leaves a lot of room for uncertainty, but what is absolutely certain is the role cyber warfare will play in global conflicts going forward. The British Ministry of Defense announced just this week that it is placing cyber attacks on equal standing with other military conflicts, and that “cyber troops” will deploy with conventional forces in the field and elsewhere to defend critical networks. In that sense, the age of the true cyber warrior is just getting underway.

[Wall Street Journal, BBC]

November 17 2010

19:00

Chinese Telecom Company Hijacked 15 Percent of Internet

A Series Of Tubes via The Collegian
NASA, DOD, Senate traffic re-routed through Chinese servers last spring, study finds

For about 18 minutes in April, a Chinese telecommunications company hijacked 15 percent of the Internet, redirecting U.S. government and military traffic through Chinese servers. The misdirection affected NASA, all four branches of the military, the office of the Secretary of Defense and the U.S. Senate.

We don't yet know what this means - the U.S.-China Economic and Security Review Commission, which released report on the incident today, says it is unclear whether it was intentional or just an accident - but at the very least, it's one more piece of disturbing evidence showing the U.S. is vulnerable to cyberattack.

The hijacking was reported when it first happened, but this is the first acknowledgement that American government sites were affected. Along with the military and organizations like NASA and NOAA, the redirect affected commercial websites like Dell, Yahoo, Microsoft and IBM, according to ABC News, which broke the story this morning.

It's not clear what happened to the data once it was rerouted through China Telecom, which is denying any hijack of Internet traffic. It could have been a pure technical error that "advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers," as the report puts it.

Whether or not this was an innocent mistake, it's clear the capability to reroute huge streams of data could enable malicious activities. Given Chinese entities' Internet history, this is not good news. Remember last January's attack on Google, intended to get human rights activists' e-mail addresses?

From the report: "This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend."

Government officials are claiming their traffic was encrypted. so they have nothing to fear. But when members of Congress are "100 percent certain" the U.S. will suffer a cyberattack, incidents like this should sound the alarm.

September 22 2010

17:56

Advanced Computer Worm Was Specifically Designed to Attack Iranian Nuclear Reactor, Experts Say

And the culprit is likely a nation-state

The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran’s new Bushehr nuclear reactor, cybersecurity experts say. It’s the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.

Researchers studying the worm say it was built by an advanced attacker with plentiful resources — possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

Ralph Langner, an expert on industrial systems security, has been studying Stuxnet since it was first discovered at a Belarus-based security firm in June. In a blog post last week, he said the worm was most likely assembled by a team of experts with heavy insider knowledge: “This is not some hacker sitting in the basement of his parents’ house. To me, it seems that the resources needed to stage this attack point to a nation state,” he wrote.

He speculates that the target is Iran’s Bushehr reactor, currently under construction. To reach this conclusion, he partly relied upon a UPI picture of the reactor’s operations plant, showing Siemens PLC software.

Stuxnet has targeted Siemens-operated industrial facilities like power plants and chemical factories. It has spread via USB flash drives and through copying itself to new networks protected by weak passwords, according to a news release from Norman ASA, a network security firm.

As PCWorld explains, once Stuxnet identifies a target, it changes a specific piece of Siemens code that monitors critical operations — “things that need a response within 100 milliseconds.” By changing this crucial piece of code, Stuxnet could cause equipment to malfunction, sabotaging a refinery or factory.

So far, no one has ventured to guess which nation might have built Stuxnet. But PCWorld recalled speculation from last summer that Israeli officials were contemplating a cyber attack on Iran.

Langner wrote that whoever built the worm is going to get caught, because cyber-forensics will eventually smoke them out. They must not care about going to jail, he wrote.

If they represent a nation-state, there might be much bigger things to worry about — could Stuxnet represent an opening salvo in a cyber war?

17:56

Advanced Computer Worm Was Specifically Designed to Attack Iranian Nuclear Reactor, Experts Say

And the culprit is likely a nation-state

The sophisticated computer worm called Stuxnet, which has been targeting industrial operations around the world, was likely designed to take out Iran's new Bushehr nuclear reactor, cybersecurity experts say. It's the first known cyber-super-weapon designed to destroy a real-world target, reports the Christian Science Monitor.

