Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Cyberwarfare

News Computer Security Recommended Links Cold War II Privacy is Dead – Get Over It Cyberstalking Total control: keywords in your posts that might trigger surveillance Spyware defence strategy
Anti-Russian hysteria in connection emailgate and DNC leak DNC emails leak Hillary Clinton email scandal          
Facebook as Giant Database about Users Blocking Facebook Cookie Cutting Phishing Malware Spyware Humor Etc

There is a tendency to exaggerate attacks, although genuine cyberwarfare attacks do exist starting from Stuxnet.

The term “war” could be applied to “cyber” activity only if there is a deliberate attempt to destroy some kind of infrastructure of foreign state like was the case of Stuxnet. 

(Re: It does not take a village — or a country; http://tinyurl.com/yguw93g  ).

If country A blocks country B’s intelligence from transmitting; if country B “blocks” country A’s battlefield communications capability during a military skirmish — that is  a clear “cyber warfare”.

Criminal hacking, Web site defacement, denial-of-service attacks — especially those directed against non-military and non-infrastructure targets — aren't “war” of any kind. It's more like (possibly a state-sponsored terrorism): attempt to get attention to specific group or goals. Not that different from, for example, support of jihadists bythe USA during Soviet Afgan war,  

Let’s be very clear; "real" war results in people being killed, in property being destroyed, in infrastructure and logistical capabilities being crippled. So for Internet attack to be called cyberwarfare it should meet at least one of this criteria; if not in effect, then in intention. And by “infrastructure” I mean real infrastructure— factories, hospitals, water treatment plants, power-generation facilities, roads and bridges. At least web sites that provide some kind of essential services like financial websites, not the Internet web site with general public information. 

Anything short of this is merely criminality, propaganda war, or "cold war" if you wish.

Hacking high officials email is more like a color revolution inspired trick, then anything else. 


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Oct 09, 2017] Masquerading Hackers Are Forcing a Rethink of How Attacks Are Traced

Oct 09, 2017 | theintercept.com

The growing propensity of government hackers to reuse code and computers from rival nations is undermining the integrity of hacking investigations and calling into question how online attacks are attributed, according to researchers from Kaspersky Lab.

In a paper set for release today at the Virus Bulletin digital security conference in Madrid , the researchers highlight cases in which they've seen hackers acting on behalf of nation-states stealing tools and hijacking infrastructure previously used by hackers of other nation-states. Investigators need to watch out for signs of this or risk tracing attacks to the wrong perpetrators, the researchers said.

Threat researchers have built an industry on identifying and profiling hacking groups in order to understand their methods, anticipate future moves, and develop methods for battling them. They often attribute attacks by "clustering" malicious files, IP addresses, and servers that get reused across hacking operations, knowing that threat actors use the same code and infrastructure repeatedly to save time and effort. So when researchers see the same encryption algorithms and digital certificates reused in various attacks, for example, they tend to assume the attacks were perpetrated by the same group. But that's not necessarily the case.

... ... ...

Intelligence agencies and military hackers are uniquely positioned to trick researchers through code and tool reuse because of something they do called fourth-party collection. Fourth-party collection can encompass a number of activities, including hacking the machine of a victim that other hackers have already breached and collecting intelligence about the hackers on that machine by stealing their tools. It can also involve hacking the servers the hackers use to launch their assaults. These machines sometimes store the arsenal of malicious tools and even source code that the attackers use for their attacks. Once the other group's tools and source code are stolen, it's easy to go a step further and reuse them.

"Agency A could steal another agency's source code and leverage it as their own. Clustering and attribution in this case begin to fray," wrote Juan Andrés Guerrero-Saade, principal security researcher with Kaspersky, and his colleague, Costin Raiu, who leads Kaspersky's global research and analysis team.

"[O]ur point in the paper was: This is what it would look like [if someone were to do a false-flag operation] and these are the cases where we've seen people trying and failing," said Guerrero-Saade.

The recent WannaCry ransomware outbreak is an obvious example of malware theft and reuse. Last year, a mysterious group known as the Shadow Brokers stole a cache of hacking tools that belonged to the National Security Agency and posted them online months later. One of the tools -- a so-called zero-day exploit, targeting a previously unknown vulnerability -- was repurposed by the hackers behind WannaCry to spread their attack. In this case, it was easy to make a connection between the theft of the NSA code and its reuse with WannaCry, because the original theft was well-publicized. But other cases of theft and reuse won't likely be so obvious, leaving researchers in the dark about who is really conducting an attack.

"[I]f a superpower were to break fully into, let's say, the DarkHotel group tomorrow and steal all of their code and have access to all of their [command-and-control infrastructure], we're not going to find out about that monumental event," Guerrero-Saade told The Intercept, referring to a hacker group that has conducted a series of sophisticated attacks against guests in luxury hotels . "At that point, they're in a position to mimic those operations to a T without anyone knowing."

[Jul 04, 2017] Foisting Blame for Cyber-Hacking on Russia by Gareth Porter

Notable quotes:
"... Recent hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing to discourage the politicians. ..."
"... The Department of Homeland Security (DHS) has a record of spreading false stories about alleged Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington, Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011. ..."
"... So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into state electoral databases, rejected that suspicion as false months ago. Last September, Assistant Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions were not carried out by Russian intelligence but by criminal hackers seeking personal information to sell on the Internet. ..."
"... Illinois is the one state where hackers succeeded in breaking into a voter registration database last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted personal information on roughly 90,000 registered voters, and that none of the information was expunged or altered. ..."
"... "Any time you more carefully monitor a system you're going to see more bad guys poking and prodding at it," he observed, " because they're always poking and prodding." [Emphasis added] ..."
"... Reagan further revealed that she had learned from the FBI that hackers had gotten a user name and password for their electoral database, and that it was being sold on the "dark web" – an encrypted network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored "frequently." ..."
"... The sequence of events indicates that the main person behind the narrative of Russian hacking state election databases from the beginning was former FBI Director James Comey. In testimony to the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind efforts to penetrate voter databases, but never said so directly. ..."
"... The media then suddenly found unnamed sources ready to accuse Russia of hacking election data even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4." The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources. ..."
"... But that claim of a "likely" link between the hackers and Russia was not only speculative but highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators from the US intelligence community, DHS, FBI, the private sector and other entities." They cited a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly Steppe" who were supposedly linked to Russian intelligence. ..."
"... But the highly classified NSA report made no reference to any evidence supporting such an attribution. The absence of any hint of signals intelligence supporting its conclusion makes it clear that the NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been used to establish the original narrative of Russians hacking electoral databases. ..."
"... Russian intelligence certainly has an interest in acquiring intelligence related to the likely outcome of American elections, but it would make no sense for Russia's spies to acquire personal voting information about 90,000 registered voters in Illinois. ..."
Jul 04, 2017 | original.antiwar.com
Cyber-criminal efforts to hack into U.S. government databases are epidemic, but this ugly reality is now being exploited to foist blame on Russia and fuel the New Cold War hysteria

Recent hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing to discourage the politicians.

On June 21, Samuel Liles, acting director of the Intelligence and Analysis Office's Cyber Division at the Department of Homeland Security, and Jeanette Manfra, acting deputy under secretary for cyber-security and communications, provided the main story line for the day in testimony before the Senate committee - that efforts to hack into election databases had been found in 21 states.

Former DHS Secretary Jeh Johnson and FBI counterintelligence chief Bill Priestap also endorsed the narrative of Russian government responsibility for the intrusions on voter registration databases.

But none of those who testified offered any evidence to support this suspicion nor were they pushed to do so. And beneath the seemingly unanimous embrace of that narrative lies a very different story.

The Department of Homeland Security (DHS) has a record of spreading false stories about alleged Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington, Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011.

So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into state electoral databases, rejected that suspicion as false months ago. Last September, Assistant Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions were not carried out by Russian intelligence but by criminal hackers seeking personal information to sell on the Internet.

Both Ozment and state officials responsible for the state databases revealed that those databases have been the object of attempted intrusions for years. The FBI provided information to at least one state official indicating that the culprits in the hacking of the state's voter registration database were cyber-criminals.

Illinois is the one state where hackers succeeded in breaking into a voter registration database last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted personal information on roughly 90,000 registered voters, and that none of the information was expunged or altered.

The Actions of Cybercriminals

That was an obvious clue to the motive behind the hack. Assistant DHS Secretary Ozment testified before the House Subcommittee on Information Technology on Sept. 28 ( at 01:02.30 of the video ) that the apparent interest of the hackers in copying the data suggested that the hacking was "possibly for the purpose of selling personal information."

Ozment 's testimony provides the only credible motive for the large number of states found to have experienced what the intelligence community has called "scanning and probing" of computers to gain access to their electoral databases: the personal information involved – even e-mail addresses – is commercially valuable to the cybercriminal underworld.

That same testimony also explains why so many more states reported evidence of attempts to hack their electoral databases last summer and fall. After hackers had gone after the Illinois and Arizona databases, Ozment said, DHS had provided assistance to many states in detecting attempts to hack their voter registration and other databases.

"Any time you more carefully monitor a system you're going to see more bad guys poking and prodding at it," he observed, " because they're always poking and prodding." [Emphasis added]

State election officials have confirmed Ozment's observation. Ken Menzel, the general counsel for the Illinois Secretary of State, told this writer, "What's new about what happened last year is not that someone tried to get into our system but that they finally succeeded in getting in." Menzel said hackers "have been trying constantly to get into it since 2006."

And it's not just state voter registration databases that cybercriminals are after, according to Menzel. "Every governmental data base – driver's licenses, health care, you name it – has people trying to get into it," he said.

Arizona Secretary of State Michele Reagan told Mother Jones that her I.T. specialists had detected 193,000 distinct attempts to get into the state's website in September 2016 alone and 11,000 appeared to be trying to "do harm."

Reagan further revealed that she had learned from the FBI that hackers had gotten a user name and password for their electoral database, and that it was being sold on the "dark web" – an encrypted network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored "frequently."

James Comey's Role

The sequence of events indicates that the main person behind the narrative of Russian hacking state election databases from the beginning was former FBI Director James Comey. In testimony to the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind efforts to penetrate voter databases, but never said so directly.

Comey told the committee that FBI Counterintelligence was working to "understand just what mischief Russia is up to with regard to our elections." Then he referred to "a variety of scanning activities" and "attempted intrusions" into election-related computers "beyond what we knew about in July and August," encouraging the inference that it had been done by Russian agents.

The media then suddenly found unnamed sources ready to accuse Russia of hacking election data even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4." The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources.

Similarly, NBC News headline announced, "Russians Hacked Two US Voter Databases, Officials Say." But those who actually read the story closely learned that in fact none of the unnamed sources it cited were actually attributing the hacking to the Russians.

It didn't take long for Democrats to turn the Comey teaser - and these anonymously sourced stories with misleading headlines about Russian database hacking - into an established fact. A few days later, the ranking Democrat on the House Intelligence Committee, Rep. Adam Schiff declared that there was "no doubt" Russia was behind the hacks on state electoral databases.

On Oct. 7, DHS and the Office of the Director of National Intelligence issued a joint statement that they were "not in a position to attribute this activity to the Russian government." But only a few weeks later, DHS participated with FBI in issuing a "Joint Analysis Report" on "Russian malicious cyber activity" that did not refer directly to scanning and spearphishing aimed of state electoral databases but attributed all hacks related to the election to "actors likely associated with RIS [Russian Intelligence Services]."

Suspect Claims

But that claim of a "likely" link between the hackers and Russia was not only speculative but highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators from the US intelligence community, DHS, FBI, the private sector and other entities." They cited a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly Steppe" who were supposedly linked to Russian intelligence.

But as I reported last January, the staff of Dragos Security, whose CEO Rob Lee, had been the architect of a US government system for defense against cyber attack, pointed out that the vast majority of those indicators would certainly have produced "false positives."

Then, on Jan. 6 came the "intelligence community assessment" – produced by selected analysts from CIA, FBI and National Security Agency and devoted almost entirely to the hacking of e-mail of the Democratic National Committee and Hillary Clinton's campaign chairman John Podesta. But it included a statement that "Russian intelligence obtained and maintained access to elements of multiple state or local election boards." Still, no evidence was evinced on this alleged link between the hackers and Russian intelligence.

Over the following months, the narrative of hacked voter registration databases receded into the background as the drumbeat of media accounts about contacts between figures associated with the Trump campaign and Russians built to a crescendo, albeit without any actual evidence of collusion regarding the e-mail disclosures.

But a June 5 story brought the voter-data story back into the headlines. The story, published by The Intercept, accepted at face value an NSA report dated May 5, 2017 , that asserted Russia's military intelligence agency, the GRU, had carried out a spear-phishing attack on a US company providing election-related software and had sent e-mails with a malware-carrying word document to 122 addresses believed to be local government organizations.

But the highly classified NSA report made no reference to any evidence supporting such an attribution. The absence of any hint of signals intelligence supporting its conclusion makes it clear that the NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been used to establish the original narrative of Russians hacking electoral databases.

A Checkered History

So, the history of the US government's claim that Russian intelligence hacked into election databases reveals it to be a clear case of politically motivated analysis by the DHS and the Intelligence Community. Not only was the claim based on nothing more than inherently inconclusive technical indicators but no credible motive for Russian intelligence wanting personal information on registered voters was ever suggested.

Russian intelligence certainly has an interest in acquiring intelligence related to the likely outcome of American elections, but it would make no sense for Russia's spies to acquire personal voting information about 90,000 registered voters in Illinois.

When FBI Counterintelligence chief Priestap was asked at the June 21 hearing how Moscow might use such personal data, his tortured effort at an explanation clearly indicated that he was totally unprepared to answer the question.

"They took the data to understand what it consisted of," said Priestap, "so they can affect better understanding and plan accordingly in regards to possibly impacting future election by knowing what is there and studying it."

In contrast to that befuddled non-explanation, there is highly credible evidence that the FBI was well aware that the actual hackers in the cases of both Illinois and Arizona were motivated by the hope of personal gain.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com . Reprinted from Consortium News with the author's permission.

Read more by Gareth Porter Why Afghanistan? Fighting a War for the War System Itself – June 13th, 2017 The Kissinger Backchannel to Moscow – June 4th, 2017 Will Trump Agree to the Pentagon's Permanent War in Iraq, Afghanistan and Syria? – May 14th, 2017 US 'Deep State' Sold Out Counter-Terrorism To Keep Itself in Business – April 23rd, 2017 New Revelations Belie Trump Claims on Syria Chemical Attack – April 14th, 2017

View all posts by Gareth Porter

[Jun 24, 2017] Obama Ordered Cyberweapons Implanted Into Russias Infrastructure by Jason Ditz

Jun 23, 2017 | news.antiwar.com

Former Official: Implants Designed to 'Cause Them Pain and Discomfort'

A new report from the Washington Post today quoted a series of Obama Administration officials reiterating their official narrative on Russia's accused hacking of the 2016 election. While most of the article is simply rehashes and calls for sanctions, they also revealed a secret order by President Obama in the course of "retaliation" for the alleged hacking.

This previously secret order involved having US intelligence design and implant a series of cyberweapons into Russia's infrastructure systems, with officials saying they are meant to be activated remotely to hit the most important networks in Russia and are designed to " cause them pain and discomfort ."

The US has, of course, repeatedly threatened "retaliatory" cyberattacks against Russia, and promised to knock out broad parts of their economy in doing so. These appear to be the first specific plans to have actually infiltrate Russian networks and plant such weapons to do so.

Despite the long-standing nature of the threats, by the end of Obama's last term in office this was all still in the "planning" phases. It's not totally clear where this effort has gone from there, but officials say that the intelligence community, once given Obama's permission, did not need further approval from Trump to continue on with it, and he'd have actually had to issue a countermanding order, something they say he hasn't.

The details are actually pretty scant on how far along the effort is, but the goal is said to be for the US to have the ability to retaliate at a moment's notice the next time they have a cyberattack they intend to blame on Russia.

Unspoken in this lengthy report, which quotes unnamed former Obama Administration officials substantially, advocating the effort, is that in having reported that such a program exists, they've tipped off Russia about the threat.

This is, however, reflective of the priority of the former administration, which is to continuing hyping allegations that Russia got President Trump elected, a priority that's high enough to sacrifice what was supposed to be a highly secretive cyberattack operation.

[Jun 03, 2017] Putin hits on false flag operation to implicate Russians

Notable quotes:
"... "The most important this is that we don't do that on government level," he said. "Secondly, I can imagine that some purposefully does that, building the chain of these attacks in a way to make it seem that Russia is the source of these attacks. Modern technology allows to do that quite easily." ..."
"... On high level like in case of Iranian hacks only state actors can operate. But they are not needed with such suckers like completely incompetent and arrogant Hillary. Here anybody suffice and that can be "lesser states" hostile to Russia (such as Ukraine, or Estonia) or even the USA agencies themselves (false flag operation) ..."
"... The level of incompetence demonstrated by "bathroom server" saga is simply staggering, to say the least: State Department essentially is as close to a security agency as one could get: they took over some former CIA functions ("color revolutions" is one such function) and generally they work in close cooperation. And this close cooperation is typical not only for the USA. But here we have a server in comparison with which many colleges email server installations are paragons of security. ..."
Jun 02, 2017 |

http://www.cnn.com/2017/06/01/politics/russia-putin-hackers-election/index.html

It contain even more important quote about how Russia can be intentionally framed:

While he maintained Thursday that the Russian government wasn't behind the attacks, he said hackers anywhere could make their efforts appear like they came from the state.

"The most important this is that we don't do that on government level," he said. "Secondly, I can imagine that some purposefully does that, building the chain of these attacks in a way to make it seem that Russia is the source of these attacks. Modern technology allows to do that quite easily."

And there is some evidence in favor of his hypothesis

1. On high level like in case of Iranian hacks only state actors can operate. But they are not needed with such suckers like completely incompetent and arrogant Hillary. Here anybody suffice and that can be "lesser states" hostile to Russia (such as Ukraine, or Estonia) or even the USA agencies themselves (false flag operation)

The level of incompetence demonstrated by "bathroom server" saga is simply staggering, to say the least: State Department essentially is as close to a security agency as one could get: they took over some former CIA functions ("color revolutions" is one such function) and generally they work in close cooperation. And this close cooperation is typical not only for the USA. But here we have a server in comparison with which many colleges email server installations are paragons of security.

And her staff incompetence was also simply amazing. IMHO they all were criminally incompetent.

To hack such idiots for state actors is highly unusual -- they instantly suspect that this is a mousetrap, so called honeypot.

2. As for "gullible Podesta" he was such a joke that it hurts; this idiot (with very strange inclinations) did not even managed to buy a $15 USB security key that Google provides for two factor authentication.

https://arstechnica.com/security/2014/10/google-offers-usb-security-key-to-make-bad-passwords-moot/

Here too "state actor" would think that this is a trap. To give up password for nothing. For the "grey cardinal" of DNC ? You are kidding.

2. Doublethink demonstrated in this case suggest nefarious goals. Of course, Hillary bathroom server hacks are disputed. Both by Hillary and MSM :-). Who simultaneously are convinced about DNC hacks ;-).

This is really from 1984: "Doublethink is the act of simultaneously accepting two mutually contradictory beliefs as correct, often in distinct social contexts." (Wikipedia)

3. There is a more plausible version about DNC "hack", which is swiped under the rag. That it was actually a leak, not hack and it involves Seth Rich. Here it is even more probably that Russian are framed. Nobody in MSM wants to touch this theme. How one would explain such a lack interest to what is really sensational material? By the State Department talking points?

