Browsing Posts in Gov
Here’s a real copy of an American citizen’s DHS Travel Record, retrieved from the US Customs and Border Patrol’s Automated Targeting System and obtained through a FOIA/Privacy Act request. The document reveals that the DHS is storing: the traveler’s credit card number and expiration; IP addresses used to make Web travel reservations; hotel information and itinerary; full airline itinerary including flight numbers and seat numbers; phone numbers including business, home, and cell; and every frequent flyer and hotel number associated with the traveler, even ones not used for the specific reservation.
Hugh Pickens writes “Former CIA counterterrorism analyst Stephen Lee has an interesting article in the Examiner asserting that the National Security Agency is ‘a secretive, hidebound culture incapable of keeping up with innovation,’ with a history of disregard for privacy and civil liberties. Lee says that for most of its sixty-year history, the NSA has been geared to cracking telecom and crypto gear produced by Soviet and Chinese design bureaus, but at the end of the cold war became ’stymied by new-generation Western-engineered telephone networks and mobile technologies that were then spreading like wildfire in the developing world and former Soviet satellite countries.’ When the NSA finally recognized that it needed to get better at innovation, it launched several mega-projects, tagged like ‘Trailblazer’ and ‘Groundbreaker,’ that have been spectacular failures, costing US taxpayers billions. More recently, the NY Times reported that the NSA has been breaking rules set by the Obama administration to peer even more aggressively into American citizens’ phone traffic and email inboxes. Whistleblower reports portray NSA domestic eavesdropping programs as unprofessional and poorly supervised, with intercept technicians ridiculing and mishandling recordings of citizens’ private ‘pillow talk’ conversations. Lee concludes that ‘if the Federal government must play a role, then Congress and President Obama should turn to another agency without a record of creating mistrust — perhaps even a new entity. Meanwhile, NSA should focus on listening in on America’s enemies, instead of being an enemy of Americans and their enterprises.’”
The existence and operation of massive, coordinated, government-affiliated online espionage networks is typically the province of television or the silver screen, rather than the subject of research. In the real world, even a direct link between online and offline action (Russia’s invasion of Georgia and the simultaneous online attacks against that country
are a good example) is not enough to automatically prove that the government behind the one is automatically behind the other. We’ve covered the rise of hacktivism previously on Ars; as more citizens
come online, we’ll undoubtedly see more of this type of crowdsourced aggression in the future.
Researchers in Toronto, however, may have actually discovered and tracked a hacking effort that can be traced back to a foreign intelligence network—China’s, in this case—over the past ten months. The team, which is affiliated with
the Munk Centre for International Studies, has published an extensive report on the activities of what they dub GhostNet. Their investigation took place from June 2008 through March
of 2009, and focused on allegations that the Chinese had engaged in systemic online espionage activities against the Tibetan community. GhostNet was spread through the use of a wide variety of Trojans, many of which were controlled through a program nicknamed gh0st RAT (Remote Access Tool).
[From Chinese cyberespionage network runs across 103 nations]
Matt Blaze analyzes the implications of a recent Newsweek story on the Bush administration’s use of the NSA for domestic spying on communications, and questions whether the lower legal threshold for the collection of communications metadata is giving away too much to the government: ‘As electronic communication pervades more of our daily lives, transaction records — metadata — can reveal quite a bit about us, indeed often much more than a few out-of-context conversations might. Aggregated into databases with other people’s records (or perhaps everyone’s records) and analyzed by powerful software, metadata by itself can paint a remarkably detailed picture of connections, relationships, and other patterns that could never be recovered simply from listening to the conversations themselves.
The Federal Trade Commission (FTC) won an injunction today against software vendor and keylogger developer CyberSpy. The US district court ruling prohibits CyberSpy from selling or operating its RemoteSpy software package.
[From US court orders keylogger CyberSpy to halt software sales]
Many nations are under constant cyber attack. The United States seems to be ground zero for the vast majority of the cyber attacks launched be their digital enemies around the world. A former CIA official provided the following statistics. In 2007 there were 37,000 reported breaches of government and private systems. In addition, there were nearly 13,000 direct assaults on federal agencies and 80,000 attempted computer network attacks on Defense Department systems.
In addition who could forget the U.S. Air Force commercial showing a picture of the pentagon and saying this building gets 6 million cyber attacks a day.
Cyber attacks are now expected to cause maximum damage because of the professional tools being used by the attackers. According to the cyber threat report released by Intelomics, the following list identifies the cyber attack techniques that have seen a significant increase in their level of sophistication.
- Internet social engineering attacks
- Wireless and wired network sniffers
- Packet spoofing
- Hijacking sessions
- Automated probes and scans
- GUI intruder tools
- Automated widespread attacks
- Widespread denial-of-service attacks
- Executable code attacks (against browsers)
- Techniques to analyze code to identify vulnerabilities
- Widespread attacks on DNS infrastructure
- Widespread attacks using NNTP to distribute attack
- “Stealth” and other advanced scanning techniques
- Windows-based remote controllable Trojans (Back Orifice)
- Email propagation of malicious code
- Wide-scale Trojan distribution
- Distributed attack tools
- Distributed denial of service attacks
- BotNets and Zombies
- Anti-forensic techniques
- Wide-scale use of worms
- Man-in-the Middle plus Man-in-the-Browser exploitation
Cyber threats are now demanding immediate attention because of the increased dangers they pose to commercial and government entities and national security. The Congressional Research Service study found the economic impact of cyber attacks on businesses has grown to over $226 billion annually. Despite the significant impact, there is no clear framework for business executives to assess the financial impact of their cyber risks. According to two new surveys, the threat to corporate computer systems from cyber attacks is getting worse, despite stronger corporate defenses. Some cyber security measures might include more restrictive hiring practices, restricting remote working arrangements, increasing monitoring of flexible work hours and telecommuting as well as restriction on access by trading partners, vendors and consultants. In addition, organizations must also increase computer security awareness training for information technology workers as well as the general systems/computer user community.
A cyber attack special investigator at Intelomics said, “the reports of attacks, breaches and system compromises that make the news are only the tip of the iceberg. The vast majority of these attacks go undisclosed and thus are not covered by the media.”
Most nations do not have adequate IT security to protect against targeted cyber attacks. Technolytics have warned before that these cyber attackers are well financed and have an arsenal of highly sophisticated weapons that not only circumvent current security controls, but leverage anti-forensic techniques that remove evidence of their attacks. The United States, European Union, United Nations and NATO must act and act now. In view of the current situation I would like to suggest they seriously consider the following actions and move immediately to adopt and implement these measures.
1. Establish a cyber threat operating committee under the United Nations Security Council.
a. This cyber threat operating committee must be closely linked in a collaborative relationship with the Counter-Terrorism Committee.
2. Create a framework to determine what constitutes an act of cyber war and create a legal framework that addresses international criminal cyber acts.
3. Proactively create a framework of actions that can quickly be levied against cyber aggressors.
a. These actions must include both economic and military sanctions as well as suspension of connectivity to the Internet backbone by both physical communications cables and via satellite.
4. Create a cyber peacekeeping force that is a rapid response asset to assist in repelling any offensive cyber-based aggression.In the interest of global peace, economic integrity and stability, I believe that the United States, European Union, United Nations and NATO must proactively send a stern warning to those who choose to use cyber weapons against other nations, that there will be severe consequences of such actions.
[From The Cyber Attack Danger]
Medvedev observes first-ever test-launch of Russian SLBM
The National Applications Office is meant to coordinate the use of military spy satellites to watch the US, but the GAO warns that more privacy checks are needed. Congress has given the NAO a qualified go-ahead, barring cooperation with law enforcement… for now.
[From New surveillance program will turn military satellites on US]
The Iranian military consists of the Army, Air Force, Navy, and a Revolutionary Guard force. Iran’s total active duty armed forces numbers 513,000, while reserves add another 350,000. The army is divided into 3 army headquarters with 4 armored divisions and 7 infantry divisions, 1 airborne brigade, 1 Special Forces division and now 1 cyber division. Their budget equates to between $95 and $100 per capita. This figure is lower than other Persian Gulf nations, and lower as a percentage of gross national product than all other Gulf States except the United Arab Emirates.
Education is considered a top priority in the development plans of the country, the authorities have endeavored to increase the primary education enrolment rate. In 2008 Iran had over 3.5 million students enrolled in universities. In the past two decades the education system and curricula have been reformed multiple times. Application of modern educational equipment and technologies such as information and communication technologies is developing considerably. The increased attention to higher education is producing the computer scientists and technology engineers necessary to have an advanced cyber weapons program.
Iran’s Software Capability
Iran has the capacity to meet the large domestic demand for software and at the same time to become internationally competitive. The software sector itself, although strong in some areas, is not internationally competitive. The Iranian High Council of Informatics has categorized 543 informatics companies, and the software sector output is around $50 million although, once again, statistics are educated guesses rather than based on hard statistical evidence.
Iran’s Asymmetric Capabilities
Iran has significant asymmetric warfare capabilities and poses an additional threat of proliferation. Iran’s economic growth last year surpassed 7%. The expansion of their economy is funding research, development and acquisition of strategic military capabilities. They are intensely focused on developing their other means of military and asymmetrical weapons and tactics. Iran’s military buildup poses direct threats to U.S. interests. It is believed that Iran has fairly advanced cyber-warfare weapons and offensive plans that include cyber attacks against a specific government web sites and infrastructure. Iran’s cyber ambitions are ambitious and troubling. The following section represents and estimation of Iran’s cyber warfare capabilities.
Estimated Cyber Capabilities
Iran Islamic Revolution Guards Corps (IRGC)
- Military Budget: $11.5 Billion USD
- Global Rating in Cyber Capabilities: Top 5
- Cyber Warfare Budget: $76 Million USD
- Offensive Cyber Capabilities: 4.0 (1 = Low, 3 = Moderate and 5 = Significant)
Cyber Weapons Arsenal (In Order of Threat)
- Electromagnetic pulse weapons (non-nuclear)
- Compromised counterfeit computer software
- Wireless data communications jammers
- Computer viruses and worms
- Cyber data collection exploits
- Computer and networks reconnaissance tools
- Embedded Trojan time bombs (suspected)
Cyber Weapons Capabilities Rating Moderate to Advanced
Cyber Force Size 2,400
- Reserves and Militia: Reserve with an estimated at 1,200
- Broadband Connections: Less than 100,000
- Hacker Community: Hackers have demonstrated their capabilities by successfully attacking numerous Israeli Web site and others. Cyber activists are common in Iran and very active.
Many world leaders as well as U.S. President Bush has publicly vowed that he would never “tolerate” a nuclear Iran. The question now is what about a cyber Iran?
Cyber-security professionals from the private and public sectors are part of a commission that will brief the next US president on the current state of cybersecurity, but if a recent GAO draft report is anything to go by, said briefing will not be all sunshine and puppies. Both reports define a number of current deficiencies in US policy in general and US-CERT in particular—five years on, the state of the country’s security remains more of a debate than it should be.
There are a few photo’s out from Chinese BBS worth noting. The first appears to be the Fourth Yuan class submarine being rolled out at Wuhan. Click for better resolution.
Also interesting is this picture from CCTV of two nuclear submarines, what the TV is calling Type 091s. They don’t look like Type 091s to me, and I looked around and crobato from the Sino Defence Forum doesn’t think so either. Some bloggers in China are calling it a Type 091 mod III, while others are calling it an early version of the Type 093. Hard to tell.
Very interesting anyway. [From PLAN Submarine Update]
U.S. to deploy DNS Security in two years [From Brief: U.S. to deploy DNS Security in two years]
For decades its name could not be spoken outside of a Sensitive Compartmented Information Facility or mentioned to someone without at least TS/SCI clearance.
It built wondrous satellites that did things like detecting missile launches from space that no one had believed possible until the National Reconnaissance Office did them.
But a string of failures, goofs and budget busters, combined with the increasing importance of intelligence gathered by air breathing assets such as Predator and Global Hawk drones, has led a prestigious commission of space experts to recommend that the NRO be merged with Space and Missile Systems Command to create something called the National Security Space Organization.
The recommendation is made by something called the Allard Commission, which was created by Congress last year. It is led by the national security space guru Tom Young, a former Lockheed Martine executive and the man who always seems to get the call to figure out how to fix space when things go wrong. Young has kept his panels recommendations under wraps but word began leaking out last week.
The plan would also lead to stripping the Air Force of its executive agent for space the person who serves the Office of Secretary of Defense as the lead on unclassified space acquisitions and transferring it to the new authority. This office will also have budget authority for all space programs.
This would include a combination of the NRO and SMC and other elements of Air Force Space Command to create a single National Security Space Command.
A veteran space intelligence expert, Bob Butterworth, rejected the Allard Commissions proposals, especially its efforts to integrate so-called black (NRO) and white (military) space. The effort to integrate is just misconceived, he said. People who even started out doing black-white integration mostly gave up after going through the first space based radar experience. Space Radar was an idea generated from the top of the Donald Rumsfeld Pentagon. It was supposed to provide the US with both moving target indication the ability to track trucks and tanks and highly refined strategic radar imagery of use to the intelligence community. The idea has foundered on the rocks of wildly differing requirements and enormous cost.
Integration exponents also argue that the space industrial base is largely shared between the two communities. Thus, integrating programs could save money and lessen the strain on the limited pool of engineers and other specialists needed to build satellites and their sensors.
That has not been documented. It is just hand waving as far as I can tell, Butterworth said.
For those watch these things closely, the Allard Commissions use of the NSSO name has caused considerable confusion in the rumor mill. Was the commission recommending dissolution of the NSSO, an office without budgetary authority that advises the Pentagons executive agent for space? No. It was suggesting creation of an entirely new organization.
Part of the NROs problem is that under current law no one really knows including congressional aides who help write the laws deciding this who is in charge of classified acquisition programs. This raises the question, who is in charge, and that is unanswerable, said a congressional aide. For background on some of this, see last weeks story on the BASIC program.
Does this mean the NRO will vanish? The name may change, the organization may be rebuilt but the functions wont disappear. More on this tomorrow.
It is found that anything that can go wrong at sea generally does go wrong sooner or later, so it is not to be wondered that owners prefer the safe to the scientific. It is also found that it is almost as bad to have too many parts as too few; that arrangements which are for exceptional and occasional use are rarely available when wanted, and have the disadvantage of requiring additional care. Their very presence, too, seems in effect to indispose the engineer to attend to essentials. Sufficient stress can hardly be laid on the advantages of simplicity. The human factor cannot be safely neglected in planning machinery. If attention is to be obtained, the engine must be such that the engineer will be disposed to attend to it.”
In the November 13, 1877 session, published 1878, Alfred Holt, “Review of the Progress of Steam Shipping during the last Quarter of a Century,” pp. 2-11, here p. 8, Minutes of Proceedings of the Institution of Civil Engineers, Vol. LI, Session 1877-78–Part I. London: Published by the Institution, 1878. (source)
There are a number of lessons from the limited information we have heard regarding the Russian Black Sea Fleet involvement in Georgia, and we don’t believe it is too early to begin talking about them.
I have already read in multiple places how shocked, SHOCKED I tell you!… people are that the tiny Georgian Navy could possibly not only conduct a successful attack, but perhaps even damage the Russian cruiser Moskva in a Black Sea battle a few weeks ago. We have no hard evidence, only the reports that we have linked from the blog, but if we are simply speaking to the possibility the answer is of coarse “yes it could happen.” Those with doubt fail to conceal their utmost faith in technology, a terrible failing if there ever was one in the littorals. Most of all though, they simply fail to recognize the most important element of littoral warfare: tactics. You see, the quote above is best known as one of the earliest precursors to the modern version of Murphy’s law. As it turns out, Murphy was a nautical man, and understood littoral warfare.
Those who seek comfort in technology to override all possibilities fail to realize that tactics is the ultimate equalizer. Technology is not a substitute for tactics. Considering the probability of a nighttime amphibious landing, with multiple small vessels traveling in the littoral, and the potential of private civilian craft also operating at night; a maritime force can and apparently did exploit the conditions for an attack. With limited visibility, the Russians were forced to rely on technology to identify friend from foe in the fog of war, a process that is never easy. This is not limited to the Russians, and is an important reminder that while technology can improve the situational awareness of naval forces, tactics and doctrine determine success or failure in littoral warfare regardless of the size of your opponent. Victory at sea is earned by those who take victory from their opponent.
But the battle was not the most important lesson from the recent conflict in the Black Sea. The most important lesson is that Russia was able to take objectives because their naval forces were expeditionary. While control of the sea is a worthy task, we are yet to see a major power, regional or superpower, struggle to take command of the sea from an opponent who contested it. The utilization of naval power for Russia was decisive, in fact Russia has achieved extraordinary goals not because Russia was able to attack by land south into South Ossetia, but because they were able to move large numbers of troops by sea to seize strategic objectives. Lets be honest, Poti is an enormous strategic holding by Russia, it isn’t surprising they aren’t giving it up now that they have achieved control.
For all the talk about how the United States hasn’t conducted an amphibious landing against a hostile enemy, we note it has been even longer since a US submarine has sunk an enemy vessel in anger… yet no one is suggesting we get rid of submarines. Amphibious assault is a core military requirement of naval forces as old as sea power itself, and as Georgia reminds us, in the expeditionary era it is the ability to leverage expeditionary forces that will give nations the advantage over their adversaries.
The lesson at sea of the recent Russian-Georgian conflict is that our strategists have been right all along, it is about turning towards the littorals to extend influence beyond the shores, and we must perfect the skills, hone our tactics, and resource properly to empower our people to be prepared and successful in the littorals where Murphy’s law tends to show its ugly face.
[From Observing Early Lessons from the Russia-Georgian Conflict]
The Federation of American Scientists security blog has an interesting article up regarding PLA activity to limit the effectiveness of Google Earth. I guess they aren’t very happy.
Chinese military authorities are paying increased attention to foreign satellite reconnaissance of Chinese forces and operations, and are pursuing countermeasures such as camouflage and deception to conceal sensitive material and activities, according to a newly-disclosed analysis (pdf) performed in 2007 by the DNI Open Source Center.
We enjoy looking at PLAN submarines, but if building underground submarine bases is how the PLAN is coping with Google Earth and other open source satellite imagery, what a great bargain for the United States. You’ll have to forgive me if I take a moment and laugh at the insecurity of China in a Google world.
If China wasn’t the only economic power in the top 30 hiding their military expenditures, nobody would care. However, the lack of transparency is a problem, in fact the lack of transparency is about the only hurdle facing the US and China in forming genuine partnerships in the 21st century. Secrets on top of secrets hidden behind secrets is not a healthy foundation for partnership.
The report is a quick read of seven pages. Guess we can look forward to a future where electronic jamming and laser dazzling are techniques China uses to conceal the activity of the PLA from the curious eyes of satellite technology. Welcome to the emerging information war.