Researchers studying the worm say it was built by an advanced attacker with plentiful resources - possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

Ralph Langner, an expert on industrial systems security, has been studying Stuxnet since it was first discovered at a Belarus-based security firm in June. In a blog post last week, he said the worm was most likely assembled by a team of experts with heavy insider knowledge: "This is not some hacker sitting in the basement of his parents' house. To me, it seems that the resources needed to stage this attack point to a nation state," he wrote.

He speculates that the target is Iran's Bushehr reactor, currently under construction. To reach this conclusion, he partly relied upon a UPI picture of the reactor's operations plant, showing Siemens PLC software.

Stuxnet has targeted Siemens-operated industrial facilities like power plants and chemical factories. It has spread via USB flash drives and through copying itself to new networks protected by weak passwords, according to a news release from Norman ASA, a network security firm.

As PCWorld explains, once Stuxnet identifies a target, it changes a specific piece of Siemens code that monitors critical operations - "things that need a response within 100 milliseconds." By changing this crucial piece of code, Stuxnet could cause equipment to malfunction, sabotaging a refinery or factory.

So far, no one has ventured to guess which nation might have built Stuxnet. But PCWorld recalled speculation from last summer that Israeli officials were contemplating a cyber attack on Iran.

Langner wrote that whoever built the worm is going to get caught, because cyber-forensics will eventually smoke them out. They must not care about going to jail, he wrote.

If they represent a nation-state, there might be much bigger things to worry about - could Stuxnet represent an opening salvo in a cyber war?

April 14 2010

20:45

NSA Chief Confirms U.S. Military's Right to Return Cyber-Attacks

While various cyber-attacks against US government and business targets are numerous and well-documented, America's own offensive capabilities in this area have remained mostly out of view. However, in his recent testimony before Congress, NSA chief Lt. General Keith Alexander reversed that history a bit, and confirmed that the US has, and is, engaged in offensive cyber-warfare. Alexander also explicated how cyber-combat factors into the general doctrine of legality of war.

Alexander is testifying before Congress as part of his confirmation as the new head of US Cyber Command. In that position, he will oversee the protection of the US data infrastructure. In his answers to questions from Congressmen before tomorrow's in-person testimony, Alexander said that the US has responded to threats against the country in cyberspace, but declined to get into specifics. He also added that while military law doesn't specifically authorize a country to retaliate with a cyber-attack, the law implicitly condones the use of retaliatory cyberwar.

In general, Alexander's testimony reflected a policy that treats a computer the same as a rifle in a military context. For him, it's a weapon, and faces the same deterrent, legal, technical issues as a fighter plane, nuclear bomb, or sharpened stick. However, it should be noted that Alexander also gave extensive classified testimony that no doubt went into more specific detail about the US's cyber-deterrence and offensive capabilities.

Still, what Alexander did reveal is mostly new information for the general public, and with live questioning set to begin tomorrow, we should end this week knowing far more about US cyber policy than we began it.

[Associated Press]

20:45

NSA Chief Confirms U.S. Military's Right to Return Cyber-Attacks

While various cyber-attacks against US government and business targets are numerous and well-documented, America's own offensive capabilities in this area have remained mostly out of view. However, in his recent testimony before Congress, NSA chief Lt. General Keith Alexander reversed that history a bit, and confirmed that the US has, and is, engaged in offensive cyber-warfare. Alexander also explicated how cyber-combat factors into the general doctrine of legality of war.

Alexander is testifying before Congress as part of his confirmation as the new head of US Cyber Command. In that position, he will oversee the protection of the US data infrastructure. In his answers to questions from Congressmen before tomorrow's in-person testimony, Alexander said that the US has responded to threats against the country in cyberspace, but declined to get into specifics. He also added that while military law doesn't specifically authorize a country to retaliate with a cyber-attack, the law implicitly condones the use of retaliatory cyberwar.