4. Also now we know that CIA can imitate attack of any state actor including Russia, China or North Korea. They have special tools for this. So if one puts such a name as "Felix Edmundovich Dzerzhinsky" ( https://en.wikipedia.org/wiki/Felix_Dzerzhinsky ) into malware this is clearly not a Russian. Can be Polish hacker. Can well be some guy from Langley with perverse sense of humor ;-). BTW Alperovitch, the head of the company CrowdStrike, to which investigation of DNC hack was mysteriously outsourced (see below) never asked himself this simple question.

5. Another interesting fact is that investigation of "DNC hack" was outsourced by FBI to a shady company run by Dmitry Alperovitch ( https://en.wikipedia.org/wiki/Dmitri_Alperovitch )

Can you imagine that ? We need to assume that FBI does not have specialists, so FBI decided to use a "headlines grabber" type of security company to perform this important for national security investigation:

https://www.linkedin.com/pulse/crowdstrike-needs-address-harm-causedukraine-jeffrey-carr

Cue bono from such a decision? That is the question :-)

IMHO this action alone raises serious questions both about Comey and the whole DNC hack story (I like the term "Fancy Bear" that Alperovitch used; this bear might reside well outside of Russia and in reality be a panda or even a skunk :-)

6. Hacking is a simply perfect ground for false flag operations. So in any objective investigation this hypothesis needs to be investigated. Nobody even tried to raise this question. Even once. Including honchos in Congress. Which for an independent observer increases probability that this might well be a false flag operation with a specific purpose.

All-in-all we have more questions then answers here. So jumping to conclusions and resulting witch hunt of the US media and the behavior of some US officials is really suspicious.

[Jun 03, 2017] Putin Hackers may be 'patriots' but not working for Russian government

Jun 03, 2017 | www.cnn.com
In comments to reporters at the St. Petersburg Economic Forum, Putin likened hackers to "artists," who could act on behalf of Russia if they felt its interests were being threatened. "(Artists) may act on behalf of their country, they wake up in good mood and paint things. Same with hackers, they woke up today, read something about the state-to-state relations. "If they are patriotic, they contribute in a way they think is right, to fight against those who say bad things about Russia," Putin said. Putin: We didn't hack US election Russia has repeatedly denied involvement in any attempts to influence November's US Presidential election. When asked directly whether Russia interfered in the election, Putin said in March: "Read my lips: No." He also described the allegations as "fictional, illusory, provocations and lies." Derek Chollet, senior adviser of the German Marshall Fund of the US, told CNN's Brian Todd that's not true. "The US intelligence community in January concluded with high confidence that Vladimir Putin ordered an influence campaign to try to shape the US election. And part of that influence campaign were hackers. This is Putin trying to obfuscate and blur what is the reality." US-Russia investigation

While he maintained Thursday that the Russian government wasn't behind the attacks, he said hackers anywhere could make their efforts appear like they came from the state. "The most important this is that we don't do that on government level," he said. "Secondly, I can imagine that some purposefully does that, building the chain of these attacks in a way to make it seem that Russia is the source of these attacks. Modern technology allows to do that quite easily." However, he said that even if hackers did intervene it's unlikely they could swing a foreign election. "No hacker can affect an electoral campaign in any country, be it Europe, Asia or America." "I'm certain that no hackers can influence an electoral campaign in another country. It's just not going to settle on the voter's mind, on the nation's mind," he added. CNN's Fareed Zakaria said Putin's remarks on the hacking mirror what Putin said when Russia seized Ukraine's Crimea region. "If you remember, when the invasion of Crimea and the destabilization of eastern Ukraine took place, Vladimir Putin said, 'I don't know who these people are ... it seems there are patriotically minded Ukrainians and Russians who want the Crimea to be part of Russia," Zakaria said.

[Jun 03, 2017] Putins remark looks like a valid observation about a very dangerous phenomena -- State actors can provoke non-state actors in cyberspace and vice versa, non-state actors can provoke state actors. As a result the spiral of confrontation can start unwinding uncontrollably.

Jun 03, 2017 | economistsview.typepad.com

EMichael -

, June 02, 2017 at 08:28 AM
"(Artists) may act on behalf of their country, they wake up in good mood and paint things. Same with hackers, they woke up today, read something about the state-to-state relations.
"If they are patriotic, they contribute in a way they think is right, to fight against those who say bad things about Russia," Putin said.
libezkova - , June 02, 2017 at 09:24 PM
This is a complex issues and some considerations below are gross simplifications and should be viewed as such. But the key question is: can "hacking wars" eventually lead to the nuclear war due to interplay between state and non-state actors?

As Paul Craig Roberts recently observed "The most important truth of our time is that the world lives on the knife-edge of the American military/security complex's need for an enemy in order to keep profits flowing."

So the main danger here is that cyber attacks which were made "to keep profits flowing" (including false flag operating; hacking a perfect field for false flag operations) can provoke a real war, which can escalate into nuclear exchange. Especially if one side thinks that it can intercept the missiles from the other.

So Putin's remark looks like a valid observation about a very dangerous phenomena -- State actors can provoke non-state actors in cyberspace and vice versa, non-state actors can provoke state actors. As a result the spiral of confrontation can start unwinding uncontrollably.

Hostile action like the current McCarthyism witch hunt against Russia provokes reaction, including unanticipated from non-state actors. Some now really inclined to hack the US servers.

Similarly US hackers now are more inclined to hack Russian servers.

Which provokes another reaction, but now from the state actors. As a result money are flowing into appropriate coffers, which was the key idea from the start.

[May 08, 2017] Another Leaks about emails, this time about Macron

Notable quotes:
"... to be fair though, those emails leaks seem totally dull. I browsed what I could, it's just generic staff chat, campaign bills to pay, bills to make, yadda yadda Whoever got the mail passwords few months ago must have waited for something juicy to land and since nothing really interesting came up, they're just posting the whole stock as is. Won't make the slightest difference on sunday. ..."
"... Exactly. I wouldnt be surprised if its Macron team itself that leaked this dull, uninportant stuff to show that "russians have interfered". ..."
"... Macron won 1st step with the intense fear campaign spammed on our heads during 6 months. I know plenty reasonable people who voted Macron while they hardly can stand his program, because they were told hundreds times he was the "best choice" to beat Le Pen. ..."
"... That's so absurd Macron got the most votes last sunday AND at the same time got the LOWEST "adhesion" (adherence ? not sure in english) rate of all 11 candidates, basically nearly half of "his" voters put the bulletin with his name for reasons that have nothing to do with him. ..."
"... Macron's dirty secrets according to The Duran: http://theduran.com/breaking-macron-emails-lead-to-allegations-of-drug-use-homosexual-adventurism-and-rothschild-money/ ..."
"... That all the evils in western society are the fault of the external bogeyman. Putin, ISIS Refugees, Asian footwear makers, whatever. ..."
"... Is that your services & politicians Would never pull a false leak or a controlled leak or a limited hangout. That they are angels that sit on their hands. ..."
"... These two underpin the absolute lunacy we have seen unfold before our eyes. An extraordinarily dangerous situation to be in which is getting worse fast. ..."
May 08, 2017 | www.moonofalabama.org
Jean | May 6, 2017 8:32:33 AM | 10
Another Leaks about emails, this time about Macron. The difference is that nobody is allowed to publish any part of it by the electoral commission (15,000 euros fine). No doubt there will be a huge crackdown on alt media once he gets elected.

France is an occupied country, much more than the US

http://theduran.com/breaking-macron-email-hacking-shows-that-free-speech-is-dead-in-france/

roflmaousse | May 6, 2017 8:43:48 AM | 12
to be fair though, those emails leaks seem totally dull. I browsed what I could, it's just generic staff chat, campaign bills to pay, bills to make, yadda yadda Whoever got the mail passwords few months ago must have waited for something juicy to land and since nothing really interesting came up, they're just posting the whole stock as is. Won't make the slightest difference on sunday.
Anon | May 6, 2017 8:52:27 AM | 13
roflmaousse

Exactly. I wouldnt be surprised if its Macron team itself that leaked this dull, uninportant stuff to show that "russians have interfered".

roflmaousse | May 6, 2017 9:04:11 AM | 14
@jen : what possibility ? none
Macron won 1st step with the intense fear campaign spammed on our heads during 6 months. I know plenty reasonable people who voted Macron while they hardly can stand his program, because they were told hundreds times he was the "best choice" to beat Le Pen. And that's it. They probably don't fully believe it, but the doubt was hammered deep in their mind, and they won't take the (imaginary) risk to appear the on "wrong" side of history and be shamed for years... And the same thing will obviously happen tomorrow.

That's so absurd Macron got the most votes last sunday AND at the same time got the LOWEST "adhesion" (adherence ? not sure in english) rate of all 11 candidates, basically nearly half of "his" voters put the bulletin with his name for reasons that have nothing to do with him.

Anon | May 6, 2017 4:10:36 PM | 46
Lol the french regime now warn people not to spread the leak... apparently that is a "criminal offense"!

https://tinyurl.com/m7a37ew

You cant make this stuff up! Censorship is here and accepted, scary.

Mina | May 6, 2017 6:55:59 PM | 57
Californian leak? Who cares, the msm have already blamed the ruskies all day
james | May 6, 2017 7:02:12 PM | 58
@46 anon.. that macron leak story has legs! i like what some guy on twitter said - "Amazing that the French government and media now stand as enemies of freedom of speech." who whudda thunk it? lol... remind anyone of any other countries?
Mina | May 6, 2017 7:06:12 PM | 59
So cute from the bbc that he doesnt want to reveal the contents of the leak although nothing obliges it to

http://www.bbc.com/news/world-europe-39830379

Anon | May 7, 2017 3:09:11 AM | 63
Indeed, Macron is basically married to his mother already in a way: Macron married to a 24 year older wife
https://www.thestar.com/life/2017/04/27/french-presidential-candidates-older-wife-only-scandalous-to-the-rest-of-the-world-timson.html
Shakesvshav | May 7, 2017 4:02:44 AM | 64
Macron's dirty secrets according to The Duran: http://theduran.com/breaking-macron-emails-lead-to-allegations-of-drug-use-homosexual-adventurism-and-rothschild-money/
Mina | May 7, 2017 4:16:59 AM | 65
Well well well... you know... its France... le pen's mother made nacked pictures for french playboy when she divorced the father... another one is on x... just pawns.
Mina | May 7, 2017 5:07:56 AM | 66
The MSM are going to be embarassed with the leaks. On one side they keep referring to the Ruskies and Trump, and on the other no one among the Western politicians has a B plan in case Trump continues to wreck havoc (and he will).

Next week, he goes to KSA before Israel and since the Saudi prince said it would be 'historical' we can bet KSA will announce the recognizance of Israel
Then step 2 will be to say Syria and Iran: you recognize or we turn you to Somalia.
And where will Junker, Hollande, Macron and co go then?

(as for Le Pen she's not a suggestion; she's been changing her views almost every week except on the fate she reserves to gypsies, latest she went to explain the Zionist lobby that she supports the colonies)
http://www.lexpress.fr/actualite/politique/fn/comment-marine-le-pen-cherche-a-seduire-la-communaute-juive_1777887.html
http://www.alterinfo.net/LE-PEN-DRAGUE-LES-ELECTEURS-JUIFS-JUSQU-EN-ISRAEL_a129982.html

Mina | May 7, 2017 5:29:38 AM | 67
even Wikileaks says the metadata is full of cyrillic. clumsiness or the will to point towards the usual culprits?
not sure if Hollande has really turned into a Machiavel but that sounds like him
b | May 7, 2017 1:07:26 PM | 93

Sài Gòn Séamus @SaiGonSeamus on the Macron "leaks":

None of it makes sense, yet everyone laps it up like mother's milk. This is the 1st of these leaks to have obvious forgeries in it.

The release date makes no sense, there appears to be nothing damaging in it, the speed at which the trusties found the Cyrillic metadata says they were looking for it / told where to look / not looking for damaging material.

The sheer scale of the breach from what must be the closely monitored mail server in political history.

None of it adds up if you look at it with an open mind. This is dangerous slavish behavior from infosec, the media and public. If you will swallow this hook, line & sinker then your parliaments need more fire extinguishers

Everything is based on two enormous falacies.

1. That all the evils in western society are the fault of the external bogeyman. Putin, ISIS Refugees, Asian footwear makers, whatever. That the Trumps, Le Pens, Farages are not a native virus.

2. Is that your services & politicians Would never pull a false leak or a controlled leak or a limited hangout. That they are angels that sit on their hands.

These two underpin the absolute lunacy we have seen unfold before our eyes. An extraordinarily dangerous situation to be in which is getting worse fast.

Mina | May 7, 2017 1:13:27 PM | 94
mediapart commenting the macronleaks: no ref to the contents or to wikileaks has having decided to host the files.
b | May 7, 2017 1:17:29 PM | 95
Did Macron Outsmart Campaign Hackers? - While it's still too early to tell, so far the big document dump by hackers of the Macron campaign has not been damaging.
"You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out," Mounir Mahjoubi, the head of Macron's digital team, told The Daily Beast for its earlier article on this subject.

In the end, whoever made the dump may not have known what is real and what is false, which would explain in part the odd timing. After the disruptive revelations of the Democratic National Committee hacks in the United States, the public is conditioned to think that if there's a document dump like this, it has to be incriminating. By putting it out just before the news blackout, when Macron cannot respond in detail, the dump becomes both the medium and the message.
...

[Apr 21, 2017] Americas Cyberwar Hypocrisy

Apr 21, 2017 | www.foreignaffairs.com

Today's cyberbattles could almost make one nostalgic for the Cold War . The nuclear arms race created a sense of existential threat, but at least it was clear who had the weapons. In contrast, a cyberattack could be the work of almost anyone. After hackers broke into the U.S. Democratic National Committee's servers in 2016 and released e-mails embarrassing to the DNC's leadership, the Republican presidential candidate Donald Trump said the attacker could be China, Russia, or "somebody sitting on their bed that weighs 400 pounds."

U.S. intelligence officials have said that the attack did indeed come from Russia , which Trump later acknowledged . But Trump's comment underscored a larger problem with cyberwarfare: uncertainty. How does a government respond to an invisible attacker, especially without clear rules of engagement? How can officials convince other governments and the public that they have fingered the right suspects? How can a state prevent cyberattacks when without attribution, the logic of deterrence-if you hit me, I'll hit you back-no longer applies? Two recent books delve into these questions. Dark Territory , by Fred Kaplan, and The Hacked World Order , by Adam Segal, lay out the history of cybersecurity in the United States and explain the dangers that future digital conflicts might pose. Both authors also make clear that although Americans and U.S. institutions increasingly feel themselves to be in the cross hairs of hackers and other cybercriminals, the United States is itself a powerful aggressor in cyberspace.

In 2014 alone, the United States suffered more than 80,000 cybersecurity breaches.

In the future, the United States must use its cyberpower judiciously. Every conflict poses the risk that one party will make a mistake or overreact, causing things to veer out of control. When it comes to cyberwar, however, the stakes are particularly high for the United States, as the country's technological sophistication makes it uniquely vulnerable to attack.

Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility, April 2008.

Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility, April 2008.

CYBER-SUPERPOWER

The dramatic headlines surrounding Russia's alleged hacking of the DNC and attempts to spread misinformation online during the U.S. election may have reinforced the perception among Americans that the United States is primarily a victim of cyber-intrusions. It's not. In Dark Territory , Kaplan details the United States' long history of aggression in cyberspace. It's not easy to write an engaging book on cyberwar, and Kaplan, a national security columnist at Slate , has done an admirable job. He presents a clear account of the United States' evolution into a formidable cyberpower, guiding the reader through a thicket of technical details and government acronyms.

It turns out that the U.S. govern ment has been an aggressor for over a quarter century. Kaplan describes "counter command-control warfare"-attempts to disrupt an enemy's ability to control its forces-that goes back to the Gulf War in 1990–91. At a time when U.S. President George H. W. Bush had never used a computer, the National Security Agency (NSA) was employing a secret satellite to monitor the conversations of Iraqi President Saddam Hussein and his generals, which sometimes revealed the positions of Iraqi soldiers.

The United States flexed its digital muscles again in the late 1990s, when Serbs in Bosnia and Herzegovina were protesting the presence of NATO soldiers enforcing the 1995 Dayton peace agreement, which had ended the Bosnian war. U.S. officials learned that local newscasters were telling protesters when and where to gather and even instructing them to throw rocks at NATO soldiers. It turned out that 85 percent of Serbs got their television broadcasts from just five transmission towers. U.S. officials, working with the NATO-led stabilization force, or SFOR, installed devices on those five transmitters that allowed SFOR engineers to turn them on and off remotely. Whenever a newscaster began urging people to protest, the engineers shut off the transmitters.

American officials also enlisted the help of Hollywood producers, persuading them to supply programming to a U.S. -aligned Serbian station. During major anti-NATO protests, Serbians would turn on the television to find the channel playing episodes of Baywatch . Kaplan asserts, "Many Serbs, who might otherwise have hit the streets to make trouble , stayed in to watch young women cavorting in bikinis."

Around a decade later, the United States set up what Kaplan calls a "mini -NSA" in Iraq. Kaplan describes how NSA teams in the Middle East intercepted insurgents' e-mails and shut down many of their servers with malware. In other cases, they sent insurgents deceptive e-mails directing them to places where U.S. Special Forces would be waiting to kill them. "In 2007 alone, these sorts of operations . . . killed nearly four thousand Iraqi insurgents," Kaplan writes.

The United States will likely not win social media wars against countries such as China or Russia.

The United States' most ambitious cyberattack began in 2006, when it teamed up with Israel to sabotage the Iranian nuclear program. The collab oration, dubbed Operation Olympic Games, targeted Iran's Natanz reactor, which relied on remote computer controls . Malware designed by American pro grammers took over the reactor's valve pumps, allowing NSA operatives to remotely increase the flow of uranium gas into the centrifuges, which eventually burst. By early 2010, the operation had destroyed almost a quarter of Iran's 8,700 centrifuges.

For years, the Iranians failed to detect the intrusion and must have wondered if the malfunctions were their own fault. In that sense, Kaplan writes, "Operation Olympic Games was a classic campaign of information warfare : the target wasn't just the Iranians' nuclear program but also the Iranians' confidence-in their sensors, their equipment, and themselves." The Iranians and the wider public might never have learned about the virus, now widely known as Stuxnet, if it had not accidentally spread from the computers in Natanz to machines in other parts of the world, where private-sector security researchers ultimately discovered it.

With Olympic Games, the United States "crossed the Rubicon," in the words of the former CIA director Michael Hayden. Stuxnet was the first major piece of malware to do more than harm other computers and actually cause physical destruction. The irony was rich, as Kaplan notes: "For more than a decade, dozens of panels and commissions had warned that America's critical infrastructure was vulnerable to a cyber attack-and now America was launching the first cyber attack on another nation's critical infrastructure."

Of course, cyberattackers have often targeted the United States. In 2014 alone, Kaplan reports, the country suffered more than 80,000 cybersecurity breaches, more than 2,000 of which led to data losses. He also points out that until recently, U.S. policymakers worried less about Russia than China, which was "engaging not just in espionage and battlefield preparation, but also in the theft of trade secrets, intellectual property, and cash."

China and Russia are not the only players. Iran and North Korea have also attacked the United States. In 2014, the businessman Sheldon Adelson criticized Iran, which responded by hacking into the servers of Adelson's Las Vegas Sands Corporation, doing $40 million worth of damage. That same year, hackers calling themselves the Guardians of Peace broke into Sony's network. They destroyed thousands of computers and hundreds of servers, exposed tens of thousands of Social Security numbers, and released embarrassing personal e-mails pilfered from the accounts of Sony executives. U.S. government officials blamed the North Korean government for the attack . Sony Pictures was about to release The Interview , a silly comedy about a plot to assassinate the North Korean ruler Kim Jong Un. As opening day neared, the hackers threatened theaters with retaliation if they screened the movie. When Sony canceled the release, the threats stopped.

EVERYBODY HACKS

The Hacked World Order covers some of the same ground as Dark Territory , although with a slightly wider lens. In addition to discussing cyberattacks and surveillance, Segal, a fellow at the Council on Foreign Relations, details how the United States and other countries use social media for political ends. Russia, for example, tries to shape online discourse by spreading false news and deploying trolls to post offensive or distracting comments. The Russian government has reportedly hired English speakers to praise President Vladimir Putin on the websites of foreign news outlets. The goal is not necessarily to endear Americans to Putin, Segal explains . Rather, it sows confusion online to "make reasonable, rational conversation impossible." Chinese Internet commenters also try to muddy the waters of online discussion. Segal claims that the Chinese government pays an estimated 250,000–300,000 people to support the official Communist Party agenda online.

The public understands cyberthreats far less well than it does the threat of nuclear weapons.

Segal suggests that the United States will likely not win social media wars against countries such as China or Russia . U.S. State Department officials identify themselves on Facebook and Twitter, react slowly to news, and offer factual, rule-based commentary. Unfortunately, as Segal notes, "content that is shocking , conspiratorial, or false often crowds out the reasonable, rational, and measured."

Social media battles also play out in the Middle East. In 2012, the Israel Defense Forces and Hamas fought a war for public opinion using Facebook, Twitter, Google, Pinterest, and Tumblr at the same time as the two were exchanging physical fire. The Islamic State (also known as ISIS) has launched digital campaigns that incorporate, in Segal's words, "brutality and barbarism, packaged with sophisticated production techniques ." The United States has tried to fight back by sharing negative stories about ISIS and, in 2014, even created a video, using footage released by the group , that featured severed heads and cruci fixions. The video went viral, but analysts inside and outside the U.S. government criticized it for embracing extremist tactics similar to ISIS' own. Moreover, as Segal notes, it seems to have failed to deter ISIS' supporters.

Part of what makes the cyber-era so challenging for governments is that conflict isn't limited to states. Many actors, including individuals and small groups, can carry out attacks. In 2011, for example, the hacker collective Anon ymous took down Sony's PlayStation Network, costing the company $171 million in repairs. Individuals can also disrupt traditional diplomacy, as when WikiLeaks released thousands of State Department cables in 2010, revealing U.S. diplomats' candid and sometimes embarrassing assessments of their foreign counterparts.

Segal is at his best in his discussion of China's cyberstrategy, on which he has considerable expertise. Americans tend to see themselves as a target of Chinese hackers-and indeed they are. The problem is that China also sees itself as a victim and the United States as hypocritical. In June 2013, U.S. President Barack Obama warned Chinese President Xi Jinping that Chinese hacking could damage the U.S.-Chinese relationship. Later that month, journalists published documents provided by Edward Snowden, an NSA contractor, showing that the NSA had hacked Chinese universities and telecommunications companies. It didn't take long for Chinese state media to brand the United States as "the real hacking empire."

The U.S.-Chinese relationship also suffers from a more fundamental disagreement. U.S. policymakers seem to believe that it's acceptable to spy for political and military purposes but that China's theft of intellectual property crosses a line. The United States might spy on companies and trade negotiators all over the world, but it does so to protect its national interests, not to benefit specific U.S. companies. The Chinese don't see this distinction. As Segal explains:

Many states, especially those like China that have developed a form of state capitalism at home, do not see a difference between public and private actors. Chinese firms are part of an effort to modernize the country and build comprehensive power, no matter whether they are private or state owned. Stealing for their benefit is for the benefit of the nation.

The intense secrecy surrounding cyberwarfare makes deciding what kinds of hacking are acceptable and what behavior crosses the line even harder. The Snowden revelations may have alerted Americans to the extent of U.S. government surveillance, but the public still remains largely in the dark about digital conflict. Yet Americans have a lot at stake. The United States may be the world's strongest cyberpower, but it is also the most vulnerable. Segal writes:

The United States is . . . more exposed than any other country. Smart cities, the Internet of Things, and self-driving cars may open up vast new economic opportunities as well as new targets for destructive attacks. Cyberattacks could disrupt and degrade the American way of war, heavily dependent as it is on sensors, computers, command and control, and information dominance.

Putin and Defence Minister Sergei Ivanov visit the new GRU military intelligence headquarters building in Moscow, November 2006.

Putin and Defence Minister Sergei Ivanov visit the new GRU military intelligence headquarters building in Moscow, November 2006.

FOREWARNED IS FOREARMED

Neither Kaplan nor Segal offers easy solutions to these challenges. Kaplan argues that the cyber-era is much murkier than the era of the Cold War. Officials find it difficult to trace attack ers quickly and reliably, increasing the chances that the targeted country will make an error. The U.S. government and U.S. firms face cyberattacks every day, and there is no clear line between those that are merely a nuisance and those that pose a serious threat. The public also understands cyberthreats far less well than it does the threat of nuclear weapons. Much of the informa tion is classified, inhibiting public discus sion, Kaplan notes. He concludes that "we are all wandering in dark territory."

The public understands cyberthreats far less well than it does the threat of nuclear weapons.

Segal's conclusions are somewhat more prescriptive. The United States must support research and technological innovation, for example, and not just by providing more federal funding. Segal recommends that the United States replace its federal research plan with a public-private partnership to bring in academic and commercial expertise. Government and private companies need to share more information, and companies need to talk more openly with one another about digital threats. The United States should also "develop a code of conduct that draws a clear line between its friends and allies and its potential adversaries." This would include limiting cyberattacks to military actions and narrowly targeted covert operations, following international law, rarely spying on friends, and working to strengthen international norms against economic espionage. If the United States is attacked, it should not necessarily launch a counterattack, Segal argues; rather, it should explore using sanctions or other tools. This was apparently the path that Obama took after the attack on the DNC, when the United States punished Moscow by imposing fresh sanctions and expelling 35 suspected Russian spies.

It's likely only a matter of time before the Trump administration faces a major cyberattack. When that happens, the government will need to react calmly, without jumping to conclusions. Failure to do so could have dire consequences. "The United States, Russia, and China are unlikely to launch destructive attacks against each other unless they are already engaged in military conflict or perceive core interests as being threatened," Segal writes. "The greatest risks are misperception, miscalculation, and escalation."

Those risks now seem greater than ever. Some experts have argued that Obama's response to the Russian cyberattacks in 2016 did not do enough to deter future attackers. But if Obama underreacted, the United States may now face the opposite problem. Trump has proved willing to make bold, some times unsubstantiated accusations. This behavior is dangerous in any conflict, but in the fog of cyberwar, it could spell catastrophe.

Is there anything the American public can do to prevent this? All over the country, people have been trying to check Trump's worst impulses by protesting, appealing to members of Congress, or simply demanding more information. Policy about cyberspace generally doesn't draw the same level of public engagement, in part due to a lack of knowledge. Cyberbattles can seem confusing, technical, and shrouded in secrecy, perhaps better left to the experts. But cybersecurity is everyone's problem now. The American public should inform itself, and these two books are a good place to start. If Washington inadvertently led the United States into a major cyberwar, Americans would have the most to lose.

[Jan 18, 2017] Mainstream Media's Russian Bogeymen

Jan 18, 2017 | original.antiwar.com

The mainstream hysteria over Russia has led to dubious or downright false stories that have deepened the New Cold War

by Gareth Porter , January 16, 2017 Print This | Share This In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure.

DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity Department by sending the utility's managers misleading and alarming information, then leaked a story they certainly knew to be false and continued to put out a misleading line to the media.

Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011.

The story of how DHS twice circulated false stories of Russian efforts to sabotage US "critical infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage of every major political development to advance its own interests, with scant regard for the truth.

The DHS had carried out a major public campaign to focus on an alleged Russian threat to US power infrastructure in early 2016. The campaign took advantage of a US accusation of a Russian cyber-attack against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major functions - guarding against cyber-attacks on America's infrastructure.

Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack."

That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012.

Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE."

The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been used by Russian intelligence agencies to affect the election were a direct threat to them as well. However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients.

"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives."

Lee and his staff found only two of a long list of malware files that could be linked to Russian hackers without more specific data about timing. Similarly a large proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.

The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private.

Lee said the DHS staff that worked on the technical information in the report is highly competent, but the document was rendered useless when officials classified and deleted some key parts of the report and added other material that shouldn't have been in it. He believes the DHS issued the report "for a political purpose," which was to "show that the DHS is protecting you."

Planting the Story, Keeping it Alive

Upon receiving the DHS-FBI report the Burlington Electric Company network security team immediately ran searches of its computer logs using the lists of IP addresses it had been provided. When one of IP addresses cited in the report as an indicator of Russian hacking was found on the logs, the utility immediately called DHS to inform it as it had been instructed to do by DHS.

In fact, the IP address on the Burlington Electric Company's computer was simply the Yahoo e-mail server, according to Lee, so it could not have been a legitimate indicator of an attempted cyber-intrusion. That should have been the end of the story. But the utility did not track down the IP address before reporting it to DHS. It did, however, expect DHS to treat the matter confidentially until it had thoroughly investigated and resolved the issue.

"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to keep their mouth shut."

Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say."

DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."

The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed.

The day after the story was published, the DHS leadership continued to imply, without saying so explicitly, that the Burlington utility had been hacked by Russians. Assistant Secretary for Pubic Affairs J. Todd Breasseale gave CNN a statement that the "indicators" from the malicious software found on the computer at Burlington Electric were a "match" for those on the DNC computers.

As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud server and therefore not an indicator that the same team that allegedly hacked the DNC had gotten into the Burlington utility's laptop. DHS also learned from the utility that the laptop in question had been infected by malware called "neutrino," which had never been used in "GRIZZLY STEPPE."

Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'"

Original DHS False Hacking Story

The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication.

Like the Burlington fiasco, the false report was preceded by a DHS claim that US infrastructure systems were already under attack. In October 2011, acting DHS deputy undersecretary Greg Schaffer was quoted by The Washington Post as warning that "our adversaries" are "knocking on the doors of these systems." And Schaffer added, "In some cases, there have been intrusions." He did not specify when, where or by whom, and no such prior intrusions have ever been documented.

On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water district near Springfield, Illinois, burned out after sputtering several times in previous months. The repair team brought in to fix it found a Russian IP address on its log from five months earlier. That IP address was actually from a cell phone call from the contractor who had set up the control system for the pump and who was vacationing in Russia with his family, so his name was in the log by the address.

Without investigating the IP address itself, the utility reported the IP address and the breakdown of the water pump to the Environmental Protection Agency, which in turn passed it on to the Illinois Statewide Terrorism and Intelligence Center, also called a fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies.

On Nov. 10 – just two days after the initial report to EPA – the fusion center produced a report titled "Public Water District Cyber Intrusion" suggesting a Russian hacker had stolen the identity of someone authorized to use the computer and had hacked into the control system causing the water pump to fail.

The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack.

The fusion center "intelligence report," circulated by DHS Office of Intelligence and Research, was picked up by a cyber-security blogger, who called The Washington Post and read the item to a reporter. Thus the Post published the first sensational story of a Russian hack into a US infrastructure on Nov. 18, 2011.

After the real story came out, DHS disclaimed responsibility for the report, saying that it was the fusion center's responsibility. But a Senate subcommittee investigation revealed in a report a year later that even after the initial report had been discredited, DHS had not issued any retraction or correction to the report, nor had it notified the recipients about the truth.

DHS officials responsible for the false report told Senate investigators such reports weren't intended to be "finished intelligence," implying that the bar for accuracy of the information didn't have to be very high. They even claimed that report was a "success" because it had done what "what it's supposed to do – generate interest."

Both the Burlington and Curran-Gardner episodes underline a central reality of the political game of national security in the New Cold War era: major bureaucratic players like DHS have a huge political stake in public perceptions of a Russian threat, and whenever the opportunity arises to do so, they will exploit it.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com .

Reprinted from Consortium News with the author's permission.

Read more by Gareth Porter

[Jan 16, 2017] Mainstream Medias Russian Bogeymen by Gareth Porter

DHS security honchos want to justify their existence. There is not greater danger to national security then careerists in position of security professionals. Lying and exaggerating the treats to get this dollars is is what many security professionals do for living. They are essentially charlatans.
Notable quotes:
"... In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure. ..."
"... Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011. ..."
"... Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack." ..."
"... That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012. ..."
"... Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE." ..."
"... according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients. ..."
"... "Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives." ..."
"... The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private. ..."
"... Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say." ..."
"... DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability." ..."
"... The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed. ..."
"... Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'" ..."
"... The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication. ..."
"... The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack. ..."
Jan 16, 2017 | original.antiwar.com

The mainstream hysteria over Russia has led to dubious or downright false stories that have deepened the New Cold War

In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure.

DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity Department by sending the utility's managers misleading and alarming information, then leaked a story they certainly knew to be false and continued to put out a misleading line to the media.

Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011.

The story of how DHS twice circulated false stories of Russian efforts to sabotage US "critical infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage of every major political development to advance its own interests, with scant regard for the truth.

The DHS had carried out a major public campaign to focus on an alleged Russian threat to US power infrastructure in early 2016. The campaign took advantage of a US accusation of a Russian cyber-attack against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major functions - guarding against cyber-attacks on America's infrastructure.

Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack."

That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012.

Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE."

The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been used by Russian intelligence agencies to affect the election were a direct threat to them as well. However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients.

"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives."

Lee and his staff found only two of a long list of malware files that could be linked to Russian hackers without more specific data about timing. Similarly a large proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.

The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private.

Lee said the DHS staff that worked on the technical information in the report is highly competent, but the document was rendered useless when officials classified and deleted some key parts of the report and added other material that shouldn't have been in it. He believes the DHS issued the report "for a political purpose," which was to "show that the DHS is protecting you."

Planting the Story, Keeping it Alive

Upon receiving the DHS-FBI report the Burlington Electric Company network security team immediately ran searches of its computer logs using the lists of IP addresses it had been provided. When one of IP addresses cited in the report as an indicator of Russian hacking was found on the logs, the utility immediately called DHS to inform it as it had been instructed to do by DHS.

In fact, the IP address on the Burlington Electric Company's computer was simply the Yahoo e-mail server, according to Lee, so it could not have been a legitimate indicator of an attempted cyber-intrusion. That should have been the end of the story. But the utility did not track down the IP address before reporting it to DHS. It did, however, expect DHS to treat the matter confidentially until it had thoroughly investigated and resolved the issue.

"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to keep their mouth shut."

Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say."

DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."

The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed.

The day after the story was published, the DHS leadership continued to imply, without saying so explicitly, that the Burlington utility had been hacked by Russians. Assistant Secretary for Pubic Affairs J. Todd Breasseale gave CNN a statement that the "indicators" from the malicious software found on the computer at Burlington Electric were a "match" for those on the DNC computers.

As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud server and therefore not an indicator that the same team that allegedly hacked the DNC had gotten into the Burlington utility's laptop. DHS also learned from the utility that the laptop in question had been infected by malware called "neutrino," which had never been used in "GRIZZLY STEPPE."

Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'"

Original DHS False Hacking Story

The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication.

Like the Burlington fiasco, the false report was preceded by a DHS claim that US infrastructure systems were already under attack. In October 2011, acting DHS deputy undersecretary Greg Schaffer was quoted by The Washington Post as warning that "our adversaries" are "knocking on the doors of these systems." And Schaffer added, "In some cases, there have been intrusions." He did not specify when, where or by whom, and no such prior intrusions have ever been documented.

On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water district near Springfield, Illinois, burned out after sputtering several times in previous months. The repair team brought in to fix it found a Russian IP address on its log from five months earlier. That IP address was actually from a cell phone call from the contractor who had set up the control system for the pump and who was vacationing in Russia with his family, so his name was in the log by the address.

Without investigating the IP address itself, the utility reported the IP address and the breakdown of the water pump to the Environmental Protection Agency, which in turn passed it on to the Illinois Statewide Terrorism and Intelligence Center, also called a fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies.

On Nov. 10 – just two days after the initial report to EPA – the fusion center produced a report titled "Public Water District Cyber Intrusion" suggesting a Russian hacker had stolen the identity of someone authorized to use the computer and had hacked into the control system causing the water pump to fail.

The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack.

The fusion center "intelligence report," circulated by DHS Office of Intelligence and Research, was picked up by a cyber-security blogger, who called The Washington Post and read the item to a reporter. Thus the Post published the first sensational story of a Russian hack into a US infrastructure on Nov. 18, 2011.

After the real story came out, DHS disclaimed responsibility for the report, saying that it was the fusion center's responsibility. But a Senate subcommittee investigation revealed in a report a year later that even after the initial report had been discredited, DHS had not issued any retraction or correction to the report, nor had it notified the recipients about the truth.

DHS officials responsible for the false report told Senate investigators such reports weren't intended to be "finished intelligence," implying that the bar for accuracy of the information didn't have to be very high. They even claimed that report was a "success" because it had done what "what it's supposed to do – generate interest."

Both the Burlington and Curran-Gardner episodes underline a central reality of the political game of national security in the New Cold War era: major bureaucratic players like DHS have a huge political stake in public perceptions of a Russian threat, and whenever the opportunity arises to do so, they will exploit it.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com .

Reprinted from Consortium News with the author's permission.

[Jan 13, 2017] Mystery Hackers Blow Up Secret NSA Hacking Tools in 'Final F--k You'

Notable quotes:
"... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors... ..."
Jan 13, 2017 | www.thedailybeast.com
by Kevin Poulsen

"A mysterious hacking group has been bedeviling the U.S. intelligence community for months, releasing a tranche of secret National Security Agency hacking tools to the public while offering to sell even more for the right price. Now with barely a week to go before Donald Trump's inauguration, the self-styled "Shadow Brokers" on Thursday announced that they were packing it in.

"So long, farewell peoples. TheShadowBrokers is going dark, making exit," the group wrote on its darknet site... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors...

... ... ...

The Shadow Brokers emerged in August with the announcement that they'd stolen the hacking tools used by a sophisticated computer-intrusion operation known as the Equation Group, and were putting them up for sale to the highest bidder. It was a remarkable claim, because the Equation Group is generally understood to be part of the NSA's elite Tailored Access Operations program and is virtually never detected, much less penetrated.

... ... ...

Released along with the announcement was a huge cache of specialized malware, including dozens of backdoor programs and 10 exploits, two of them targeting previously unknown security holes in Cisco routers-a basic building block of the internet. While Cisco and other companies scrambled for a fix, security experts pored over the Shadow Brokers tranche like it was the Rosetta Stone. "It was the first time, as threat-intelligence professionals, that we've had access to what appears to be a relatively complete toolkit of a nation-state attacker," says Jake Williams, founder of Rendition Infosec. "It was excitement in some circles, dismay in other circles, and panic and a rush to patch if you're running vulnerable hardware."

