Most Consumers Support Government Cyber-Spying
Sixty-three percent of people believe that it is acceptable for their government to spy on another country’s computer systems
Browsing Posts in Gov
Here’s a real copy of an American citizen’s DHS Travel Record, retrieved from the US Customs and Border Patrol’s Automated Targeting System and obtained through a FOIA/Privacy Act request. The document reveals that the DHS is storing: the traveler’s credit card number and expiration; IP addresses used to make Web travel reservations; hotel information and itinerary; full airline itinerary including flight numbers and seat numbers; phone numbers including business, home, and cell; and every frequent flyer and hotel number associated with the traveler, even ones not used for the specific reservation.
Hugh Pickens writes “Former CIA counterterrorism analyst Stephen Lee has an interesting article in the Examiner asserting that the National Security Agency is ‘a secretive, hidebound culture incapable of keeping up with innovation,’ with a history of disregard for privacy and civil liberties. Lee says that for most of its sixty-year history, the NSA has been geared to cracking telecom and crypto gear produced by Soviet and Chinese design bureaus, but at the end of the cold war became ‘stymied by new-generation Western-engineered telephone networks and mobile technologies that were then spreading like wildfire in the developing world and former Soviet satellite countries.’ When the NSA finally recognized that it needed to get better at innovation, it launched several mega-projects, tagged like ‘Trailblazer’ and ‘Groundbreaker,’ that have been spectacular failures, costing US taxpayers billions. More recently, the NY Times reported that the NSA has been breaking rules set by the Obama administration to peer even more aggressively into American citizens’ phone traffic and email inboxes. Whistleblower reports portray NSA domestic eavesdropping programs as unprofessional and poorly supervised, with intercept technicians ridiculing and mishandling recordings of citizens’ private ‘pillow talk’ conversations. Lee concludes that ‘if the Federal government must play a role, then Congress and President Obama should turn to another agency without a record of creating mistrust — perhaps even a new entity. Meanwhile, NSA should focus on listening in on America’s enemies, instead of being an enemy of Americans and their enterprises.’”
The existence and operation of massive, coordinated, government-affiliated online espionage networks is typically the province of television or the silver screen, rather than the subject of research. In the real world, even a direct link between online and offline action (Russia’s invasion of Georgia and the simultaneous online attacks against that country
are a good example) is not enough to automatically prove that the government behind the one is automatically behind the other. We’ve covered the rise of hacktivism previously on Ars; as more citizens
come online, we’ll undoubtedly see more of this type of crowdsourced aggression in the future.
Researchers in Toronto, however, may have actually discovered and tracked a hacking effort that can be traced back to a foreign intelligence network—China’s, in this case—over the past ten months. The team, which is affiliated with
the Munk Centre for International Studies, has published an extensive report on the activities of what they dub GhostNet. Their investigation took place from June 2008 through March
of 2009, and focused on allegations that the Chinese had engaged in systemic online espionage activities against the Tibetan community. GhostNet was spread through the use of a wide variety of Trojans, many of which were controlled through a program nicknamed gh0st RAT (Remote Access Tool).
[From Chinese cyberespionage network runs across 103 nations]
Matt Blaze analyzes the implications of a recent Newsweek story on the Bush administration’s use of the NSA for domestic spying on communications, and questions whether the lower legal threshold for the collection of communications metadata is giving away too much to the government: ‘As electronic communication pervades more of our daily lives, transaction records — metadata — can reveal quite a bit about us, indeed often much more than a few out-of-context conversations might. Aggregated into databases with other people’s records (or perhaps everyone’s records) and analyzed by powerful software, metadata by itself can paint a remarkably detailed picture of connections, relationships, and other patterns that could never be recovered simply from listening to the conversations themselves.
The Federal Trade Commission (FTC) won an injunction today against software vendor and keylogger developer CyberSpy. The US district court ruling prohibits CyberSpy from selling or operating its RemoteSpy software package.
[From US court orders keylogger CyberSpy to halt software sales]
Many nations are under constant cyber attack. The United States seems to be ground zero for the vast majority of the cyber attacks launched be their digital enemies around the world. A former CIA official provided the following statistics. In 2007 there were 37,000 reported breaches of government and private systems. In addition, there were nearly 13,000 direct assaults on federal agencies and 80,000 attempted computer network attacks on Defense Department systems.
In addition who could forget the U.S. Air Force commercial showing a picture of the pentagon and saying this building gets 6 million cyber attacks a day.
Cyber attacks are now expected to cause maximum damage because of the professional tools being used by the attackers. According to the cyber threat report released by Intelomics, the following list identifies the cyber attack techniques that have seen a significant increase in their level of sophistication.
- Internet social engineering attacks
- Wireless and wired network sniffers
- Packet spoofing
- Hijacking sessions
- Automated probes and scans
- GUI intruder tools
- Automated widespread attacks
- Widespread denial-of-service attacks
- Executable code attacks (against browsers)
- Techniques to analyze code to identify vulnerabilities
- Widespread attacks on DNS infrastructure
- Widespread attacks using NNTP to distribute attack
- “Stealth” and other advanced scanning techniques
- Windows-based remote controllable Trojans (Back Orifice)
- Email propagation of malicious code
- Wide-scale Trojan distribution
- Distributed attack tools
- Distributed denial of service attacks
- BotNets and Zombies
- Anti-forensic techniques
- Wide-scale use of worms
- Man-in-the Middle plus Man-in-the-Browser exploitation
Cyber threats are now demanding immediate attention because of the increased dangers they pose to commercial and government entities and national security. The Congressional Research Service study found the economic impact of cyber attacks on businesses has grown to over $226 billion annually. Despite the significant impact, there is no clear framework for business executives to assess the financial impact of their cyber risks. According to two new surveys, the threat to corporate computer systems from cyber attacks is getting worse, despite stronger corporate defenses. Some cyber security measures might include more restrictive hiring practices, restricting remote working arrangements, increasing monitoring of flexible work hours and telecommuting as well as restriction on access by trading partners, vendors and consultants. In addition, organizations must also increase computer security awareness training for information technology workers as well as the general systems/computer user community.
A cyber attack special investigator at Intelomics said, “the reports of attacks, breaches and system compromises that make the news are only the tip of the iceberg. The vast majority of these attacks go undisclosed and thus are not covered by the media.”
Most nations do not have adequate IT security to protect against targeted cyber attacks. Technolytics have warned before that these cyber attackers are well financed and have an arsenal of highly sophisticated weapons that not only circumvent current security controls, but leverage anti-forensic techniques that remove evidence of their attacks. The United States, European Union, United Nations and NATO must act and act now. In view of the current situation I would like to suggest they seriously consider the following actions and move immediately to adopt and implement these measures.
1. Establish a cyber threat operating committee under the United Nations Security Council.
a. This cyber threat operating committee must be closely linked in a collaborative relationship with the Counter-Terrorism Committee.
2. Create a framework to determine what constitutes an act of cyber war and create a legal framework that addresses international criminal cyber acts.
3. Proactively create a framework of actions that can quickly be levied against cyber aggressors.
a. These actions must include both economic and military sanctions as well as suspension of connectivity to the Internet backbone by both physical communications cables and via satellite.
4. Create a cyber peacekeeping force that is a rapid response asset to assist in repelling any offensive cyber-based aggression.In the interest of global peace, economic integrity and stability, I believe that the United States, European Union, United Nations and NATO must proactively send a stern warning to those who choose to use cyber weapons against other nations, that there will be severe consequences of such actions.
[From The Cyber Attack Danger]
Medvedev observes first-ever test-launch of Russian SLBM
The National Applications Office is meant to coordinate the use of military spy satellites to watch the US, but the GAO warns that more privacy checks are needed. Congress has given the NAO a qualified go-ahead, barring cooperation with law enforcement… for now.
[From New surveillance program will turn military satellites on US]
The Iranian military consists of the Army, Air Force, Navy, and a Revolutionary Guard force. Iran’s total active duty armed forces numbers 513,000, while reserves add another 350,000. The army is divided into 3 army headquarters with 4 armored divisions and 7 infantry divisions, 1 airborne brigade, 1 Special Forces division and now 1 cyber division. Their budget equates to between $95 and $100 per capita. This figure is lower than other Persian Gulf nations, and lower as a percentage of gross national product than all other Gulf States except the United Arab Emirates.
Education is considered a top priority in the development plans of the country, the authorities have endeavored to increase the primary education enrolment rate. In 2008 Iran had over 3.5 million students enrolled in universities. In the past two decades the education system and curricula have been reformed multiple times. Application of modern educational equipment and technologies such as information and communication technologies is developing considerably. The increased attention to higher education is producing the computer scientists and technology engineers necessary to have an advanced cyber weapons program.
Iran’s Software Capability
Iran has the capacity to meet the large domestic demand for software and at the same time to become internationally competitive. The software sector itself, although strong in some areas, is not internationally competitive. The Iranian High Council of Informatics has categorized 543 informatics companies, and the software sector output is around $50 million although, once again, statistics are educated guesses rather than based on hard statistical evidence.
Iran’s Asymmetric Capabilities
Iran has significant asymmetric warfare capabilities and poses an additional threat of proliferation. Iran’s economic growth last year surpassed 7%. The expansion of their economy is funding research, development and acquisition of strategic military capabilities. They are intensely focused on developing their other means of military and asymmetrical weapons and tactics. Iran’s military buildup poses direct threats to U.S. interests. It is believed that Iran has fairly advanced cyber-warfare weapons and offensive plans that include cyber attacks against a specific government web sites and infrastructure. Iran’s cyber ambitions are ambitious and troubling. The following section represents and estimation of Iran’s cyber warfare capabilities.
Estimated Cyber Capabilities
Iran Islamic Revolution Guards Corps (IRGC)
- Military Budget: $11.5 Billion USD
- Global Rating in Cyber Capabilities: Top 5
- Cyber Warfare Budget: $76 Million USD
- Offensive Cyber Capabilities: 4.0 (1 = Low, 3 = Moderate and 5 = Significant)
Cyber Weapons Arsenal (In Order of Threat)
- Electromagnetic pulse weapons (non-nuclear)
- Compromised counterfeit computer software
- Wireless data communications jammers
- Computer viruses and worms
- Cyber data collection exploits
- Computer and networks reconnaissance tools
- Embedded Trojan time bombs (suspected)
Cyber Weapons Capabilities Rating Moderate to Advanced
Cyber Force Size 2,400
- Reserves and Militia: Reserve with an estimated at 1,200
- Broadband Connections: Less than 100,000
- Hacker Community: Hackers have demonstrated their capabilities by successfully attacking numerous Israeli Web site and others. Cyber activists are common in Iran and very active.
Many world leaders as well as U.S. President Bush has publicly vowed that he would never “tolerate” a nuclear Iran. The question now is what about a cyber Iran?
Cyber-security professionals from the private and public sectors are part of a commission that will brief the next US president on the current state of cybersecurity, but if a recent GAO draft report is anything to go by, said briefing will not be all sunshine and puppies. Both reports define a number of current deficiencies in US policy in general and US-CERT in particular—five years on, the state of the country’s security remains more of a debate than it should be.
There are a few photo’s out from Chinese BBS worth noting. The first appears to be the Fourth Yuan class submarine being rolled out at Wuhan. Click for better resolution.
Also interesting is this picture from CCTV of two nuclear submarines, what the TV is calling Type 091s. They don’t look like Type 091s to me, and I looked around and crobato from the Sino Defence Forum doesn’t think so either. Some bloggers in China are calling it a Type 091 mod III, while others are calling it an early version of the Type 093. Hard to tell.
Very interesting anyway. [From PLAN Submarine Update]
U.S. to deploy DNS Security in two years [From Brief: U.S. to deploy DNS Security in two years]