In general, Alexander's testimony reflected a policy that treats a computer the same as a rifle in a military context. For him, it's a weapon, and faces the same deterrent, legal, technical issues as a fighter plane, nuclear bomb, or sharpened stick. However, it should be noted that Alexander also gave extensive classified testimony that no doubt went into more specific detail about the US's cyber-deterrence and offensive capabilities.

Still, what Alexander did reveal is mostly new information for the general public, and with live questioning set to begin tomorrow, we should end this week knowing far more about US cyber policy than we began it.

[Associated Press]

February 17 2010

18:00

U.S. Wargamers Wrap Up Massive Cyberattack Drill: "We Are Not Prepared"

Washington insiders recently sweated out a real-time war game where a cyberattack crippled cell phone service, Internet and even electrical grids across the U.S. The unscripted, dynamic simulation allowed former White House officials and the Bipartisan Policy Center to study the problems that might arise during a real cyberattack emergency, according to Aviation Week's Ares Defense Blog.

The Policy Center's vice-president reports ""The general consensus of the panel today was that we are not prepared to deal with these kinds of attacks."

The nightmarish scenario that unfolded represented a worst-case example. As former secretary of Homeland Security Michael Chertoff noted, many cyberattacks can be stopped if individual cell phone or Internet users simply follow the best practices and use the right tools. Similarly, another participant pointed out that private Internet companies would not sit idly by as a virus ran amok.

A collapse of power across the U.S. also only took place when the simulation brought in factors such as high demand during the summer, a hurricane that had damaged power supply lines, and coordinated bombings that accompanied the cyberattack and subsequent failure of the Internet.

Still, the war game highlighted crucial issues about the government's own reliance upon communications that might go down during a real-life scenario. One of the biggest problems was how the President ought to respond to a situation that caused damage like warfare but lacked an immediately identifiable foreign adversary. Smaller-scale cyberattacks have already complicated real-world diplomacy, such as the alleged Chinese cyberattacks on Google and other U.S. companies.

Ares Defense Blog questioned a curious missing element from the simulation, in that there was no mention of what happened to phone or Internet service in the rest of the world. Surely a nation that decided to launch cyberattacks against the U.S. would take safeguards to protect its own crucial communication services, which would possibly help U.S. officials narrow down the list of suspects.

Another question seemed more mundane but equally important -- how would the government activate the National Guard with cell phone service down?

The Pentagon's DARPA science lab recently pushed for a "Cyber Genome Program" that could trace digital fingerprints to cyberattack culprits. But identifying whether a cyber attack came from individual civilians, shadowy hacker associations or government cyber-warriors has proven tricky in the meantime.

[via Ares Defense Blog]

January 26 2010

22:46

New Evidence Calls Into Question China's Role in Google Attacks

Over the last two weeks, China and the US have engaged in a round of diplomatic sparring over attacks against Google. Secretary of State Hillary Clinton demanded that China investigate the attacks, while China accused the US of having a hacking double standard, and of using the Internet to foment revolution in Iran. In the ensuing back and forth, Google pulled its operations out of China, and criticized the Chinese government for censoring search results.

But what if China wasn't behind the attacks at all?

Sure, the attacks were launched from Taiwanese servers, a hallmark of Chinese cyberwarfare. And yes, the Google infiltration included, among many other things, the theft of emails from Chinese dissidents.

However, the virus used to perpetrate the attack originated from outside of China, contradicting earlier claims that the hacking software first appeared in a Chinese-language only journal. And any links between the Taiwanese servers and the Chinese mainland are circumstantial at best.

Of course, none of this absolves China either. China may very well have instigated the Google attack, it's just very hard to say one way or the other based on the evidence that has been released to the public thus far. Rather, the inability to easily track the origin of these attacks highlights the danger of cyberwar, where ambiguous virtual actions can lead to concrete real-world consequences.