[Dec 26, 2016] HP Shutting Down Default FTP, Telnet Access To Network Printers

Dec 26, 2016 | hardware.slashdot.org
(pcworld.com) 83 Posted by msmash on Tuesday December 06, 2016 @11:00AM from the business-as-usual dept. Security experts consider the aging FTP and Telnet protocols unsafe, and HP has decided to clamp down on access to networked printers through the remote-access tools . From a report on PCWorld: Some of HP's new business printers will, by default, be closed to remote access via protocols like FTP and Telnet. However, customers can activate remote printing access through those protocols if needed. "HP has started the process of closing older, less-maintained interfaces including ports, protocols and cipher suites" identified by the U.S. National Institute of Standards and Technology as less than secure, the company said in a statement. In addition, HP also announced firmware updates to existing business printers with improved password and encryption settings, so hackers can't easily break into the devices.

[Dec 26, 2016] New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 207 Posted by BeauHD on Tuesday December 06, 2016 @08:25PM from the hidden-in-plain-sight dept. An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET , this new exploit kit is named Stegano, from the word steganography , which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

[Dec 26, 2016] Backdoor Accounts Found in 80 Sony IP Security Camera Models

Dec 26, 2016 | yro.slashdot.org
(pcworld.com) 55 Posted by msmash on Wednesday December 07, 2016 @12:20PM from the security-woes dept. Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras , mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.

[Dec 26, 2016] Yahoo Fixes Flaw Allowing an Attacker To Read Any User's Emails

Dec 26, 2016 | tech.slashdot.org
(zdnet.com) 30 Posted by msmash on Thursday December 08, 2016 @11:45AM from the security-woes-and-fixes dept. Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox . From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.

[Dec 26, 2016] Zeus Variant 'Floki Bot' Targets PoS Data

Dec 26, 2016 | it.slashdot.org
(onthewire.io) 25 Posted by BeauHD on Friday December 09, 2016 @05:00AM from the out-of-the-woodwork dept. Trailrunner7 quotes a report from On the Wire: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets. Flashpoint conducted the analysis of Floki Bot with Cisco's Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge. Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate. "During our analysis of Floki Bot, Talos identified modifications that had been made to the dropper mechanism present in the leaked Zeus source code in an attempt to make Floki Bot more difficult to detect. Talos also observed the introduction of new code that allows Floki Bot to make use of the Tor network. However, this functionality does not appear to be active for the time being," Cisco's Talos team said in its analysis .

[Dec 26, 2016] 5-Year-Old Critical Linux Vulnerability Patched

Dec 26, 2016 | linux.slashdot.org
(threatpost.com) 68 Posted by EditorDavid on Saturday December 10, 2016 @12:34PM from the local-Linux-attacks dept. msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson , who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."

[Dec 26, 2016] Vulnerability Prompts Warning: Stop Using Netgear WiFi Routers

Dec 26, 2016 | mobile.slashdot.org
(securityledger.com) 147 Posted by EditorDavid on Sunday December 11, 2016 @01:34PM from the nixing-the-network dept. "By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers," warns a new vulnerability notice from Carnegie Mellon University's CERT. Slashdot reader chicksdaddy quotes Security Ledger's story about certain models of Netgear's routers: Firmware version 1.0.7.2_1.1.93 (and possibly earlier) for the R7000 and version 1.0.1.6_1.0.4 (and possibly earlier) for the R6400 are known to contain the arbitrary command injection vulnerability . CERT cited "community reports" that indicate the R8000, firmware version 1.0.3.4_1.1.2, is also vulnerable... The flaw was found in new firmware that runs the Netgear R7000 and R6400 routers. Other models and firmware versions may also be affected, including the R8000 router, CMU CERT warned.

With no work around to the flaw, CERT recommended that Netgear customers disable their wifi router until a software patch from the company that addressed the hole was available... A search of the public internet using the Shodan search engine finds around 8,000 R6450 and R7000 devices that can be reached directly from the Internet and that would be vulnerable to takeover attacks. The vast majority of those are located in the United States.
Proof-of-concept exploit code was released by a Twitter user who, according to the article, said "he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then."

[Dec 26, 2016] Malvertising Campaign Infects Your Router Instead of Your Browser

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 137 Posted by BeauHD on Wednesday December 14, 2016 @07:45PM from the connected-devices dept. An anonymous reader quotes a report from BleepingComputer: Malicious ads are serving exploit code to infect routers , instead of browsers, in order to insert ads in every site users are visiting. Unlike previous malvertising campaigns that targeted users of old Flash or Internet Explorer versions, this campaign focused on Chrome users, on both desktop and mobile devices. The malicious ads included in this malvertising campaign contain exploit code for 166 router models, which allow attackers to take over the device and insert ads on websites that didn't feature ads, or replace original ads with the attackers' own. Researchers haven't yet managed to determine an exact list of affected router models , but some of the brands targeted by the attackers include Linksys, Netgear, D-Link, Comtrend, Pirelli, and Zyxel. Because the attack is carried out via the user's browser, using strong router passwords or disabling the administration interface is not enough. The only way users can stay safe is if they update their router's firmware to the most recent versions, which most likely includes protection against the vulnerabilities used by this campaign. The "campaign" is called DNSChanger EK and works when attackers buy ads on legitimate websites and insert malicious JavaScript in these ads, "which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address," according to BleepingComputer. "Based on this local IP address, the malicious code can determine if the user is on a local network managed by a small home router, and continue the attack. If this check fails, the attackers just show a random legitimate ad and move on. For the victims the crooks deem valuable, the attack chain continues. These users receive a tainted ad which redirects them to the DNSChanger EK home, where the actual exploitation begins. The next step is for the attackers to send an image file to the user's browser, which contains an AES (encryption algorithm) key embedded inside the photo using the technique of steganography. The malicious ad uses this AES key to decrypt further traffic it receives from the DNSChanger exploit kit. Crooks encrypt their operations to avoid the prying eyes of security researchers."

[Dec 26, 2016] Newly Uncovered Site Suggests NSA Exploits For Direct Sale

Dec 26, 2016 | news.slashdot.org
(vice.com) 33 Posted by BeauHD on Wednesday December 14, 2016 @08:25PM from the buy-one-get-one dept. An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one , and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages .

[Dec 26, 2016] Netgear Releases 'Beta' Patches For Additional Routers Found With Root Vulnerability

Dec 26, 2016 | it.slashdot.org
(netgear.com) 26 Posted by EditorDavid on Saturday December 17, 2016 @10:34AM from the but-they-might-not-work dept. The Department of Homeland Security's CERT issued a warning last week that users should "strongly consider" not using some models of NetGear routers, and the list expanded this week to include 11 different models. Netgear's now updated their web page, announcing eight "beta" fixes, along with three more "production" fixes. chicksdaddy writes: The company said the new [beta] firmware has not been fully tested and " might not work for all users ." The company offered it as a "temporary solution" to address the security hole. "Netgear is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible," the company said in a post to its online knowledgebase early Tuesday.

The move follows publication of a warning from experts at Carnegie Mellon on December 9 detailing a serious "arbitrary command injection" vulnerability in the latest version of firmware used by a number of Netgear wireless routers. The security hole could allow a remote attacker to take control of the router by convincing a user to visit a malicious web site... The vulnerability was discovered by an individual...who says he contacted Netgear about the flaw four months ago , and went public with information on it after the company failed to address the issue on its own.

[Dec 26, 2016] McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise

Dec 26, 2016 | linux.slashdot.org
Posted by EditorDavid on Saturday December 17, 2016 @05:34PM from the jeopardized-in-June dept. mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note , CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8 ." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."

[Dec 26, 2016] Massive Mirai Botnet Hides Its Control Servers On Tor

Dec 26, 2016 | it.slashdot.org
Posted by EditorDavid on Saturday December 17, 2016 @06:34PM from the catch-me-if-you-can dept. "Following a failed takedown attempt, changes made to the Mirai malware variant responsible for building one of today's biggest botnets of IoT devices will make it incredibly harder for authorities and security firms to shut it down," reports Bleeping Computer. An anonymous reader writes: Level3 and others" have been very close to taking down one of the biggest Mirai botnets around, the same one that attempted to knock the Internet offline in Liberia , and also hijacked 900,000 routers from German ISP Deutsche Telekom .The botnet narrowly escaped due to the fact that its maintainer, a hacker known as BestBuy, had implemented a domain-generation algorithm to generate random domain names where he hosted his servers.

Currently, to avoid further takedown attempts from similar security firms, BestBuy has started moving the botnet's command and control servers to Tor . "It's all good now. We don't need to pay thousands to ISPs and hosting. All we need is one strong server," the hacker said. "Try to shut down .onion 'domains' over Tor," he boasted, knowing that nobody can.

[Dec 26, 2016] LinkedIn Warns 9.5 Million Lynda Users About Database Breach

Dec 26, 2016 | yro.slashdot.org
(neowin.net) 35 Posted by EditorDavid on Sunday December 18, 2016 @02:34PM from the profile-views dept. Less than four weeks after Microsoft formally acquired LinkedIn for $26 billion , there's been a database breach. An anonymous reader writes: LinkedIn is sending emails to 9.5 million users of Lynda.com, its online learning subsidiary, warning the users of a database breach by "an unauthorized third party" . The affected database included contact information for at least some of the users. An email to customers says "while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure." Ironically, the breach comes less than a month after Russia blocked access to LinkedIn over privacy concerns .
LinkedIn has also reset the passwords for 55,000 Lynda.com accounts (though apparently many of its users don't have accounts with passwords).

[Dec 26, 2016] The FBI Is Arresting People Who Rent DDoS Botnets

Dec 26, 2016 | yro.slashdot.org
(bleepingcomputer.com) 211 Posted by EditorDavid on Sunday December 18, 2016 @04:44PM from the denial-of-liberty-counterattack dept. This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes: Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."

"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit ," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.

[Dec 26, 2016] Russians Used Malware On Android Devices To Track and Target Ukraine Artillery, Says Report

Dec 26, 2016 | yro.slashdot.org
(reuters.com) 101 Posted by BeauHD on Thursday December 22, 2016 @06:25PM from the come-out-come-out-wherever-you-are dept. schwit1 quotes a report from Reuters: A hacking group linked to the Russian government and high-profile cyber attacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a new report released Thursday. The malware was able to retrieve communications and some locational data from infected devices, intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine, the report from cyber security firm CrowdStrike found. The hacking group, known commonly as Fancy Bear or APT 28, is believed by U.S. intelligence officials to work primarily on behalf of the GRU, Russia's military intelligence agency. The implant leveraged a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly, CrowdStrike said. Its deployment "extends Russian cyber capabilities to the front lines of the battlefield," the report said, and "could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information."

[Dec 26, 2016] Security Researchers Can Turn Headphones Into Microphones

Dec 26, 2016 | news.slashdot.org
(techcrunch.com) 122 Posted by BeauHD on Thursday November 24, 2016 @08:00AM from the proof-of-concept dept. As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called " Speake(a)r ," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

[Dec 26, 2016] Personal Data For More Than 130,000 Sailors Hacked: U.S. Navy

Dec 26, 2016 | news.slashdot.org
(reuters.com) 57 Posted by msmash on Thursday November 24, 2016 @10:04AM from the security-woes dept. Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy has said . According to Reuters: It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said. "The Navy takes this incident extremely seriously - this is a matter of trust for our sailors," Chief of Naval Personnel Vice Admiral Robert Burke said in a statement.

[Dec 26, 2016] Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability

Dec 26, 2016 | developers.slashdot.org
(arstechnica.com) 30 Posted by BeauHD on Tuesday November 29, 2016 @09:05PM from the thank-God-for-backups dept. An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server . That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs , an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba , within multiple organizations' networks.

[Dec 26, 2016] Russia Says Foreign Spies Plan Cyber Attack On Banking System

Dec 26, 2016 | it.slashdot.org
(reuters.com) 88 Posted by msmash on Friday December 02, 2016 @12:20PM from the hmmm dept. Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust . From a report on Reuters: Russia's domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast. The attack, which was to target major national and provincial banks in several Russian cities, was meant to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber attack would be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature regarding a crisis in the Russian banking system, bankruptcies and license withdrawals," it said. "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."

[Dec 17, 2016] Yahoo's Hack Could Force Paying $145 Million Verizon Break-up Fee - Breitbart

Notable quotes:
"... potential material adverse event ..."
"... exploring a price cut or possible exit ..."
"... Net Neutrality . ..."
"... These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services ..."
"... communicated with a total of 51 parties to evaluate their interest in a potential transaction ..."
"... 32 parties signed confidentiality agreements with Yahoo ..."
"... Payment card data and bank account information are not stored in the system the company believes was affected ..."
Dec 17, 2016 | www.breitbart.com
Given that the Donald Trump victory already made Yahoo less attractive for Verizon, the latest billion-account-hack at Yahoo could let Verizon dump their buy-out and still collect a $145 million break-up fee .

Yahoo's stock plunged over 6 percent after the company admitted its customer data had been hacked again, with at least 1 billion accounts exposed in 2014. The horribly bad news for Yahoo followed an equally bad news report in September that 500 million e-mail account were hacked in 2013. Yahoo unfortunately now has the distinction of suffering both of the history's largest client hacks.

SIGN UP FOR OUR NEWSLETTER

Verizon's top lawyer told reporters after the first Yahoo hack that the disclosure constituted a " potential material adverse event " that would allow for the mobile powerhouse to pull out of the $4.83 billion deal they announced on July 25, 2016.

Less than 24 hours after Yahoo disclosed the even larger hack of client accounts by a "state-sponsored actor," Bloomberg reported that Verizon is " exploring a price cut or possible exit " from its proposed Yahoo acquisition.

Breitbart reported that Google and other Silicon Valley companies were huge corporate winners when Chairman Tom Wheeler and the other two Democrat political appointees on the FCC voted on a party-line vote in mid-February 2015 for a new regulatory structure called ' Net Neutrality . ' Although Wheeler claimed, " These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services ," they were a huge economic disaster for Verizon's high-speed broadband business model.

Verizon responded last year by paying $4.4 billion to buy AOL in order to pick up popular news sites, large advertising business, and more than 2 million Internet dial-up subscribers. Buying Yahoo was expected to give the former telephone company to achieve "scale" by controlling a second web content pioneer.

After President and CEO Marissa Mayer began organizing an auction in March, Yahoo stock doubled from $26 a share to $51 by September. But she announced on Wednesday the new hack, Yahoo's stock has been plunging to $38.40 in after-market trading.

The buyer normally has to pay a break-up fee if an acquisition fails. But Yahoo chose to run its own auction that " communicated with a total of 51 parties to evaluate their interest in a potential transaction ." Then between February and April 2016, a "short list" of " 32 parties signed confidentiality agreements with Yahoo ," including 10 strategic parties and 22 financial sponsors.

Yahoo's 13D proxy statement filed with the SEC was mostly boilerplate disclosure, but it seemed that something must have been a potential problem at Yahoo for the company to offer a $145 million termination fee to Verizon if the deal did not close.

Yahoo on Wednesday issued a statement saying personal information from more than a billion user accounts was stolen in 2014. The news followed the company's announcement in September that hackers had stolen personal data from at least half a billion accounts in 2013. Yahoo said it believes the two thefts were by different parties.

Yahoo admitted that both hacks were so extensive that they included users' names, email addresses, phone numbers, dates of birth, scrambled passwords and security questions and answers. But Yahoo stated, " Payment card data and bank account information are not stored in the system the company believes was affected ."

Yahoo said they have invalidated unencrypted security questions and answers in user accounts. They are in the process of notifying potentially affected users and is requiring them to change their passwords.

Yahoo was already facing nearly two dozen class-action lawsuits over the first breach and the company's failure to report it on a timely basis. A federal 3 judge panel last week consolidated 5 of the suits into a mass tort in the San Jose U.S. District Court.

Undoubtedly, there will be a huge number of user lawsuits filed against Yahoo in the next few weeks.

[Dec 15, 2016] Georgia asks Trump to investigate DHS cyberattacks

Dec 15, 2016 | marknesop.wordpress.com
Pavlo Svolochenko , December 14, 2016 at 2:43 pm
Georgia asks Trump to investigate DHS 'cyberattacks'

If you want to know what Washington is doing at any given time, just look at what they're accusing the competition of.

yalensis , December 14, 2016 at 5:05 pm
As the Worm Turns!
For all those Amurican rubes out there who beleived that Homeland Security was protecting them against foreign terrorists – ha hahahahahaha!

[Dec 14, 2016] Yahoo discovers hack affecting 1 billion users, breaking its own world record

www.dailynews.com
Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company's own humiliating record for the biggest security breach in history.

The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months ago . That breach affected at least 500 million users, which had been the most far-reaching hack until the latest revelation.

Yahoo has more than a billion monthly active users, although some have multiple accounts and others have none at all. An unknown number of accounts were affected by both hacks.

In both attacks, the stolen information included names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

[Nov 18, 2016] Physical access is not equal to game over

Notable quotes:
"... What if the disk is passworded? What about that not all systems are exclusively for business/corporate use (see also BYOD) and therefore may be tuned to varying security postures owing to other factors? ..."
"... Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over. One used to could safely leave someone alone with their computer while one went to the kitchen for a glass of water. Now this tooling has made the time and experience components a bit less relevant to successful, quick pwnage with few or no tracks. Neato! ..."
www.nakedcapitalism.com
LarryB November 17, 2016 at 2:59 pm

The "Poison Tap" is not really that big of deal. It's usually trivially easy to break into any computer that you can physically access. You can boot from a CD or USB drive, for instance, or even just steal the hard drive. Security on USB needs to be improved, but this is not even close to being the end of the world.

Knifecatcher November 17, 2016 at 4:07 pm

+1. If someone has direct physical access to your device – PC or smartphone – you're pretty much hosed.

Daryl November 17, 2016 at 6:30 pm

Yep. Physical access is root access.

River November 17, 2016 at 7:35 pm

If you have the time with the physical machine anyway.

I could see kids having fun with this though. Going into a box store that has computers on display, getting access (even better if they have a web cam on it). Upload porn or shocking material and showing the customers and watching/recording the reactions and putting it on youtube.

Or more nefarious, the same thing but for casing a store (limited vantage from the web cam .but may better than nothing).

Etc. lots you could do and more importantly not a lot of skill required. Lower bar for entry for hacking mischief and a low cost.

hunkerdown November 17, 2016 at 7:51 pm

LarryB, and how long will that take you? And will you have the computer back together by the time they see you? And will logs suggest anything funny happened around that time? What if the disk is passworded? What about that not all systems are exclusively for business/corporate use (see also BYOD) and therefore may be tuned to varying security postures owing to other factors?

Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over. One used to could safely leave someone alone with their computer while one went to the kitchen for a glass of water. Now this tooling has made the time and experience components a bit less relevant to successful, quick pwnage with few or no tracks. Neato!

[Nov 06, 2016] Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive specialists have hacked into Russias power grids, telecommunications networks, and the Kremlins command systems for a possible sabotage

Nov 06, 2016 | www.moonofalabama.org

Molin | Nov 5, 2016 7:21:49 AM | 52

Obama hack Russia openly,

"Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive specialists have hacked into Russia's power grids, telecommunications networks, and the Kremlin's command systems for a possible sabotage."

https://www.rt.com/news/365423-russia-us-hacker-grid/

[Oct 30, 2016] Speaking also of Pedesta email it is interesting that it was Podesta who make mistake of assessing phishing email link, probably accidentally

turcopolier.typepad.com

mistah charley, ph.d. said... 30 October 2016 at 09:13 AM

Speaking also of Podesta's email, not Huma's, the following is interesting:

http://www.cnn.com/2016/10/28/politics/phishing-email-hack-john-podesta-hillary-clinton-wikileaks/index.html

Briefly, it seems Podesta received an email "You need to change your password", asked for professional advice from his staff if it was legit, was told "Yes, you DO need to change your password", but then clicked on the link in the original email, which was sent him with malicious intent, as he suspected at first and then was inappropriately reassured about - rather than on the link sent him by the IT staffer.

Result - the "phishing" email got his password info, and the world now gets to see all his emails.

Personally, my hope is that Huma and HRC will be pardoned for all their crimes, by Obama, before he leaves office.

Then I hope that Huma's divorce will go through, and that once Hillary is sworn in she will at last be courageous enough to divorce Bill (who actually performed the Huma-Anthony Weiner nuptials - you don't have to make these things up).

Then it could happen that the first same-sex marriage will be performed in the White House, probably by the minister of DC's Foundry United Methodist Church, which has a policy of LBGQT equality. Or maybe Hillary, cautious and middle-of-the-road as usual, will go to Foundry UMC sanctuary for the ceremony, recognizing that some Americans' sensibilities would be offended by having the rite in the White House.

As Nobel Laureate Bob Dylan wrote, "Love is all there is, it makes the world go round, love and only love, it can't be denied. No matter what you think about it, you just can't live without it, take a tip from one who's tried."

[Oct 29, 2016] A recent linguistic analysis cited in the New York Times speculates without any real trace of evidence that the hackers language in threats against Sony was written by a native Russian speaker and not a native Korean speaker

Notable quotes:
"... An important thing about that Time article regarding the Sony Hack is that it is almost two years old. Important because I'm still having to tell people that despite what the President and the government said North Korea didn't hack Sony because of a really bad movie, but that insiders did it for reasons that were never part of the media blitz about it. And believe me, considering that Clinton is lying through her teeth beyond even the government about this, I point this out a lot. ..."
"... Something that jumped out at me in December 2014 was a blog post by David E Martin. His blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted the planned story line. It was amazing to read that the whole plot had actually been presented to Congress years before. ..."
"... I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic false flag event, as that is why he wrote his book "Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also discussed it in person.) ..."
"... Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything at all in the history of the entire world that the Russians aren't responsible for? ..."
www.nakedcapitalism.com
Pat October 26, 2016 at 2:21 pm

An important thing about that Time article regarding the Sony Hack is that it is almost two years old. Important because I'm still having to tell people that despite what the President and the government said North Korea didn't hack Sony because of a really bad movie, but that insiders did it for reasons that were never part of the media blitz about it. And believe me, considering that Clinton is lying through her teeth beyond even the government about this, I point this out a lot.

TheCatSaid October 26, 2016 at 8:32 pm

Something that jumped out at me in December 2014 was a blog post by David E Martin. His blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted the planned story line. It was amazing to read that the whole plot had actually been presented to Congress years before.

I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic false flag event, as that is why he wrote his book "Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also discussed it in person.)

Foy October 26, 2016 at 9:09 pm

I had to laugh when I read this in the article though:

"A recent linguistic analysis cited in the New York Times found that the hackers' language in threats against Sony was written by a native Russian speaker and not a native Korean speaker."

Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything at all in the history of the entire world that the Russians aren't responsible for?

[Oct 29, 2016] Phishing for Fools, Hipster Edition

Oct 29, 2016 | www.nakedcapitalism.com
allan October 28, 2016 at 10:19 pm

Phishing for Fools, Hipster Edition:

Emails show how Clinton campaign chairman apparently hacked [AP]

New evidence appears to show how hackers earlier this year stole more than 50,000 emails of Hillary Clinton's campaign chairman, an audacious electronic attack blamed on Russia's government and one that has resulted in embarrassing political disclosures about Democrats in the final weeks before the U.S. presidential election.

The hackers sent John Podesta an official-looking email on Saturday, March 19, that appeared to come from Google. It warned that someone in Ukraine had obtained Podesta's personal Gmail password and tried unsuccessfully to log in, and it directed him to a website where he should "change your password immediately."

Podesta's chief of staff, Sara Latham, forwarded the email to the operations help desk of Clinton's campaign, where staffer Charles Delavan in Brooklyn, New York, wrote back 25 minutes later, "This is a legitimate email. John needs to change his password immediately."

But the email was not authentic. …

Lambert Strether Post author October 29, 2016 at 12:49 am

And if the ploy was that low-grade, that means that the Russki superbrains in the KGB didn't have to be behind it. Dear Lord.

This really is a hubris followed by nemesis thing, isn't it? And how sad it is, how tragic, that it was Brooklyn that brought Podesta down. Somehow I think Delavan is going to have a hard time getting a job in politics again, but he did the country a great service.

TheCatSaid October 29, 2016 at 1:17 pm

Social engineering wins again. This was something I learned about long ago when Black Box Voting.org started (approx. 2004). It was one of the many vulnerabilities in various points of election systems, both with paper and paperless. Very easy to get officials to reveal passwords that allowed access–that's in addition to the corruption situations. (Or rather, the social engineering angle would be just one of the tools used by insiders.)

[Oct 28, 2016] Note on propagandists masquerading as security experts

All their arguments does not stand even entry level programmer scrutiny. Especially silly are "Russian keyboard and timestamps" argument. As if, say Israelis or, say, Estonians, or any other country with sizable Russian speaking population can't use those to direct investigation at the wrong track ;-).
If I were a Russian hacker trying to penetrate into DNC servers I would use only NSA toolkit and libraries that I can find on black market. First on all they are reasonably good. the second that help to direct people to in a wrong direction. and if knew Spanish or English or French reasonably well I would use them exclusively. If not I would pay for translation of set of variables into those languages and "forget" to delete symbol table in one of the module giving raw meat to idiots like those.
Actually you can find a lot of such people even in London, Paris, Madrid and NYC, and some of them really do not like the US neoliberal administration with its unending wars of expansion of neoliberal empire :-) But still they are considered to be "security expert". When you hear now the word "security expert", please substitute it for "security charlatan" for better comprehensions -- that's almost always the case about people posing as security experts for MSM. The only reliable exception are whistleblowers -- those people sacrifices their lucrative carriers for telling the truth, so they can usually be trusted. They might exaggerate things on the negative side, though. I personally highly respect William Binney.
The "regular" security expects especially from tiny, struggling security companies in reality they are low paid propagandists amplifying the set of prepared talking point. The arguments are usually pretty childish. BTW, after the USA/Israeli operation against Iran using Stixnet and Flame in Middle East, complex Trojans are just commonplace and are actually available to more or less qualified hacker, or even a unqualified person with some money and desire to take risks.
I especially like the phrase "beyond a reasonable doubt that the hack was in fact an operation of the Russian state." Is not this a slander, or what ? Only two cagagiry of peopel: impetcils and paid presstitutes has think about complex hacking operation origin "beyond reasonable doubt")
observer.com

Oct 28, 2016 | observer.com

Original title: 7 Reasons Security Firms Believe the Russian State Hacked the DNC

Originally from: Bloomberg

• 10/26/16 1:02pm

How do we really know that the breaches of the Democratic National Committee were conducted by organizations working on behalf of the Russian state? With the CIA considering a major counterstrike against the superpower, as NBC has reported , it's worthwhile for the public to measure how confident we can be that Putin's government actually deserves retribution.

"When you're investigating a cybersecurity breach, no one knows whether you're a Russian hacker or a Chinese hacker pretending to be a Russian hacker or even a U.S. hacker pretending to be a Chinese hacker pretending to be a Russian hacker," reporter Jordan Robertson says during the third episode of a solid new podcast from Bloomberg, called "Decrypted." In the new episode, he and fellow reporter Aki Ito break down the facts that put security experts beyond a reasonable doubt that the hack was in fact an operation of the Russian state.

Here are the key points:

From there, the podcast asks: what does this hack mean for the U.S. election. They come to basically the same conclusions that the Observer did in September : voting systems are very safe-voter rolls are less so, but nation-states probably want to discredit our system more than they want to change outcomes.

How sure can we be? Buratowski says, "Barring seeing someone at a keyboard or a confession, you're relying on that circumstantial evidence." So, we can never really know for sure. In fact, even Crowdstrike's attribution is based on prior experience, which assumes that they have attributed other hacks correctly in the past. Former congressional staffer Richard Diamond in USA Today argues that the hacks can be explained by bad passwords, but he also neglects to counter Crowdstrike's descriptions of the sophisticated code placed inside the servers. From Bloomberg's version of events, how the hackers got in was really the least interesting part of their investigation.

So what does it all mean? It's natural for political junkies to wonder if there might be further disclosures coming before Election Day, but - if this is an information operation-it might be even more disruptive to hold documents until after the election in order to throw doubt on our final choice. Either way, further disclosures will probably come.

[Oct 28, 2016] I find the whole hysteria over Russian hacking very one-sided.

Notable quotes:
"... I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself, out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird? Here is a tyrannical government with little regard for its demotivated and demoralized citizens who can not on their own displace it. This government threatens nuclear war and kills an unjustified number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere. In the past the US has set the example for dealing with such troubled states; its time the doctor took his own medicine. ..."
"... Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified in intervening in other countries' business because we see further, with a clearer gaze and a purer heart, than any other country in the world. Mired as they are in ignorance or inertia, no other country is qualified to judge us, and any mistakes that we make only occur because of the depths of our love for others and our passion for freedom. ..."
"... America has entered one of its periods of historical madness, but this the worst I can remember: worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous than the Vietnam War. ~John le Carre ..."
"... It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach to foreign affairs - with little or no push back from the national media, either party or even many citizens. Hell, they are applause lines at her rallies. ..."
"... If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't give one a little pause before advocating more of the same, then we might have a problem. ..."
"... Hillary said twice during the debates that "America is great because America is good." Translation: We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing this and our endless criminal wars. ..."
www.nakedcapitalism.com

Bjornasson October 26, 2016 at 3:20 pm

I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself, out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird? Here is a tyrannical government with little regard for its demotivated and demoralized citizens who can not on their own displace it. This government threatens nuclear war and kills an unjustified number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere. In the past the US has set the example for dealing with such troubled states; its time the doctor took his own medicine.

reslez October 26, 2016 at 5:07 pm

The "evidence" for Russian hacking is so suspect that anyone who repeats the story instantly stamps themselves as either a con or a mark. It's depressing to see media corruption so blatantly displayed. Now I know what 2003 must have felt like (I was too young to have much of an opinion back then).

Gareth October 26, 2016 at 6:21 pm

The "17 intelligence agencies" claim is complete Clinton bullshit. I'm kind of amazed that journalists are now stating this as fact. I could say I'm shocked but nothing the presstitutes do surprises me anymore. They are busy preening for their future White House access. It kind of makes me want to get drunk and vote for the orange haired guy.

Kokuanani October 26, 2016 at 6:57 pm

Just finished trying to "re-educate" my husband after he listened to [and apparently believed] a report in the CBS Evening News on the "Russian hacking of Clinton's e-mails." They reported it as complete "fact," without even a perfunctory "alleged."

Too difficult to do this correction one person at a time, while the networks have such massive reach.

Kurt Sperry October 26, 2016 at 9:42 pm

It *is* highly asymmetric warfare. And as is normal when working the insurgent side, the trick isn't to try to win by a large number of winning individual engagements, but rather of delegitimatizing the side with the resource advantage in a broader, cultural way. Delegitimize the mainstream media actively. If you win the culture war, you win the political war too just as a bonus. Tell the truth, unapologetically. That's as bad-ass as it gets.

WJ October 26, 2016 at 10:30 pm

This is sound advice. Problem is, how to delegitimate media generally? Actual insurgents avoid direct confrontations with superior occupying power and opt for a variety of other strategies of attack, including: IED's, flash attacks, suicide bombings, disruption of civilian life, etc. What are some equivalent, concrete (and legal) strategies for disrupting the order of imposed media? The use of social media seems to be one option, and maybe the most successful. Yet this tends to reach only certain segments of population who are unlikely to watch CNN or read the Post in any case. How can one harm the media powers where it hurts them most, by reaching and disrupting their actual consumers, who tend to be older, establishment-minded, white, etc…?

Kurt Sperry October 26, 2016 at 11:36 pm

How to delegitimize the media? They are doing that themselves. In spades. Listen to the people around you, they are getting wise to it. Just point it out to anyone who'll listen. It isn't the bombs and attacks that win an insurgency, none of that stuff works if the cause isn't widely understood and shared. The victory is won–to recycle a cliché–in the hearts and minds of the ordinary people. Naked Capitalism is a big ammo depot and we are the grunts and the munitions are ideas. And as I alluded to above, the power of truth. Truth will kick ass and take names if you let it.

Ulysses October 27, 2016 at 10:30 am

"Truth will kick ass and take names if you let it."

Thanks for the spirit-raising exhortation Kurt!! Many Americans are walking around with heads like over-inflated cognitive dissonance balloons. If you listen closely, you can hear these balloons popping off all the time, resulting in yet another person able to confront reality.

Massinissa October 26, 2016 at 7:26 pm

What other intelligence agencies are there than the CIA and NSA? Does anyone know the other 15, and why are these intelligence agencies never spoken of in the media except when its useful for Clinton?

xformbykr October 26, 2016 at 7:33 pm

see http://www.businessinsider.com/17-agencies-of-the-us-intelligence-community-2013-5#

JTMcPhee October 27, 2016 at 3:14 pm

Why is it called a "community?" Cabal? Coven? Hey, isn't the proper collective noun for lawyers (Clintons, Yoo, Meese, Obama, etc.) a "conspiracy?"

Bjornasson October 26, 2016 at 6:09 pm

The idea is essentially that even if the evidence did exist, it should be welcomed with the same enthusiasm that US interventions have in Syria and Libya.

dennison p nyberg October 27, 2016 at 11:24 am

truth

Tom October 26, 2016 at 5:23 pm

Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified in intervening in other countries' business because we see further, with a clearer gaze and a purer heart, than any other country in the world. Mired as they are in ignorance or inertia, no other country is qualified to judge us, and any mistakes that we make only occur because of the depths of our love for others and our passion for freedom.

abynormal October 26, 2016 at 6:26 pm

America has entered one of its periods of historical madness, but this the worst I can remember: worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous than the Vietnam War. ~John le Carre

KILLING MACHINES AND THE MADNESS OF MILITARISM
http://www.artsandopinion.com/2014_v13_n5/giroux-6.htm
by Henry Giroux

Tom October 26, 2016 at 6:48 pm

historical madness/hysterical madness … take your pick.

It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach to foreign affairs - with little or no push back from the national media, either party or even many citizens. Hell, they are applause lines at her rallies.

If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't give one a little pause before advocating more of the same, then we might have a problem.

abynormal October 26, 2016 at 7:12 pm

she's a scorned woman beginning with her father. she's passive-aggressive with women…projects her never ending insecurities. SO she has something to prove…vengeance is mine.

First, she'll drone Mercy Street(s)…

Elizabeth October 26, 2016 at 7:58 pm

Hillary said twice during the debates that "America is great because America is good." Translation: We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing this and our endless criminal wars.

Expanding Combat Zone The Dangerous New Rules of Cyberwar

NATO hot-heads are playing with fire. What if other nations attack members for Stuxnet and Flame ?..."James Lewis of the Washington-based Center for Strategic and International Studies (CSIS), one of the country's top cyberwar experts, is somewhat skeptical about the new manual. He sees it as "a push to lower the threshold for military action." For Lewis, responding to a "denial of service" attack with military means is "really crazy." He says the Tallinn manual "shows is that you should never let lawyers go off by themselves."
SPIEGEL ONLINE

Arming for Virtual Battle: The Dangerous New Rules of Cyberwar

By Thomas Darnstaedt, Marcel Rosenbach and Gregor Peter Schmitz

Capt. Carrie Kessler/ U.S. Air Force

Now that wars are also being fought on digital battlefields, experts in international law have established rules for cyberwar. But many questions remain unanswered. Will it be appropriate to respond to a cyber attack with military means in the future?

The attack came via ordinary email, when selected South Korean companies received messages supposedly containing credit card information in the middle of the week before last.

Recipients who opened the emails also opened the door to the enemy, because it was in fact an attack from the Internet. Instead of the expected credit card information, the recipients actually downloaded a time bomb onto their computers, which was programmed to ignite on Wednesday at 2 p.m. Korean time.

At that moment, chaos erupted on more than 30,000 computers in South Korean television stations and banks. The message "Please install an operating system on your hard disk" appeared on the screens of affected computers, and cash machines ceased to operate. The malware, which experts have now dubbed "DarkSeoul," deleted data from the hard disks, making it impossible to reboot the infected computers.

DarkSeoul was one of the most serious digital attacks in the world this year, but cyber defense centers in Western capitals receive alerts almost weekly. The most serious attack to date originated in the United States. In 2010, high-tech warriors, acting on orders from the US president, smuggled the destructive "Stuxnet" computer worm into Iranian nuclear facilities.

The volume of cyber attacks is only likely to grow. Military leaders in the US and its European NATO partners are outfitting new battalions for the impending data war. Meanwhile, international law experts worldwide are arguing with politicians over the nature of the new threat. Is this already war? Or are the attacks acts of sabotage and terrorism? And if a new type of war is indeed brewing, can military means be used to respond to cyber attacks?

The War of the Future

A few days before the computer disaster in Seoul, a group led by NATO published a thin, blue booklet. It provides dangerous responses to all of these questions. The "Tallinn Manual on the International Law Applicable to Cyber Warfare" is probably no thicker than the American president's thumb. It is not an official NATO document, and yet in the hands of President Barack Obama it has the potential to change the world.

The rules that influential international law experts have compiled in the handbook could blur the lines between war and peace and allow a serious data attack to rapidly escalate into a real war with bombs and missiles. Military leaders could also interpret it as an invitation to launch a preventive first strike in a cyberwar.

At the invitation of a NATO think tank in the Estonian capital Tallinn, and at a meeting presided over by a US military lawyer with ties to the Pentagon, leading international law experts had discussed the rules of the war of the future. International law is, for the most part, customary law. Experts determine what is and can be considered customary law.

The resulting document, the "Tallinn Manual," is the first informal rulebook for the war of the future. But it has no reassuring effect. On the contrary, it permits nations to respond to data attacks with the weapons of real war.

Two years ago, the Pentagon clarified where this could lead, when it stated that anyone who attempted to shut down the electric grid in the world's most powerful nation with a computer worm could expect to see a missile in response.

A Private Digital Infrastructure

The risks of a cyberwar were invoked more clearly than ever in Washington in recent weeks. In mid-March, Obama assembled 13 top US business leaders in the Situation Room in the White House basement, the most secret of all secret conference rooms. The group included the heads of UPS, JPMorgan Chase and ExxonMobil. There was only one topic: How can America win the war on the Internet?

The day before, Director of National Intelligence James Clapper had characterized the cyber threat as the "biggest peril currently facing the United States."

The White House was unwilling to reveal what exactly the business leaders and the president discussed in the Situation Room. But it was mostly about making it clear to the companies how threatened they are and strengthening their willingness to cooperate, says Rice University IT expert Christopher Bronk.

The president urgently needs their cooperation, because the US has allowed the laws of the market to govern its digital infrastructure. All networks are operated by private companies. If there is a war on the Internet, both the battlefields and the weapons will be in private hands.

This is why the White House is spending so much time and effort to prepare for possible counterattacks. The aim is to scare the country's enemies, says retired General James Cartwright, author of the Pentagon's current cyber strategy.

Responsible for that strategy is the 900-employee Cyber Command at the Pentagon, established three years ago and located in Fort Meade near the National Security Agency, the country's largest intelligence agency. General Keith Alexander heads both organizations. The Cyber Command, which is expected to have about 4,900 employees within a few years, will be divided into various defensive and offensive "Cyber Mission Forces" in the future.

Wild West Online

It's probably no coincidence that the Tallinn manual is being published now. Developed under the leadership of US military lawyer Michael Schmitt, NATO representatives describe the manual as the "most important legal document of the cyber era."

In the past, Schmitt has examined the legality of the use of top-secret nuclear weapons systems and the pros and cons of US drone attacks. Visitors to his office at the Naval War College in Rhode Island, the world's oldest naval academy, must first pass through several security checkpoints.

"Let's be honest," says Schmitt. "Everyone has treated the Internet as a sort of Wild West, a lawless zone. But international law has to be just as applicable to online weapons as conventional weapons."

It's easier said than done, though. When does malware become a weapon? When does a hacker become a warrior, and when does horseplay or espionage qualify as an "armed attack," as defined under international law? The answers to such detailed questions can spell the difference between war and peace.

James Lewis of the Washington-based Center for Strategic and International Studies (CSIS), one of the country's top cyberwar experts, is somewhat skeptical about the new manual. He sees it as "a push to lower the threshold for military action." For Lewis, responding to a "denial of service" attack with military means is "really crazy." He says the Tallinn manual "shows is that you should never let lawyers go off by themselves."

Claus Kress, an international law expert and the director of the Institute for International Peace and Security Law at the University of Cologne, sees the manual as "setting the course," with "consequences for the entire law of the use of force." Important "legal thresholds," which in the past were intended to protect the world against the military escalation of political conflicts or acts of terror, are becoming "subject to renegotiation," he says.

According to Kress, the most critical issue is the "recognition of a national right of self-defense against certain cyber attacks." This corresponds to a state of defense, as defined under Article 51 of the Charter of the United Nations, which grants any nation that becomes the victim of an "armed attack" the right to defend itself by force of arms. The article gained new importance after Sept. 11, 2001, when the US declared the invasion of Afghanistan an act of self-defense against al-Qaida and NATO proclaimed the application of its mutual defense clause to come to the aid of the superpower.

The question of how malicious malware must be to justify a counterattack can be critical when it comes to preserving peace. Under the new doctrine, only those attacks that cause physical or personal damage, but not virtual damage, are relevant in terms of international law. The malfunction of a computer or the loss of data alone is not sufficient justification for an "armed attack."

But what if, as is often the case, computer breakdowns do not result in physical damage but lead to substantial financial losses? A cyber attack on Wall Street, shutting down the market for several days, was the casus belli among the experts in Tallinn. The US representatives wanted to recognize it as a state of defense, while the Europeans preferred not to do so. But the US military lawyers were adamant, arguing that economic damage establishes the right to launch a counterattack if it is deemed "catastrophic."

Ultimately, it is left to each country to decide what amount of economic damage it considers sufficient to venture into war. German expert Kress fears that such an approach could lead to a "dam failure" for the prohibition of the use of force under international law.

So was it an armed attack that struck South Korea on March 20? The financial losses caused by the failure of bank computers haven't been fully calculated yet. It will be up to politicians, not lawyers, to decide whether they are "catastrophic."

Just how quickly the Internet can become a scene of massive conflicts became evident this month, when suddenly two large providers came under constant digital attack that seemed to appear out of nowhere.

The main target of the attack was the website Spamhaus.org, a project that has been hunting down the largest distributors of spam on the Web since 1998. Its blacklists of known spammers enable other providers to filter out junk email. By providing this service, the organization has made powerful enemies and has been targeted in attacks several times. But the current wave of attacks overshadows everything else. In addition to shutting down Spamhaus, it even temporarily affected the US company CloudFlare, which was helping fend off the attack. Analysts estimate the strength of the attack at 300 gigabits per second, which is several times as high as the level at which the Estonian authorities were "fired upon" in 2007. The attack even affected data traffic in the entire Internet. A group called "Stophaus" claimed responsibility and justified its actions as retribution for the fact that Spamhaus had meddled in the affairs of powerful Russian and Chinese Internet companies.

Civilian forces, motivated by economic interests, are playing cyberwar, and in doing so they are upending all previous war logic.

A Question of When, Not If

A field experiment in the US shows how real the threat is. To flush out potential attackers, IT firm Trend Micro built a virtual pumping station in a small American city, or at least it was supposed to look like one to "visitors" from the Internet. They called it a "honeypot," designed to attract potential attackers on the Web.

The trappers installed servers and industrial control systems used by public utilities of that size. To make the experiment setup seem realistic, they even placed deceptively real-looking city administration documents on the computers.

After only 18 hours, the analysts registered the first attempted attack. In the next four weeks, there were 38 attacks from 14 countries. Most came from computers in China (35 percent), followed by the US (19 percent) and Laos (12 percent).

Many attackers tried to insert espionage tools into the supposed water pumping station to probe the facility for weaknesses. International law does not prohibit espionage. But some hackers went further than that, trying to manipulate or even destroy the control devices.

"Some tried to increase the rotation speed of the water pumps to such a degree that they wouldn't have survived in the real world," says Trend Micro employee Udo Schneider, who categorizes these cases as "classic espionage."

"There is no question as to whether there will be a catastrophic cyber attack against America. The only question is when," says Terry Benzel, the woman who is supposed to protect the country from such an attack and make its computer networks safer. The computer specialist is the head of DeterLab in California, a project that was established in 2003, partly with funding from the US Department of Homeland Security, and offers a simulation platform for reactions to cyber attacks.

Benzel's voice doesn't falter when she describes a war scenario she calls "Cyber Pearl Harbor." This is what it could look like: "Prolonged power outages, a collapse of the power grid and irreparable disruptions in the Internet." Suddenly, food would not reach stores in time and cash machines would stop dispensing money. "Everything depends on computers nowadays, even the delivery of rolls to the baker around the corner," she says.

Benzel also describes other crisis scenarios. For example, she says, there are programs that open and close gates on American dams that are potentially vulnerable. Benzel is worried that a clever hacker could open America's dams at will.

Should Preemptive Strikes Be Allowed?

These and other cases are currently being tested in Cyber City, a virtual city US experts have built on their computers in New Jersey to simulate the consequences of data attacks. Cyber City has a water tower, a train station and 15,000 residents. Everything is connected in realistic ways, enabling the experts to study the potentially devastating effects cyber attacks could have on residents.

In Europe, it is primarily intelligence agencies that are simulating digital war games. Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), also has a unit that studies the details of future wars. It is telling that the BND team doesn't just simulate defensive situations but increasingly looks at offensive scenarios, as well, so as to be prepared for a sort of digital second strike.

"Offensive Cyber Operations," or OCOs, are part of the strategy for future cyberwars in several NATO countries. The Tallinn manual now establishes the legal basis for possible preemptive strikes, which have been an issue in international law since former US President George W. Bush launched a preemptive strike against Iraq in March 2003.

The most contentious issue during the meetings in Tallinn was the question of when an offensive strike is permissible as an act of preventive self-defense against cyber attacks. According to the current doctrine, an attack must be imminent to trigger the right to preventive self-defense. The Tallinn manual is more generous in this respect, stating that even if a digital weapon is only likely to unfold its sinister effects at a later date, a first strike can already be justified if it is the last window of opportunity to meet the threat.

The danger inherent in the application of that standard becomes clear in the way that the international law experts at Tallinn treated Stuxnet, the most devastating malware to date, which was apparently smuggled into Iranian nuclear facilities on Obama's command. The data attack destroyed large numbers of centrifuges used for uranium enrichment in the Natanz reprocessing plant. Under the criteria of the Tallinn manual, this would be an act of war.

Could the US be the perpetrator in a war of aggression in violation of international law? Cologne international law expert Kress believes that what the Tallinn manual says parenthetically about the Stuxnet case amounts to a "handout for the Pentagon," namely that Obama's digital attack might be seen as an "act of preventive self-defense" against the nuclear program of Iran's ayatollahs.

The Fog of Cyber War

According to the Tallinn interpretation, countless virtual espionage incidents of the sort that affect all industrialized nations almost daily could act as accelerants. Pure cyber espionage, which American politicians also define as an attack, is not seen an act of war, according to the Tallinn rules. Nevertheless, the international law experts argue that such espionage attacks can be seen as preparations for destructive attacks, so that it can be legitimate to launch a preventive attack against the spy as a means of self-defense.

Some are especially concerned that the Tallinn proposals could also make it possible to expand the rules of the "war on terror." The authors have incorporated the call of US geostrategic expert Joseph Nye to take precautions against a "cyber 9/11" into their manual. This would mean that the superpower could even declare war on organized hacker groups. Combat drones against hackers? Cologne expert Kress cautions that the expansion of the combat zone to the laptops of an only loosely organized group of individuals would constitute a "threat to human rights."

Germany's military, the Bundeswehr, is also voicing concerns over the expansion of digital warfare. Karl Schreiner, a brigadier general with the Bundeswehr's leadership academy in Hamburg, is among those who see the need for "ethical rules" for the Internet battlefield and believe that an international canon for the use of digital weapons is required.

Military leaders must rethink the most important question relating to defense in cyberspace: Who is the attacker? "In most cases," the Tallinn manual reads optimistically, it is possible to identify the source of data attacks. But that doesn't coincide with the experiences of many IT security experts.

The typical fog of cyberwar was evident most recently in the example of South Korea. At first, officials said that DarkSeoul was clearly an attack from the north, but then it was allegedly traced to China, Europe and the United States. Some analysts now suspect patriotically motivated hackers in North Korea, because of the relatively uncomplicated malware. That leaves the question of just who South Korea should launch a counterattack against.

The South Korean case prompts Cologne international law expert Kress to conclude that lawyers will soon have a "new unsolved problem" on their hands -- a "war on the basis of suspicion."

[Jun 23, 2013] Meet The Man In Charge Of America's Secret Cyber Army (In Which Bonesaw Makes A Mockery Of PRISM)

06/22/2013 | Zero Hedge

With his revelations exposing the extent of potential, and actual, pervasive NSA surveillance over the American population, Edward Snowden has done a great service for the public by finally forcing it to answer the question: is having Big Brother peek at every private communication and electronic information, a fair exchange for the alleged benefit of the state's security. Alas, without further action form a population that appears largely numb and apathetic to disclosures that until recently would have sparked mass protests and toppled presidents, the best we can hope for within a political regime that has hijacked the democratic process, is some intense introspection as to what the concept of "America" truly means.

However, and more importantly, what Snowden's revelations have confirmed, is that behind the scenes, America is now actively engaged in a new kind of war: an unprecedented cyber war, where collecting, deciphering, intercepting, and abusing information is the only thing that matters and leads to unprecedented power, and where enemies both foreign and domestic may be targeted without due process based on a lowly analyst's "whim."

It has also put spotlight on the man, who until recently deep in the shadows, has been responsible for building America's secret, absolutely massive cyber army, and which according to a just released Wired profile is "capable of launching devastating cyberattacks. Now it's ready to unleash hell."

Meet General Keith Alexander, "a man few even in Washington would likely recognize", which is troubling because Alexander is now quite possibly the most powerful person in the world, that nobody talks about. Which is just the way he likes it.

This is the partial and incomplete story of the man who may now be empowered with more unchecked power than any person in the history of the US, or for that matter, the world. It comes once again, courtesy of the man who over a year before the Guardian's Snowden bombshell broke the story about the NSA's secret Utah data storage facility, James Bamford, and whose intimate knowledge of the NSA's secrets comes by way of being a consultant for the defense team of one Thomas Drake, one of the original NSA whistleblowers (as we learn from the full Wired article).

But first, by way of background, here is a glimpse of Alexander's ultra-secretive kingdom. From Wired:

Inside Fort Meade, Maryland, a top-secret city bustles. Tens of thousands of people move through more than 50 buildings-the city has its own post office, fire department, and police force. But as if designed by Kafka, it sits among a forest of trees, surrounded by electrified fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion detectors, and watched by rotating cameras. To block any telltale electromagnetic signals from escaping, the inner walls of the buildings are wrapped in protective copper shielding and the one-way windows are embedded with a fine copper mesh.

This is the undisputed domain of General Keith Alexander, a man few even in Washington would likely recognize. Never before has anyone in America's intelligence sphere come close to his degree of power, the number of people under his command, the expanse of his rule, the length of his reign, or the depth of his secrecy. A four-star Army general, his authority extends across three domains: He is director of the world's largest intelligence service, the National Security Agency; chief of the Central Security Service; and commander of the US Cyber Command. As such, he has his own secret military, presiding over the Navy's 10th Fleet, the 24th Air Force, and the Second Army.

Schematically, Alexander's empire consists of the following: virtually every piece in America's information intelligence arsenal.

As the Snowden scandal has unfurled, some glimpses into the "introspective" capabilities of the NSA, and its sister organizations, have demonstrated just how powerful the full "intelligence" arsenal of the US can be.

However, it is when it is facing outward - as it normally does - that things get really scary. Because contrary to prevailing conventional wisdom, Alexander's intelligence and information-derived power is far from simply defensive. In fact, it is when its offensive potential is exposed that the full destructive power in Alexander's grasp is revealed:

In its tightly controlled public relations, the NSA has focused attention on the threat of cyberattack against the US-the vulnerability of critical infrastructure like power plants and water systems, the susceptibility of the military's command and control structure, the dependence of the economy on the Internet's smooth functioning. Defense against these threats was the paramount mission trumpeted by NSA brass at congressional hearings and hashed over at security conferences.

But there is a flip side to this equation that is rarely mentioned: The military has for years been developing offensive capabilities, giving it the power not just to defend the US but to assail its foes. Using so-called cyber-kinetic attacks, Alexander and his forces now have the capability to physically destroy an adversary's equipment and infrastructure, and potentially even to kill. Alexander-who declined to be interviewed for this article-has concluded that such cyberweapons are as crucial to 21st-century warfare as nuclear arms were in the 20th.

And he and his cyberwarriors have already launched their first attack. The cyberweapon that came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli intelligence in the mid-2000s. The first known piece of malware designed to destroy physical equipment, Stuxnet was aimed at Iran's nuclear facility in Natanz. By surreptitiously taking control of an industrial control link known as a Scada (Supervisory Control and Data Acquisition) system, the sophisticated worm was able to damage about a thousand centrifuges used to enrich nuclear material.

The success of this sabotage came to light only in June 2010, when the malware spread to outside computers. It was spotted by independent security researchers, who identified telltale signs that the worm was the work of thousands of hours of professional development. Despite headlines around the globe, officials in Washington have never openly acknowledged that the US was behind the attack. It wasn't until 2012 that anonymous sources within the Obama administration took credit for it in interviews with The New York Times.

But Stuxnet is only the beginning. Alexander's agency has recruited thousands of computer experts, hackers, and engineering PhDs to expand US offensive capabilities in the digital realm. The Pentagon has requested $4.7 billion for "cyberspace operations," even as the budget of the CIA and other intelligence agencies could fall by $4.4 billion. It is pouring millions into cyberdefense contractors. And more attacks may be planned.

Alexander's background is equally impressive: a classmate of Petraeus and Dempsey, a favorite of Rumsfeld, the General had supreme power written all over his career progression. If reaching the top at all costs meant crushing the fourth amendment and lying to Congress in the process, so be it:

Born in 1951, the third of five children, Alexander was raised in the small upstate New York hamlet of Onondaga Hill, a suburb of Syracuse. He tossed papers for the Syracuse Post-Standard and ran track at Westhill High School while his father, a former Marine private, was involved in local Republican politics. It was 1970, Richard Nixon was president, and most of the country had by then begun to see the war in Vietnam as a disaster. But Alexander had been accepted at West Point, joining a class that included two other future four-star generals, David Petraeus and Martin Dempsey. Alexander would never get the chance to serve in Vietnam. Just as he stepped off the bus at West Point, the ground war finally began winding down.

In April 1974, just before graduation, he married his high school classmate Deborah Lynn Douglas, who grew up two doors away in Onondaga Hill. The fighting in Vietnam was over, but the Cold War was still bubbling, and Alexander focused his career on the solitary, rarefied world of signals intelligence, bouncing from secret NSA base to secret NSA base, mostly in the US and Germany. He proved a competent administrator, carrying out assignments and adapting to the rapidly changing high tech environment. Along the way he picked up masters degrees in electronic warfare, physics, national security strategy, and business administration. As a result, he quickly rose up the military intelligence ranks, where expertise in advanced technology was at a premium.

In 2001, Alexander was a one-star general in charge of the Army Intelligence and Security Command, the military's worldwide network of 10,700 spies and eavesdroppers. In March of that year he told his hometown Syracuse newspaper that his job was to discover threats to the country. "We have to stay out in front of our adversary," Alexander said. "It's a chess game, and you don't want to lose this one." But just six months later, Alexander and the rest of the American intelligence community suffered a devastating defeat when they were surprised by the attacks on 9/11. Following the assault, he ordered his Army intercept operators to begin illegally monitoring the phone calls and email of American citizens who had nothing to do with terrorism, including intimate calls between journalists and their spouses. Congress later gave retroactive immunity to the telecoms that assisted the government.

In 2003, Alexander, a favorite of defense secretary Donald Rumsfeld, was named the Army's deputy chief of staff for intelligence, the service's most senior intelligence position. Among the units under his command were the military intelligence teams involved in the human rights abuses at Baghdad's Abu Ghraib prison. Two years later, Rumsfeld appointed Alexander-now a three-star general-director of the NSA, where he oversaw the illegal, warrantless wiretapping program while deceiving members of the House Intelligence Committee. In a publicly released letter to Alexander shortly after The New York Times exposed the program, US representative Rush Holt, a member of the committee, angrily took him to task for not being forthcoming about the wiretapping: "Your responses make a mockery of congressional oversight."

In short: Emperor Alexander.

Inside the government, the general is regarded with a mixture of respect and fear, not unlike J. Edgar Hoover, another security figure whose tenure spanned multiple presidencies. "We jokingly referred to him as Emperor Alexander-with good cause, because whatever Keith wants, Keith gets," says one former senior CIA official who agreed to speak on condition of anonymity. "We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else."

What happened next in Alexander's career some time in the mid 2000's, was Stuxnet: the story of the crushing virus that nearly destroyed the Iranian nuclear program has been widely documented on these pages and elsewhere, so we won't recount the Wired article's details. However, what was very odd about the Stuxnet attack is that such a brilliantly conceived and delivered virus could ultimately be uncovered and traced back to the NSA and Israel. It was almost too good. Still, what happened after the revelation that Stuxnet could be traced to Fort Meade, is that the middle-east, supposedly, promptly retaliated:

Sure enough, in August 2012 a devastating virus was unleashed on Saudi Aramco, the giant Saudi state-owned energy company. The malware infected 30,000 computers, erasing three-quarters of the company's stored data, destroying everything from documents to email to spreadsheets and leaving in their place an image of a burning American flag, according to The New York Times. Just days later, another large cyberattack hit RasGas, the giant Qatari natural gas company. Then a series of denial-of-service attacks took America's largest financial institutions offline. Experts blamed all of this activity on Iran, which had created its own cyber command in the wake of the US-led attacks. James Clapper, US director of national intelligence, for the first time declared cyberthreats the greatest danger facing the nation, bumping terrorism down to second place. In May, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team issued a vague warning that US energy and infrastructure companies should be on the alert for cyberattacks. It was widely reported that this warning came in response to Iranian cyberprobes of industrial control systems. An Iranian diplomat denied any involvement.

The cat-and-mouse game could escalate. "It's a trajectory," says James Lewis, a cyber­security expert at the Center for Strategic and International Studies. "The general consensus is that a cyber response alone is pretty worthless. And nobody wants a real war." Under international law, Iran may have the right to self-defense when hit with destructive cyberattacks. William Lynn, deputy secretary of defense, laid claim to the prerogative of self-defense when he outlined the Pentagon's cyber operations strategy. "The United States reserves the right," he said, "under the laws of armed conflict, to respond to serious cyberattacks with a proportional and justified military response at the time and place of our choosing." Leon Panetta, the former CIA chief who had helped launch the Stuxnet offensive, would later point to Iran's retaliation as a troubling harbinger. "The collective result of these kinds of attacks could be a cyber Pearl Harbor," he warned in October 2012, toward the end of his tenure as defense secretary, "an attack that would cause physical destruction and the loss of life."

Almost too good... Because what the so-called hacker "retaliations" originating from Iran, China, Russia, etc, led to such laughable outcomes as DDOS attacks against - to unprecedented media fanfare - the portals of such firms as JPMorgan and Wells Fargo, and as Wired adds, "if Stuxnet was the proof of concept, it also proved that one successful cyberattack begets another. For Alexander, this offered the perfect justification for expanding his empire."

The expansion that took place next for Alexander and his men, all of it under the Obama regime, was simply unprecedented (and that it steamrolled right through the "sequester" was perfectly expected):

[D]ominance has long been their watchword. Alexander's Navy calls itself the Information Dominance Corps. In 2007, the then secretary of the Air Force pledged to "dominate cyberspace" just as "today, we dominate air and space." And Alexander's Army warned, "It is in cyberspace that we must use our strategic vision to dominate the information environment." The Army is reportedly treating digital weapons as another form of offensive capability, providing frontline troops with the option of requesting "cyber fire support" from Cyber Command in the same way they request air and artillery support.

All these capabilities require a giant expansion of secret facilities. Thousands of hard-hatted construction workers will soon begin erecting cranes, driving backhoes, and emptying cement trucks as they expand the boundaries of NSA's secret city eastward, increasing its already enormous size by a third. "You could tell that some of the seniors at NSA were truly concerned that cyber was going to engulf them," says a former senior Cyber Command official, "and I think rightfully so."

In May, work began on a $3.2 billion facility housed at Fort Meade in Maryland. Known as Site M, the 227-acre complex includes its own 150-megawatt power substation, 14 administrative buildings, 10 parking garages, and chiller and boiler plants. The server building will have 90,000 square feet of raised floor-handy for supercomputers-yet hold only 50 people. Meanwhile, the 531,000-square-foot operations center will house more than 1,300 people. In all, the buildings will have a footprint of 1.8 million square feet. Even more ambitious plans, known as Phase II and III, are on the drawing board. Stretching over the next 16 years, they would quadruple the footprint to 5.8 million square feet, enough for nearly 60 buildings and 40 parking garages, costing $5.2 billion and accommodating 11,000 more cyberwarriors.

In short, despite the sequestration, layoffs, and furloughs in the federal government, it's a boom time for Alexander. In April, as part of its 2014 budget request, the Pentagon asked Congress for $4.7 billion for increased "cyberspace operations," nearly $1 billion more than the 2013 allocation. At the same time, budgets for the CIA and other intelligence agencies were cut by almost the same amount, $4.4 billion. A portion of the money going to Alexander will be used to create 13 cyberattack teams.

In the New Normal, the CIA is no longer relevant: all that matters are Alexanders' armies of hackers and computer geeks.

But not only has the public espionage sector been unleashed: the private sector is poised to reap a killing (pardon the pun) too...

What's good for Alexander is good for the fortunes of the cyber-industrial complex, a burgeoning sector made up of many of the same defense contractors who grew rich supplying the wars in Iraq and Afghanistan. With those conflicts now mostly in the rearview mirror, they are looking to Alexander as a kind of savior. After all, the US spends about $30 billion annually on cybersecurity goods and services.

In the past few years, the contractors have embarked on their own cyber building binge parallel to the construction boom at Fort Meade: General Dynamics opened a 28,000-square-foot facility near the NSA; SAIC cut the ribbon on its new seven-story Cyber Innovation Center; the giant CSC unveiled its Virtual Cyber Security Center. And at consulting firm Booz Allen Hamilton, where former NSA director Mike McConnell was hired to lead the cyber effort, the company announced a "cyber-solutions network" that linked together nine cyber-focused facilities. Not to be outdone, Boeing built a new Cyber Engagement Center. Leaving nothing to chance, it also hired retired Army major general Barbara Fast, an old friend of Alexander's, to run the operation. (She has since moved on.)

Defense contractors have been eager to prove that they understand Alexander's worldview. "Our Raytheon cyberwarriors play offense and defense," says one help-wanted site. Consulting and engineering firms such as Invertix and Parsons are among dozens posting online want ads for "computer network exploitation specialists." And many other companies, some unidentified, are seeking computer and network attackers. "Firm is seeking computer network attack specialists for long-term government contract in King George County, VA," one recent ad read. Another, from Sunera, a Tampa, Florida, company, said it was hunting for "attack and penetration consultants."

It gets better: all those anti-virus programs you have on computer to "make it safe" from backdoors and trojans? Guess what - they are the backdoors and trojans!

One of the most secretive of these contractors is Endgame Systems, a startup backed by VCs including Kleiner Perkins Caufield & Byers, Bessemer Venture Partners, and Paladin Capital Group. Established in Atlanta in 2008, Endgame is transparently antitransparent. "We've been very careful not to have a public face on our company," former vice president John M. Farrell wrote to a business associate in an email that appeared in a WikiLeaks dump. "We don't ever want to see our name in a press release," added founder Christopher Rouland. True to form, the company declined Wired's interview requests.

Perhaps for good reason: According to news reports, Endgame is developing ways to break into Internet-connected devices through chinks in their antivirus armor. Like safecrackers listening to the click of tumblers through a stethoscope, the "vulnerability researchers" use an extensive array of digital tools to search for hidden weaknesses in commonly used programs and systems, such as Windows and Internet Explorer. And since no one else has ever discovered these unseen cracks, the manufacturers have never developed patches for them.

Thus, in the parlance of the trade, these vulnerabilities are known as "zero-day exploits," because it has been zero days since they have been uncovered and fixed. They are the Achilles' heel of the security business, says a former senior intelligence official involved with cyberwarfare. Those seeking to break into networks and computers are willing to pay millions of dollars to obtain them.

Such as the US government. But if you thought PRISM was bad you ain't seen nuthin' yet. Because tying it all together is Endgame's appropriately named "Bonesaw" - what it is is practically The Matrix transplanted into the real cyber world.

According to Defense News' C4ISR Journal and Bloomberg Businessweek, Endgame also offers its intelligence clients-agencies like Cyber Command, the NSA, the CIA, and British intelligence-a unique map showing them exactly where their targets are located. Dubbed Bonesaw, the map displays the geolocation and digital address of basically every device connected to the Internet around the world, providing what's called network situational awareness. The client locates a region on the password-protected web-based map, then picks a country and city- say, Beijing, China. Next the client types in the name of the target organization, such as the Ministry of Public Security's No. 3 Research Institute, which is responsible for computer security-or simply enters its address, 6 Zhengyi Road. The map will then display what software is running on the computers inside the facility, what types of malware some may contain, and a menu of custom-designed exploits that can be used to secretly gain entry. It can also pinpoint those devices infected with malware, such as the Conficker worm, as well as networks turned into botnets and zombies- the equivalent of a back door left open.

Bonesaw also contains targeting data on US allies, and it is soon to be upgraded with a new version codenamed Velocity, according to C4ISR Journal. It will allow Endgame's clients to observe in real time as hardware and software connected to the Internet around the world is added, removed, or changed.

More on Bonesaw:

Marketing documents say "the Bonesaw platform provides a complete environment for intelligence analysts and mission planners to take a holistic approach to target discovery, reducing the time to create actionable intelligence and operational plans from days to minutes."

"Bonesaw is the ability to map, basically every device connected to the Internet and what hardware and software it is," says a company official who requested anonymity. The official points out that the firm doesn't launch offensive cyber ops, it just helps.

Back to Wired:

[S]uch access doesn't come cheap. One leaked report indicated that annual subscriptions could run as high as $2.5 million for 25 zero-day exploits.

That's ok though, the US government is happy to collect taxpayer money so it can pay these venture capital-backed private firms for the best in espionage technology, allowing it to reach, hack and manipulate every computer system foreign. And domestic.

How ironic: US citizens are funding Big Brother's own unprecedented spying program against themselves!

Not only that, but by allowing the NSA to develop and utilize technology that is leaps ahead of everyone else - utilize it against the US citizens themselves - America is now effectively war against itself... Not to mention every other foreign country that is a intelligence interest:

The buying and using of such a subscription by nation-states could be seen as an act of war. "If you are engaged in reconnaissance on an adversary's systems, you are laying the electronic battlefield and preparing to use it," wrote Mike Jacobs, a former NSA director for information assurance, in a McAfee report on cyberwarfare. "In my opinion, these activities constitute acts of war, or at least a prelude to future acts of war." The question is, who else is on the secretive company's client list? Because there is as of yet no oversight or regulation of the cyberweapons trade, companies in the cyber-industrial complex are free to sell to whomever they wish. "It should be illegal," says the former senior intelligence official involved in cyber­warfare. "I knew about Endgame when I was in intelligence. The intelligence community didn't like it, but they're the largest consumer of that business."

And there you have it: US corporations happily cooperating with the US government's own espionage services, however since the only thing that matters in the private sector is the bottom line, the Endgames of the world will gladly sell the same ultra-secret services to everyone else who is willing to pay top dollar: China, Russia, Iran...

in their willingness to pay top dollar for more and better zero-day exploits, the spy agencies are helping drive a lucrative, dangerous, and unregulated cyber arms race, one that has developed its own gray and black markets. The companies trading in this arena can sell their wares to the highest bidder-be they frontmen for criminal hacking groups or terrorist organizations or countries that bankroll terrorists, such as Iran. Ironically, having helped create the market in zero-day exploits and then having launched the world into the era of cyberwar, Alexander now says the possibility of zero-day exploits falling into the wrong hands is his "greatest worry."

Does Alexander have reason to be worried? Oh yes.

In May, Alexander discovered that four months earlier someone, or some group or nation, had secretly hacked into a restricted US government database known as the National Inventory of Dams. Maintained by the Army Corps of Engineers, it lists the vulnerabilities for the nation's dams, including an estimate of the number of people who might be killed should one of them fail. Meanwhile, the 2013 "Report Card for America's Infrastructure" gave the US a D on its maintenance of dams. There are 13,991 dams in the US that are classified as high-hazard, the report said. A high-hazard dam is defined as one whose failure would cause loss of life. "That's our concern about what's coming in cyberspace-a destructive element. It is a question of time," Alexander said in a talk to a group involved in information operations and cyberwarfare, noting that estimates put the time frame of an attack within two to five years. He made his comments in September 2011.

In other words, this massive cyberattack against the US predicted by "Emperor" Alexander, an attack in which as Alexander himself has said cyberweapons represent the 21st century equivalent of nuclear arms (and require in kind retaliation) whether false flag or real, is due... some time right around now.

[Mar 22, 2013] Decade-old espionage malware found targeting government computers

Mar 20 2013 | Ars Technica

"TeamSpy" used digitally signed TeamViewer remote access tool to spy on victims.

Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.

TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as "secret" from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab.

Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed "Hungarian high-profile governmental victim."

Malware used in the attacks indicates that those responsible may have operated for years and may have also targeted figures in a variety of countries throughout the world. Adding intrigue to the discovery, techniques used in the attacks bear a striking resemblance to an online banking fraud ring known as Sheldon, and a separate analysis from researchers at Kaspersky Lab found similarities to the Red October espionage campaign that the Russia-based security firm discovered earlier this year.

"Most likely the same attackers are behind the attacks that span for the last 10 years, as there are clear connections between samples used in different years and campaigns," CrySyS researchers wrote in their report. "Interestingly, the attacks began to gain new momentum in the second half of 2012."

They added: "The attackers surely aim for important targets. This conclusion comes from a number of different facts, including victim IPs, known activities on some targets, traceroute for probably high-profile targets, file names used in information stealing activities, strange paramilitary language of some structures, etc."

The attackers relied on a variety of methods, including the use of a digitally signed version of TeamViewer that has been modified through a technique known as "DLL hijacking" to spy on targets in real-time. Installation of the compromised program also provides attackers with a backdoor to install updates and additional malware. Both the TeamViewer technique and command servers used in the attack harken back to Sheldon. The TeamSpy operation also relies on more traditional malware tools that were custom-built for the purpose of espionage or bank fraud.

According to Kaspersky, the operators infected their victims through a series of "watering hole" attacks that plant malware on websites frequented by the intended victims. When the targets visit the booby-trapped sites, they also become infected. The attackers also injected malware into advertising networks to blanket entire regions. In many cases, much of that attack code used to infect victims was spawned from the Eleonore exploit kit. Domains used to host command and control servers that communicated with infected machines included politnews.org, bannetwork.org, planetanews.org, bulbanews.org, and r2bnetwork.org.

The discovery of TeamSpy is only the latest to reveal an international operation that uses malware to siphon sensitive data from high-profile targets. The most well-known campaign was dubbed Flame. Other surveillance campaigns include Gauss and Duqu, all three of which are believed to have been supported by a well-resourced nation-state. Last year, researchers also uncovered an espionage campaign dubbed Mahdi.

Decade-Old Espionage Malware Found Targeting Government Computers

Slashdot

Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe. TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as 'secret' from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed 'Hungarian high-profile governmental victim.'

erroneus

Suspiscious based on what criteria?

  1. We aren't allowed to use open source and so we have to "trust" every 'signed binary' which executives and leaders want to use. If we could use open source, we could at least read the source and even compile it to ensure the source we read was the binary which was compiled.

  2. When the malware doesn't do "harm" to anything, the sympoms of malware are non-existant. No pop-up ads, no unusual crashing (see note about being unable to use open source... the 'other' operaitng system crashes often enough for inexplicable reasons that no one suspects malware as the cause any longer) and when a commonly used utility program which performs remote access is used, how can it be detected as malware?

Arguably, that it was proprietary and commercial software which was exploited is pretty disturbing. But at the same time, that software makers (and other device and product makers, and service providers too) frequently enter into deals with government to spy on people is unfortunately very common. That the "white-hat" (heh, I accidentally typed "white-hate"... apropos?) nation called the USA has compromised global communications with Echelon and more recently with the much celebrated NSA wiretapping, does not help matters.

I think no one appreciates the value of trust. Once it's lost, it's lost. What amount of trust in government... any government... may have existed, it is gone for most of us.

The unenlightened? Well... they still watch MSM (mainstream media, I have come to know these initials). What hope have they against that?

Anonymous Coward

Re:A strong push for open source in government (Score:1)

I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see

Bullshit. Open or closed source has no direct bearing on the ability of an attacker to infect a binary. Open source provides more eyes on a given bug or problem, but once compiled and running its the exact same problem.

The article mentions use of a modified signed binary. So tell me how open source is going to remedy that? Unless you're recompiling from scratch (your entire tool chain, plus dependencies) on each launch, you're just as fucked as the next guy. Are you going to checksum the binary in memory each time a method is called? Are you going to encrypt/decrypt on each call? What's to stop an attacker from modifying your checksum code in the same manner as CD checks on games are trivially broken?

The only thing open source is really going to do for you is ensure that if you compile from source, the attack didn't originate from that source. So what?

Anonymous Coward

The fact it's open source IS (or can be) the pathway. If it's a small piece of software that does a specific function that's not of use to many people, your million eyeballs shrink rapidly. And what you're left with (IMO) is a handful of eyeballs thinking "I don't have the time/skills for this, it's open source, I'm sure someone will have looked over it" while no one actually does.

Or someone auditing the code but not the stuff around it, or maybe the code as distributed is clean and will compile into a clean and functioning binary, but the scripts around it actually add some malicious steps if certain criteria are met.

Open source isn't a magic bullet.

[Feb 13, 2013] Welcome to the Malware-Industrial Complex By Tom Simonite

February 13, 2013 | MIT Technology Review

The U.S. government is developing new computer weapons and driving a black market in "zero-day" bugs. The result could be a more dangerous Web for everyone.

Every summer, computer security experts get together in Las Vegas for Black Hat and DEFCON, conferences that have earned notoriety for presentations demonstrating critical security holes discovered in widely used software. But while the conferences continue to draw big crowds, regular attendees say the bugs unveiled haven't been quite so dramatic in recent years.

One reason is that a freshly discovered weakness in a popular piece of software, known in the trade as a "zero-day" vulnerability, can be cashed in for much more than a reputation boost and some free drinks at the bar. Information about such flaws can command prices in the hundreds of thousands of dollars from defense contractors, security agencies and governments.

This trade in zero-day exploits is poorly documented, but it is perhaps the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget, reshape international relations, and perhaps make the Web less safe for everyone.

Zero-day exploits are valuable because they can be used to sneak software onto a computer system without detection by conventional computer security measures, such as antivirus packages or firewalls. Criminals might do that to intercept credit card numbers. An intelligence agency or military force might steal diplomatic communications or even shut down a power plant.

It became clear that this type of assault would define a new era in warfare in 2010, when security researchers discovered a piece of malicious software, or malware, known as Stuxnet. Now widely believed to have been a project of U.S. and Israeli intelligence (U.S. officials have yet to publicly acknowledge a role but have done so anonymously to the New York Times and NPR), Stuxnet was carefully designed to infect multiple systems needed to access and control industrial equipment used in Iran's nuclear program. The payload was clearly the work of a group with access to government-scale resources and intelligence, but it was made possible by four zero-day exploits for Windows that allowed it to silently infect target computers. That so many precious zero-days were used at once was just one of Stuxnet's many striking features.

Since then, more Stuxnet-like malware has been uncovered, and it's involved even more complex techniques (see "The Antivirus Era Is Over"). It is likely that even more have been deployed but escaped public notice. Meanwhile, governments and companies in the United States and around the world have begun paying more and more for the exploits needed to make such weapons work, says Christopher Soghoian, a principal technologist at the American Civil Liberties Union.

"On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices," says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects' computers or mobile phones.

Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop computers, mobile systems are rarely updated. Apple sends updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a long time. Sometimes the discoverer of a zero day vulnerability receives a monthly payment as long as a flaw remains undiscovered. "As long as Apple or Microsoft has not fixed it you get paid," says Soghioan.

No law directly regulates the sale of zero-days in the United States or elsewhere, so some traders pursue it quite openly. A Bangkok-based security researcher who goes by the name The Grugq tweets about acting as a middleman and has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and western Europe. In an argument on Twitter last month, he denied that his business is equivalent to arms dealing, as critics within and outside the computer security community have charged. "An exploit is a component of a toolchain," he tweeted. "The team that produces & maintains the toolchain is the weapon."

Some small companies are similarly up-front about their involvement in the trade. The French security company VUPEN states on its website that it

"provides government-grade exploits specifically designed for the Intelligence community and national security agencies to help them achieve their offensive cyber security and lawful intercept missions."

Last year, employees of the company publicly demonstrated a zero-day flaw that compromised Google's Chrome browser, but they turned down Google's offer of a $60,000 reward if they would share how it worked. What happened to the exploit is unknown.

No U.S. government agency has gone on the record as saying that it buys zero-days. But U.S. defense agencies and companies have begun to publicly acknowledge that they intend to launch as well as defend against cyberattacks, a stance that will require new ways to penetrate enemy computers.

General Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, told a symposium in Washington last October that the United States is prepared to do more than just block computer attacks. "Part of our defense has to consider offensive measures," he said, making him one of the most senior officials to admit that the government will make use of malware. Earlier in 2012 the U.S. Air Force invited proposals for developing "Cyberspace Warfare Attack capabilities" that could "destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage." And in November, Regina Dugan, the head of the Defense Advanced Research Projects Agency, delivered another clear signal about the direction U.S. defense technology is heading. "In the coming years we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs," she said, announcing that the agency expected to expand cyber-security research from 8 percent of its budget to 12 percent.

Defense analysts say one reason for the shift is that talking about offense introduces an element of deterrence, an established strategy for nuclear and conventional conflicts. Up to now, U.S. politicians and defense chiefs have talked mostly about the country's vulnerability to digital attacks. Last fall, for example, Defense Secretary Leon Panetta warned frankly that U.S. infrastructure was being targeted by overseas attackers and that a "digital Pearl Harbor" could result (see "U.S. Power Grids, Water Plants a Hacking Target").

Major defense contractors are less forthcoming about their role in making software to attack enemies of the U.S. government, but they are evidently rushing to embrace the opportunity. "It's a growing area of the defense business at the same time that the rest of the defense business is shrinking," says Peter Singer, director of the 21st Century Defense Initiative at the Brookings Institution, a Washington think tank. "They've identified two growth areas: drones and cyber."

Large contractors are hiring many people with computer security skills, and some job openings make it clear there are opportunities to play more than just defense. Last year, Northrop Grumman posted ads seeking people to "plan, execute and assess an Offensive Cyberspace Operation (OCO) mission," and many current positions at Northrop ask for "hands-on experience of offensive cyber operations." Raytheon prefaces its ads for security-related jobs with language designed to appeal to stereotypical computer hackers: "Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our Nerf collection dwarfs that of most toy stores. Our research and development projects cover the spectrum of offensive and defensive security technologies."

The new focus of America's military and defense contractors may concern some taxpayers. As more public dollars are spent researching new ways to attack computer systems, some of that money will go to people like The Grugq to discover fresh zero-day vulnerabilities. And an escalating cycle of competition between U.S and overseas government agencies and contractors could make the world more dangerous for computer users everywhere.

"Every country makes weapons: unfortunately, cyberspace is like that too," says Sujeet Shenoi, who leads the U.S.-government-sponsored Cyber Corps Program at the University of Tulsa. His program trains students for government jobs defending against attacks, but he fears that defense contractors, also eager to recruit these students, are pushing the idea of offense too hard. Developing powerful malware introduces the dangerous temptation to use it, says Shenoi, who fears the consequences of active strikes against infrastructure. "I think maybe the civilian courts ought to get together and bar these kinds of attacks," he says.

The ease with which perpetrators of a computer attack can hide their tracks also raises the risk that such weapons will be used, Shenoi points out. Worse, even if an attack using malware is unsuccessful, there's a strong chance that a copy will remain somewhere on the victim's system-by accident or design-or accidentally find its way onto computer systems not targeted at all, as Stuxnet did. Some security firms have already identified criminal malware that uses methods first seen in Stuxnet (see "Stuxnet Tricks Copied by Criminals").

"The parallel is dropping the atomic bomb but also leaflets with the design of it," says Singer. He estimates that around 100 countries already have cyber-war units of some kind, and around 20 have formidable capabilities: "There's a lot of people playing this game."

[Nov 12, 2012] After Stuxnet The new rules of cyberwar

Stuxnet is definitely a source of a large blowback. It also make the US or Israle or both the first nations which deployed cyber weapon against other nation, without any declaration of war. "In taking this step, the perpetrator not only demonstrated that control systems are vulnerable, but also legitimized this kind of activity by a nation-state, he says."
Computerworld

Three years ago, when electric grid operators were starting to talk about the need to protect critical infrastructure from cyberattacks, few utilities had even hired a chief information security officer.

Then came Stuxnet.

In 2010, that malware, widely reported to have been created by the U.S. and Israel, reportedly destroyed 1,000 centrifuges that Iran was using to enrich uranium after taking over the computerized systems that operated the centrifuges.

Gen. Michael Hayden, principal at security consultancy The Chertoff Group, was director of the National Security Agency, and then the CIA, during the years leading up to the event. "I have to be careful about this," he says,

"but in a time of peace, someone deployed a cyberweapon to destroy what another nation would describe as its critical infrastructure."

In taking this step, the perpetrator not only demonstrated that control systems are vulnerable, but also legitimized this kind of activity by a nation-state, he says.

The attack rattled the industry. "Stuxnet was a game-changer because it opened people's eyes to the fact that a cyber event can actually result in physical damage," says Mark Weatherford, deputy undersecretary for cybersecurity in the National Protection Programs Directorate at the U.S. Department of Homeland Security.

In another development that raised awareness of the threat of cyberwar, the U.S. government in October accused Iran of launching distributed denial-of-service (DDoS) attacks against U.S. financial institutions. In a speech intended to build support for stalled legislation known as the Cybersecurity Act that would enable greater information sharing and improved cybersecurity standards, Defense Secretary Leon Panetta warned that the nation faced the possibility of a "cyber Pearl Harbor" unless action was taken to better protect critical infrastructure.

"Awareness of the problem has been the biggest change" since the release of Stuxnet, says Tim Roxey, chief cybersecurity officer for the North American Electric Reliability Corp. (NERC), a trade group serving electrical grid operators. He noted that job titles such as CISO and cybersecurity officer are much more common than they once were, new cybersecurity standards are now under development, and there's a greater emphasis on information sharing, both within the industry and with the DHS through sector-specific Information Sharing and Analysis Centers. (Read our timeline of critical infrastructure attacks over the years.)

On the other hand, cybersecurity is still not among the top five reliability concerns for most utilities, according to John Pescatore, an analyst at Gartner. Says Roxey: "It's clearly in the top 10." But then, so is vegetation management.

Compounding the challenge is the fact that regulated utilities tend to have tight budgets. That's a big problem, says Paul Kurtz, managing director of international practice at security engineering company CyberPoint International and former senior director for critical infrastructure protection at the White House's Homeland Security Council. "We're not offering cost-effective, measurable solutions," he says. "How do you do this without hemorrhaging cash?"

Should the U.S. Strike Back?

Most best practices on dealing with cyberattacks on critical infrastructure focus on defense: patching vulnerabilities and managing risk. But should the U.S. conduct preemptive strikes against suspected attackers -- or at least hit back?

Gen. Michael Hayden, principal at security consultancy The Chertoff Group, and former director of the NSA and the CIA, says the cybersecurity problem can be understood through the classic risk equation: Risk (R) = threat (T) x vulnerability (V) x consequences (C). "If I can drive any factor down to zero, the risk goes down to zero," he says. So far, most efforts have focused on reducing V, and there's been a shift toward C, with the goal of determining how to rapidly detect an attack, contain the damage and stay online. "But we are only now beginning to wonder, how do I push T down? How do I reduce the threat?" Hayden says. "Do I shoot back?"

The DOD is contemplating the merits of "cross-domain" responses, says James Lewis, senior fellow at the Center for Strategic and International Studies. "We might respond with a missile. That increases the uncertainty for opponents."

Ultimately, countries that launch such attacks will pay a price, says Howard Schmidt, former cybersecurity coordinator and special assistant to the president. --[Does this possibility includes the USA and Israel? -- NNB] The U.S. response could involve economic sanctions -- or it could involve the use of military power.

- Robert L. Mitchell

Falling Behind

Most experts agree that critical infrastructure providers have a long way to go. Melissa Hathaway, president of Hathaway Global Strategies, was the Obama administration's acting senior director for cyberspace in 2009. That year, she issued a Cyberspace Policy Review report that included recommendations for better protecting critical infrastructure, but there hasn't been much movement toward implementing those recommendations, she says. A draft National Cyber Incident Response plan has been published, but a national-level exercise, conducted in June, showed that the plan was insufficient to protect critical infrastructure.

"A lot of critical infrastructure is not even protected from basic hacking. I don't think the industry has done enough to address the risk, and they're looking for the government to somehow offset their costs," Hathaway says. There is, however, a broad recognition that critical infrastructure is vulnerable and that something needs to be done about it.

The Department of Defense has a direct stake in the security of the country's critical infrastructure because the military depends on it. "The Defense Science Board Task Force did a review of DOD reliance on critical infrastructure and found that an astute opponent could attack and harm the DOD's capabilities," says James Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies.

At a forum in July, NSA Director Gen. Keith Alexander was asked to rate the state of U.S. preparedness for an attack on critical infrastructure on a scale of 1 to 10. He responded, "I would say around a 3." The reasons include the inability to rapidly detect and respond to attacks, a lack of cybersecurity standards and a general unwillingness by both private companies and government agencies to share detailed information about threats and attacks. The DOD and intelligence agencies don't share information because they tend to overclassify it, says Hayden. And critical infrastructure providers prefer to keep things to themselves because they don't want to expose customer data and they're concerned about the liability issues that could arise and the damage their reputations could suffer if news of an attack were widely reported.

"The rules of the game are a little fuzzy on what you can and cannot share," says Edward Amoroso, chief security officer and a senior vice president at AT&T, noting that his biggest concern is the threat of a large-scale DDoS attack that could take down the Internet's backbone. "I need attorneys, and I need to exercise real care when interacting with the government," he says.

In some cases, critical infrastructure providers are damned if they do share information and damned if they don't. "If the government provides a signature to us, some policy observers would say that we're operating on behalf of that government agency," he says. All parties agree that, in a crisis, everyone should be able to share information in real time. "But talk to five different people and you'll get five different opinions about what is OK," says Amoroso. Unfortunately, government policy initiatives intended to resolve the issue, such as the Cybersecurity Act, have failed to move forward.

"It was disappointing for us that this nonpartisan issue became so contentious," says Weatherford. The lack of progress by policymakers is a problem for the DHS and the effectiveness of its National Cybersecurity and Communications Integration Center (NCCIC). The center, which is open around the clock, was designed to be the nexus for information sharing between private-sector critical infrastructure providers -- and the one place to call when there's a problem. "I want NCCIC to be the '911' of cybersecurity," he says. "We may not have all the answers or all the right people, but we know where they are."

Meanwhile, both the number of attacks and their level of sophistication have been on the rise. Richard Bejtlich, chief security officer at security consultancy Mandiant, says electric utilities and other businesses are under constant assault by foreign governments. "We estimate that 30% to 40% of the Fortune 500 have an active Chinese or Russian intrusion problem right now," he says. However, he adds, "I think the threat in that area is exaggerated," because the goal of such attacks is to steal intellectual property, not destroy infrastructure. (Read our timeline of critical infrastructure attacks over the years.)

Others disagree. "We've seen a new expertise developing around industrial control systems. We're seeing a ton of people and groups committed to the very technical aspects of these systems," says Howard Schmidt, who served as cybersecurity coordinator and special assistant to the president until last May and is now an independent consultant.

"People are too quick to dismiss the link between intellectual property loss through cyber intrusions and attacks against infrastructure," says Kurtz. "Spear phishing events can lead to the exfiltration of intellectual property, and that can have a spillover effect into critical infrastructure control system environments."

Hacking on the Rise

Cyberattackers fall into three primary categories: criminal organizations interested in stealing for monetary gain, hacktivists bent on furthering their own agendas, and foreign governments, or their agents, aiming to steal information or lay the groundwork for later attacks.

The Chinese are the most persistent, with several tiers of groups participating, says Richard Bejtlich, chief security officer at security consultancy Mandiant. Below official state-sponsored attacks are breaches by state militias, quasi-military and quasi-government organizations, and what he calls "patriotic hackers."

"It's almost a career path," says Bejtlich.

There's disagreement on which groups are the most sophisticated or dangerous, but that's not what matters. What matters is that the universe of attackers is expanding and they have ready access to an ever-growing wealth of knowledge about hacking, along with black hat tools helpful in launching attacks. "Over the next five years, low-level actors will get more sophisticated and the Internet [will expand] into areas of the Third World where the rule of law is weaker," says Gen. Michael Hayden, principal at security consultancy The Chertoff Group. "The part of the world responsible for criminal groups such as the Somali pirates is going to get wired."

- Robert L. Mitchell

Spear phishing attacks, sometimes called advanced targeted threats or advanced persistent threats, are efforts to break into an organization's systems by targeting specific people and trying, for example, to get them to open infected email messages that look like they were sent by friends. Such attacks have been particularly difficult to defend against.

Then there's the issue of zero-day attacks. While software and systems vendors have released thousands of vulnerability patches over the past 10 years, Amoroso says, "I wouldn't be surprised if there are thousands of zero-day vulnerabilities that go unreported." And while hacktivists may brag about uncovering vulnerabilities, criminal organizations and foreign governments prefer to keep that information to themselves. "The nation-state-sponsored attack includes not only the intellectual property piece but the ability to pre-position something when you want to be disruptive during a conflict," Schmidt says.

Usually in espionage it's much easier to steal intelligence than it is to do physical harm. That's not true in the cyber domain, says Hayden. "If you penetrate a network for espionage purposes, you've already got everything you'll want for destruction," he says.

On the other hand, while it's impossible for a private company to defend itself from physical warfare, that's not true when it comes to cyberattacks. Every attack exploits a weakness. "By closing that vulnerability, you stop the teenage kid, the criminal and the cyberwarrior," says Pescatore.

Control Anxiety

Computerized control systems are a potential problem area because the same systems are in use across many different types of critical infrastructure. "Where you used to turn dials or throw a switch, all of that is done electronically now," Schmidt says.

In addition, many industrial control systems that used to be "air-gapped" from the Internet are now connected to corporate networks for business reasons. "We've seen spreadsheets with thousands of control system components that are directly connected to the Internet. Some of those components contain known vulnerabilities that are readily exploitable without much sophistication," says Marty Edwards, director of control systems security at the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the DHS. The organization, with a staff that's grown tenfold to 400 in the past four years, offers control system security standards, shares threat data with critical infrastructure providers and has a rapid response team of "cyberninjas," high-level control systems engineers and cybersecurity analysts who can be deployed at a moment's notice.

Last year, ICS-CERT issued 5,200 alerts and advisories to private industry and government. "[Edwards] had teams fly out seven times last year to help businesses respond to events that either took them offline or severely impacted operations," says Weatherford, who declined to provide details on the nature of those events.

Control systems also suffer from another major weakness: They're usually relatively old and can't easily be patched. "A lot of them were never designed to operate in a network environment, and they aren't designed to take upgrades," Schmidt says. "Its firmware is soldered onto the device, and the only way to fix it is to replace it." Since the systems were designed to last 10 to 20 years, organizations need to build protections around them until they can be replaced. In other cases, updates can be made, but operators have to wait for the service providers who maintain the equipment to do the patching.

So where should the industry go from here?

The place to start is with better standards and best practices, real-time detection and containment, and faster and more detailed information sharing both among critical infrastructure providers and with all branches of government.

Telecoms Deal With Escalating DDoS Threat

Electric grid operators worry about compromised computerized industrial control systems taking them offline. Telecommunications companies worry that a large-scale distributed denial-of-service (DDoS) attack will take out another type of critical infrastructure: the Internet.

Until 2009 or so, AT&T might have seen one major DDoS attack a year, says Edward Amoroso, chief security officer and a senior vice president at the telecommunications giant. Today, Tier 1 Internet service providers find themselves fending off a few dozen attacks at any given moment. "It used to be two guys bailing out the ship. Now we have 40, 50 or 60 people dumping the water out all the time," he says. In fact, attacks have been scaling up to the point where Amoroso says he worries they could potentially flood backbone networks, taking portions of the Internet offline.

It would take just 64,000 PCs infected with a virus similar to Conficker to spew out about 10Gbps of traffic, he says. "Multiply that by four, and you've got 40Gbps, which is the size of most backbones," says Amoroso.

AT&T hasn't yet seen an attack generate enough traffic to flood a backbone, but it may just be a matter of time. "So far no one has pushed that button," he says. "But we need to be prepared."

Telecommunications providers must constantly scramble and innovate to keep ahead. They devise new defense techniques, then those techniques become popular and adversaries figure out new ways to defeat them. "We're going to have to change the mechanisms we now use to stop DDoS [attacks]," he says.

While some progress has been made with standards at both the DHS and industry groups such as the NERC, some argue that government procurement policy could be used to drive higher security standards from manufacturers of hardware and software used to operate critical infrastructure. Today, no such policy exists across all government agencies.

"Government would be better off using its buying power to drive higher levels of security than trying to legislate higher levels of security," argues Pescatore. But the federal government doesn't require suppliers to meet a consistent set of security standards across all agencies.

Even basic changes in contract terms would help, says Schmidt. "There's a belief held by me and others in the West Wing that there's nothing to preclude one from writing a contract today that says if you are providing IT services to the government you must have state-of-the-art cybersecurity protections in place. You must have mechanisms in place to notify the government of any intrusions, and you must have the ability to disconnect networks," he says.

But government procurement policy's influence on standards can go only so far. "The government isn't buying turbines" and control systems for critical infrastructure, says Lewis.

When it comes to shutting down attacks, faster reaction times are key, says Bejtlich. "Attackers are always going to find a way in, so you need to have skilled people who can conduct rapid and accurate detection and containment," he says. For high-end threats, he adds, that's the only effective countermeasure. Analysts need high visibility into the host systems, Bejtlich says, and the network and containment should be achieved within one hour of intrusion.

Opening the Kimono

Perhaps the toughest challenge will be creating the policies and fostering the trust required to encourage government and private industry to share what they know more openly. The government not only needs to pass legislation that provides the incentives and protections that critical infrastructure businesses need to share information on cyberthreats, but it also needs to push the law enforcement, military and intelligence communities to open up. For example, if the DOD is planning a cyberattack abroad against a type of critical infrastructure that's also used in the U.S., should information on the weakness being exploited be shared with U.S. companies so they can defend against counterattacks?

"There is a need for American industry to be plugged into some of the most secretive elements of the U.S. government -- people who can advise them in a realistic way of what it is that they need to be concerned about," says Hayden. Risks must be taken on both sides so everyone has a consistent view of the threats and what's going on out there.

One way to do that is to share some classified information with selected representatives from private industry. The House of Representatives recently passed an intelligence bill, the Cyber Intelligence Sharing and Protection Act, which would give security clearance to officials of critical industry operators. But the bill has been widely criticized by privacy groups, which say it's too broad. Given the current political climate, Hayden says he expects the bill to die in the Senate.

Information sharing helps, and standards form a baseline for protection, but ultimately, every critical infrastructure provider must customize and differentiate its security strategy, Amoroso says. "Right now, every business has exactly the same cybersecurity defense, usually dictated by some auditor," he says. But as in football, you can't win using just the standard defense. A good offense will find a way around it. "You've got to mix it up," Amoroso says. "You don't tell the other guys what you're doing."

Next: Timeline: Critical infrastructure under attack



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: October, 09, 2017