[The Register]

22:46

New Evidence Calls Into Question China's Role in Google Attacks

Over the last two weeks, China and the US have engaged in a round of diplomatic sparring over attacks against Google. Secretary of State Hillary Clinton demanded that China investigate the attacks, while China accused the US of having a hacking double standard, and of using the Internet to foment revolution in Iran. In the ensuing back and forth, Google pulled its operations out of China, and criticized the Chinese government for censoring search results.

But what if China wasn't behind the attacks at all?

Sure, the attacks were launched from Taiwanese servers, a hallmark of Chinese cyberwarfare. And yes, the Google infiltration included, among many other things, the theft of emails from Chinese dissidents.

However, the virus used to perpetrate the attack originated from outside of China, contradicting earlier claims that the hacking software first appeared in a Chinese-language only journal. And any links between the Taiwanese servers and the Chinese mainland are circumstantial at best.

Of course, none of this absolves China either. China may very well have instigated the Google attack, it's just very hard to say one way or the other based on the evidence that has been released to the public thus far. Rather, the inability to easily track the origin of these attacks highlights the danger of cyberwar, where ambiguous virtual actions can lead to concrete real-world consequences.

[The Register]

17:35

To Solve Cyber Crimes, DARPA Wants a "Cyber Genome Program"

Digital times mean digital crimes. But catching and convicting criminals, or even nations, that dabble in digital espionage, cyber attacks, and cyber terrorism is no easy task. Google - and the U.S. State Department - recently pointed the finger at China for a string of sophisticated cyber attacks on U.S. companies, but proving guilt in the matter will be tricky. Then there are the buckets of data that intelligence agencies pull from captured laptops and hard drives in terror sweeps; we have the files, but it can be difficult to figure out who's aiding America's enemies or what they are up to. Enter DARPA's Cyber Genome Program, aimed at creating a paternity test for digital artifacts.

The DoD's future-tech think tank has issued a call for technologies that will bolster America's digital defenses by collecting, identifying and tracing the lineage of software, data and digital files. To wit:

The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.

The ability to look at a file and trace it back to its source would help intelligence and law enforcement not only seek justice when cyber crimes are committed, but intercept threats as they are unfolding in cyberspace.

Of course, there's the dark side to all this. If this kind of digital "genome" is developed, it means the government can trace any document you create straight back to your PC - and you. The law-abiding among us may not mind, but the privacy protection types will likely have something to say about the government snatching data from the Web and tracing it back to the source. If Facebook and "To Catch A Predator" have taught us anything, it's that someone is always watching what we do online, but we might have felt a bit more comfortable when it wasn't necessarily Big Brother.

17:35

To Solve Cyber Crimes, DARPA Wants a "Cyber Genome Program"

Digital times mean digital crimes. But catching and convicting criminals, or even nations, that dabble in digital espionage, cyber attacks, and cyber terrorism is no easy task. Google – and the U.S. State Department – recently pointed the finger at China for a string of sophisticated cyber attacks on U.S. companies, but proving guilt in the matter will be tricky. Then there are the buckets of data that intelligence agencies pull from captured laptops and hard drives in terror sweeps; we have the files, but it can be difficult to figure out who’s aiding America’s enemies or what they are up to. Enter DARPA’s Cyber Genome Program, aimed at creating a paternity test for digital artifacts.

The DoD’s future-tech think tank has issued a call for technologies that will bolster America’s digital defenses by collecting, identifying and tracing the lineage of software, data and digital files. To wit:

The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.

The ability to look at a file and trace it back to its source would help intelligence and law enforcement not only seek justice when cyber crimes are committed, but intercept threats as they are unfolding in cyberspace.

Of course, there’s the dark side to all this. If this kind of digital “genome” is developed, it means the government can trace any document you create straight back to your PC – and you. The law-abiding among us may not mind, but the privacy protection types will likely have something to say about the government snatching data from the Web and tracing it back to the source. If Facebook and “To Catch A Predator” have taught us anything, it’s that someone is always watching what we do online, but we might have felt a bit more comfortable when it wasn’t necessarily Big Brother.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl