Tuesday, 5 October 2010

stuxnet / cyberwarfare / internet control and privacy


Stuxnet Super Virus Also Attacked China

October 2nd, 2010

The latest super virus, Stuxnet, which attacked Iran’s Nuclear Facility, is reported to have attacked China too. Some of the industrial computing systems and their hardwares run by the Siemens software were affected by the Stuxnet worm. Now there is a fear shown by the US, that if the virus could hit China, then the United States is not missing on its list.

China has stated that there are almost six million industrial computing systems affected by the malicious worm, these machines are considered the most important part of an functioning industry. The Stuxnet virus aims only Siemens run industrial software which run machineries within a particular industry.

Stuxnet in known as a secret thief also, as after installing itself in an industrial computer, it reprograms the commands for a particular machine or hardware, and provides dangerous commands to them. In addition to this, it also steals sensitive information from the computing system and sends it to the server of the country where it has come from. Many countries around the world have buckled themselves to fight against his virus, as they have prepared anti-viruses that can neutralize the Stuxnet worm program.


Superbug that hit 6m PCs in China traced to US?

Oct 2, 2010

BEIJING: The much-feared new cyber-weapon, the 'Superbug', which has attacked over six million personal and almost 1,000 corporate computers in China has been traced to the US, official media reported.

The Stuxnet cyberworm can break into computers and steal private information, especially from industrial firms, sending it back to a server in the United States, state-run Xinhua news agency quoted Wang Zhantao, an engineer at the Beijing-based Rising International Software Co Ltd, an antivirus service producer in China, as saying.

The super virus made use of a bug in Siemens auto-control systems used in industrial manufacturing to skip the security check, Wang who has been vastly quoted in the local media for the past few days, said.

The virus can copy itself and spread via U-disk in the network of a company.

"Hackers may take control of a company's machinery run under computers infected by Stuxnet, and give dangerous orders causing serious damage," he said.

Official media has been carrying reports about the superbug virus for the past few days said it contained sophisticated malicious software, or malware, believed to be a "new cyber-weapon", which infiltrates mainly factory computers in China threatening the country's national security.


Stuxnet 'cyber superweapon' moves to China

4 days ago

BEIJING — A computer virus dubbed the world's "first cyber superweapon" by experts and which may have been designed to attack Iran's nuclear facilities has found a new target -- China.

The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported this week.

Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves.

It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction.

The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.

"This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data," an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times.

"Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China's national security," he added.

Another unnamed expert at Rising International said the attacks had so far infected more than six million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported.

The Stuxnet computer worm -- a piece of malicious software (malware) which copies itself and sends itself on to other computers in a network -- was first publicly identified in June.

It was found lurking on Siemens systems in India, Indonesia, Pakistan and elsewhere, but the heaviest infiltration appears to be in Iran, according to software security researchers.

A Beijing-based spokesman for Siemens declined to comment when contacted by AFP on Thursday.

Yu Xiaoqiu, an analyst with the China Information Technology Security Evaluation Centre, downplayed the malware threat.

"So far we don't see any severe damage done by the virus," Yu was quoted by the Global Times as saying.

"New viruses are common nowadays. Both personal Internet surfers and Chinese pillar companies don't need to worry about it at all. They should be alert but not too afraid of it."

A top US cybersecurity official said last week that the country was analysing the computer worm but did not know who was behind it or its purpose.

"One of our hardest jobs is attribution and intent," Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC), told reporters in Washington.

"It's very difficult to say 'This is what it was targeted to do,'" he said of Stuxnet, which some computer security experts have said may be intended to sabotage a nuclear facility in Iran.

A cyber superweapon is a term used by experts to describe a piece of malware designed specifically to hit computer networks that run industrial plants.

"The Stuxnet worm is a wake-up call to governments around the world," Derek Reveron, a cyber expert at the US Naval War School, was quoted as saying Thursday by the South China Morning Post.

"It is the first known worm to target industrial control systems."


through rense.com

An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm

September 29, 2010
Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers. debkafile's intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus.

None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them. Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.

The impression debkafile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch."

Looking beyond Iran's predicament, he wondered whether the people responsible for planting Stuxnet in Iran - and apparently continuing to offload information from its sensitive systems - have the technology for stopping its rampage. "My impression," he said, "is that somebody outside Iran has partial control at least on its spread. Can this body stop malworm in its tracks or kill it? We don't have that information at present, he said.

As it is, the Iranian officials who turned outside for help were described by another of the experts they approached as alarmed and frustrated. It has dawned on them that the trouble cannot be waved away overnight but is around for the long haul. Finding a credible specialist with the magic code for ridding them of the cyber enemy could take several months. After their own attempts to defeat Stuxnet backfired, all the Iranians can do now is to sit back and hope for the best, helpless to predict the worm's next target and which other of their strategic industries will go down or be robbed of its secrets next.
While Tehran has given out several conflicting figures on the systems and networks struck by the malworm - 30,000 to 45,000 industrial units - debkafile's sources cite security experts as putting the figure much higher, in the region of millions. If this is true, then this cyber weapon attack on Iran would be the greatest ever.


Experts see nation-state behind sophisticated computer virus attack

IAN ALLEN, intelNews.org
September 29, 2010

Computer forensics specialists are split as to the purpose and initial target of a sophisticated computer virus that infected computers used in the Iranian government’s nuclear energy program. The virus, named Stuxnet, was discovered in Iran in June by a Belarusian computer security firm doing business in the Islamic Republic. It has since infected at least 100,000 computer systems in countries such as Brazil, India, Russia and the United States. But the primary target of the virus appears to have been the Iranian nuclear energy program, specifically computers located at the Islamic Republic’s nuclear reactor facility in Bushehr and the uranium enrichment plant in Natanz. Several commentators, including Wired magazine, dispute the existence of any evidence pointing to a clear target inside Iran. But Israeli media maintain that computers at Natanz were the primary target of Stuxnet, and that subsequent infections at computer labs at Bushehr were in fact an unintended side effect. Putting aside differences regarding the primary target of the virus, most experts agree that the complexity and sophistication of Stuxnet’s code point to the sort of programming resources that would normally be available only to “a well-resourced nation-state”. Israel’s Ha’aretz daily identifies Unit 8200 of the Israeli Military Intelligence, or the Mossad, as chief suspects behind Stuxnet. The latter appears specifically designed to sabotage sensitive hardware components found specifically in centrifuges. In the summer of 2009, the Reuters news agency revealed the existence of a covert Israeli cyberwarfare scheme directed against the Iranian nuclear energy program.


Israeli cyber unit responsible for Iran computer worm – claim

An elite Israeli military unit responsible for cyberwarfare has been accused of creating a virus that has crippled Iran's computer systems and stopped work at its newest nuclear power station.

Richard Spencer and Damien McElroy
30 Sep 2010

Computer experts have discovered a biblical reference embedded in the code of the computer worm that has pointed to Israel as the origin of the cyber attack.

The code contains the word "myrtus", which is the Latin biological term for the myrtle tree. The Hebrew word for myrtle, Hadassah, was the birth name of Esther, the Jewish queen of Persia.

In the Bible, The Book of Esther tells how the queen pre-empted an attack on the country's Jewish population and then persuaded her husband to launch an attack before being attacked themselves.

Israel has threatened to launch a pre-emptive attack on Iran's facilities to ensure that the Islamic state does not gain the ability to threaten its existence.

Ralf Langner, a German researcher, claims that Unit 8200, the signals intelligence arm of the Israeli defence forces, perpetrated the computer virus attack by infiltrating the software into the Bushehr nuclear power station

Mr Langer said: "If you read the Bible you can make a guess."

Computer experts have spent months tracing the origin of the Stuxnet worm, a sophisticated piece of malicious software, or malware, that has infected industrial operating systems made by the German firm Siemens across the globe.

Programmers following Stuxnet believe it was most likely introduced to Iran on a memory stick, possibly by one of the Russian firms helping to build Bushehr. The same firm has projects in Asia, including India and Indonesia which were also attacked. Iran is thought to have suffered 60 per cent of the attacks.

Mr Langner said: "It would be an absolute no-brainer to leave an infected USB stick near one of these guys and there would be more than a 50 per cent chance of him pick it up and infect his computer."

Cyber security experts said that Israel was the most likely perpetrator of the attack and had been targeting Iran but that it had not acknowledged a role to its allies.

"Nobody is willing to accept responsibility for this particular piece of malicious software which is a curious, complex and powerful weapon," said one Whitehall expert.

The Iranian authorities acknowledged the worm had struck Bushehr and a statement conceded that the plant would come into operation in January, two months later than planned.

Elizabeth Katina, a researcher at the Royal United Services Institute, said the possibility of a copycat attack on British or American electricity networks or water supplies had been elevated by the release of Stuxnet.

"Critical national infrastructure is at greater risk because this shows groups on the outside of governments how to do it," she said. "It's more likely now that the northeast of England power grid can be shut down until someone decides to start it up again."


Computer virus forces Iran to delay production of nuclear energy

Iran's first nuclear power plant has been forced to delay when it will begin supplying energy by several months, following the spread of a global computer virus.

29 Sep 2010

Iranian officials said on Sunday the Stuxnet virus had hit staff computers at the Bushehr plant, a symbol of Iran's growing geopolitical sway and rejection of international efforts to curb its nuclear activity, but not affected major systems there.

When Iran began loading fuel into Bushehr in August, officials said it would take two to three months for the plant to start producing electricity and that it would generate 1,000 megawatts, about 2.5 per cent of the country's power usage.

"We hope that the fuel will be transferred to the core of the Bushehr nuclear power plant next week and before the second half of the Iranian month of Mehr (Oct. 7)," Ali Akbar Salehi, head of Iran's Atomic Energy Organisation, said.

"The ground is being prepared in this regard and, God willing, the fuel will be loaded to the core of the reactor completely by early November and the heart of Bushehr power plant will start beating by then."

Mr Salehi added: "Two to three months after that electricity will be added to the networks."This would mean Bushehr generating electricity from January or February.

Security experts say the Stuxnet computer worm may have been a state-sponsored attack on Iran's nuclear programme and have originated in the United States or Israel, the Islamic Republic's arch-adversaries.

Iran's programme includes uranium enrichment – separate from Bushehr – that Western leaders suspect is geared towards developing atom bombs. Iran says it is refining uranium only for a future network of nuclear power plants.

Diplomats and security sources say Western governments and Israel view sabotage as one way of slowing Iran's nuclear work.

Little information is available on how much damage, if any, Iran's nuclear and wider infrastructure has suffered from Stuxnet and Tehran will probably never disclose full details.

Some analysts believe Iran may be suffering wider sabotage aimed at slowing its nuclear advances, pointing to a series of unexplained technical glitches that have cut the number of working centrifuge machines at the Natanz enrichment plant.

Bushehr was begun by Germany's Siemens in the 1970s, before Iran's Islamic Revolution, but has been dogged by delays.

Russia designed and built the plant and will supply the fuel. To ease nuclear proliferation concerns, it will take back spent fuel rods that could otherwise be used to make weapons-grade plutonium. Bushehr is also being monitored by inspectors of the U.N. nuclear watchdog.

Washington has criticised Moscow for pushing ahead with Bushehr despite Iranian defiance over its nuclear programme.


Stuxnet worm heralds new era of global cyberwar

Attack aimed at Iran nuclear plant and recently revealed 2008 incident at US base show spread of cyber weapons

Peter Beaumont
30 September 2010

The memory sticks were scattered in a washroom at a US military base in the Middle East that was providing support for the Iraq war.

They were deliberately infected with a computer worm, and the undisclosed foreign intelligence agency behind the operation was counting on the fallibility of human nature. According to those familiar with the events, it calculated that a soldier would pick up one of the memory sticks, pocket it and – against regulations – eventually plug it into a military laptop.

It was correct.

The result was the delivery of a self-propagating malicious worm into the computer system of the US military's central command – Centcom – which would take 14 months to eradicate.

That attack took place in 2008 and was acknowledged by the Pentagon only this August. It was strikingly similar to the recently disclosed cyber attack on Iran's nuclear facilities using the Stuxnet worm, which also appears to have used contaminated hardware in an attempt to cripple Iran's nuclear programme.

Like the attack on Centcom's computers, the Stuxnet worm, which Iran admits has affected 30,000 of its computers, was a sophisticated attack almost certainly orchestrated by a state. It also appears that intelligence operatives were used to deliver the worm to its goal.

Its primary target, computer security experts say, was a control system manufactured by Siemens and used widely by Iran, not least in its nuclear facilities.

Yesterday, Iran confirmed that the worm had been found on laptops at the Bushehr nuclear reactor, which had been due to go online next month but has now been delayed. It denied the worm had infected the main operating system or caused the delay.

"I say firmly that enemies have failed so far to damage our nuclear systems through computer worms, despite all of their measures, and we have cleaned our systems," Ali Akbar Salehi, the head of Iran's atomic energy agency, told the Iranian Students News Agency.

If the Stuxnet attack on Iran was a limited act of cyber sabotage, on Tuesday the US attempted to imagine what an all-out cyber war might look like and whether it was equipped to deal with it.

In an exercise named Cyber Storm III, involving government agencies and 60 private sector organisations including the banking, chemical, nuclear energy and IT sectors, it presented a scenario where America was hit by a co-ordinated cyber shock-and-awe campaign, hitting 1,500 different targets. The results of the exercise have not been released.

One of those who believes that cyber war has finally come of age is James Lewis of the Centre for Strategic and International Studies in Washington. Lewis said that while previous large-scale hacking attacks had been an annoyance, Stuxnet and the attack on Centcom represented the use of malicious programmes as significant weapons. "Cyber war is already here," said Lewis. "We are in the same place as we were after the invention of the aeroplane. It was inevitable someone would work out how to use planes to drop bombs. Militaries will now have a cyber-war capability in their arsenals. There are five already that have that capacity, including Russia and China."

Of those, Lewis said he believed only three had the motivation and capability to mount the Stuxnet attack on Iran: the US, Israel and the UK.

He added that a deliberate hack of an electric generator at the Idaho National Laboratory, via the internet, had previously demonstrated that infrastructure could be persuaded to destroy itself.

"There is growing concern that there has already been hostile reconnaissance of the US electricity grid," he said.

Last year, the Wall Street Journal quoted US intelligence officials describing how cyber spies had charted the on-off controls for large sections of the US grid and its vulnerability to hacking.

The head of the Pentagon's newly inaugurated US Cyber Command, General Keith Alexander, has recently said that it is only a matter of time before America is attacked by something like the Stuxnet worm.

In recent testimony to Congress, Alexander underlined how the cyber war threat had rapidly evolved in the past three years, describing two of the most high-profile attacks on countries: a 2007 assault on Estonia, and a 2008 attack on Georgia during its war with Russia, both blamed on Moscow.

Those were "denial of service" attacks that disabled computer networks. But it is destructive attacks such as Stuxnet that frighten Alexander the most.

He favours agreements similar to nuclear weapons treaties with countries such as Russia to limit the retention and use of cyber-war technology.

One of the problems that will confront states in this new era is identifying who is behind an attack. Some analysts believe Israel is the most likely culprit in the Stuxnet attack on Iran – perhaps through its cyber war "unit 8200", which has been given greater resources. They point to a file in the worm called Myrtus – perhaps an oblique reference to the book of Esther and Jewish pre-emption of a plot to kill them. But it could also be a red herring designed to put investigators off the scent.

Dave Clemente, a researcher into conflict and technology at the International Security Programme at Chatham House in London, argues that where once the threat from cyber war was "hyped … reality has quickly caught up".

"You look at the Stuxnet worm. It is of such complexity it could only be a state behind it," he said.

Clemente points to the fact that the attack used four separate, unpublicised flaws in the operating system of the Bushehr plant to infect it. Other experts note that Stuxnet used genuine verification code stolen from a Taiwanese company, and that the worm's designers built in safeguards to limit the amount of collateral damage it would cause.

"The US and the UK are now putting large amounts of resources into cyber warfare, in particular defence against it," said Clemente, pointing out that there is now a cyber security operations centre in GCHQ and a new office of cyber security in the Cabinet Office. He added: "What I think you can say about Stuxnet is that cyber war is now very real. This appears to be the first instance of a destructive use of a cyber war weapon."


Les cyber-attaques peuvent-elles être des actes de guerre ?

source: reseau Voltaire

29 septembre 2010

Les attaques cybernétiques contre des services de Défense ou à grande échelle contre l’infrastructure informatique d’un Etat ne sont, pour le moment, pas considérées comme des actes de guerre. Pourtant de nombreuses armées se dotent d’unités de hackers. Aussi certains Etats, comme l’Estonie qui a fait l’objet d’attaques massives, plaident pour que l’OTAN reconnaisse la cyber-guerre et l’obligation de défense mutuelle au sein de l’Alliance. Une décision qui pourrait être à double tranchant si l’on observe l’actuelle attaque US contre les ordinateurs liés au programme nucléaire civil iranien.

Dans ce contexte, l’Académie de Défense du Royaume-Uni publie une brève étude d’Alex Michael. Il y dresse l’historique des attaques à caractère politique perpétrées depuis la Chine et la Russie. Ce rapport présente une excellente synthèse des faits connus, tout en faisant l’impasse sur les attaques perpétrées par les Etats-Unis et Israël (à l’exception de l’attaque sous fausse bannière contre Baidu, en janvier 2010, dans le but de détériorer les relations sino-iraniennes).

Il en résulte une étude déséquilibrée. Par exemple, l’auteur présente l’attaque contre les sites officiels géorgiens, en août 2008, comme la première cyber-attaque coordonnées à des opérations militaires classiques. C’est évidemment ridicule lorsqu’on se souvient que l’OTAN avait détruit tous les sites officiels et les médias serbes durant la guerre du Kosovo, en 1999, ou qu’Israël avait détruit des sites libanais et des sites d’information (dont Voltairenet.org), en 2006.

Quoi qu’il en soit, ce rapport fait apparaître deux questions d’importance.

En premier lieu, certaines attaques de très grande ampleur sont l’œuvre de groupes politiques et non d’Etats (on pense aux Nashi russes et aux Hackers rouges en Chine). Il ne peut y être répondu de la même manière que lorsque les attaquants sont des armées.

Secondement, la supériorité chinoise et russe sur les Etats-Unis et l’Union européenne est évidente et indéniable. Le Pentagone qui fut le premier à mettre en oeuvre ces techniques est aujourd’hui complètement dépassé. Or, les attaques informatiques peuvent être beaucoup plus efficaces que des attaques militaires conventionnelles et peuvent toucher des cibles lointaines sans avoir à projeter de forces, et de plus pour un coût insignifiant. Par exemple, dans la configuration actuelle, la Chine pourrait facilement neutraliser tout le système spatial et de communication US en cas de conflit, remportant la guerre avant de la livrer.

On comprend mieux, dès lors, que le général Michael Hyden, l’ancien patron de la NSA puis de la CIA, préconise de donner pouvoir au président des Etats-Unis de fermer abruptement l’Internet mondial en cas de conflit.


Cyber Probing : The Politicisation of Virtual Attack, par Alex Michael, Defence Academy of the United Kingdom, 29 p., 1,1 Mo, Septembre 2010.


SEPTEMBER 25, 2010

Cyber Attacks Test Pentagon, Allies and Foes

SIOBHAN GORMAN in Washington,

Cyber espionage has surged against governments and companies around the world in the past year, and cyber attacks have become a staple of conflict among states.

U.S. military and civilian networks are probed thousands of times a day, and the systems of the North Atlantic Treaty Organization headquarters are attacked at least 100 times a day, according to Anders Fogh Rasmussen, NATO's secretary-general. "It's no exaggeration to say that cyber attacks have become a new form of permanent, low-level warfare," he said.

More than 100 countries are currently trying to break into U.S. networks, defense officials say. China and Russia are home to the greatest concentration of attacks.

The Pentagon's Cyber Command is scheduled to be up and running next month, but much of the rest of the U.S. government is lagging behind, debating the responsibilities of different agencies, cyber-security experts say. The White House is considering whether the Pentagon needs more authority to help fend off cyber attacks within the U.S.

"The Obama administration is very focused on this. The president has designated [cyber security] as a critical national asset," said an Obama administration official, adding that agencies responsible for cyber security have been staffing up, including Homeland Security's development of SWAT teams to respond to cyber attacks on critical infrastructure. "Not only do we have a strategy, but we have moved beyond that to implementation."

NATO's systems are behind the U.S.'s, said one person familiar with U.S. assessments of NATO's systems after a recent trip the deputy defense secretary made there. "The Chinese totally owned them," this person said, adding that NATO hadn't installed many of the basic network security patches, because it had decided some of its computers were too important to ever turn off.

NATO spokesman James Appathurai denied Friday that the alliance's computers were regularly compromised. Apart from a couple of disruptions to its public website, there have been no successful infiltrations of NATO's classified systems, he said.

In the U.K., "we expect to see increased resources for cyber-security operations as part of the upcoming security and defense spending review, and hope to work even more closely with the U.S. on such operations," said Sir Nigel Sheinwald, British ambassador to the U.S., on Friday.

Meanwhile, cyber weapons are being developed at a rapid pace. Many countries—including the U.S., Russia, China, Israel, the U.K., Pakistan, India and North and South Korea—have developed sophisticated cyber weapons that can repeatedly penetrate and have the ability to destroy computer networks, cyber-security specialists say.

Some U.S. intelligence officials and analysts worry that cyber weapons may become the next "loose nukes" problem. "The question is: When will these leak to al Qaeda?" said James Lewis, a cyber-security specialist at the Center for Strategic and International studies who regularly advises the Obama administration. "These are very tightly controlled, but some number of years from now, nonstate actors will have really good stuff."

After Russia's 2007 cyber attacks on Estonia and its 2008 attacks on Georgia during their brief war, U.S. officials concluded that cyber attacks had become a staple of modern warfare.

In the past year, cyber attacks have accompanied a host of geopolitical scuffles. India and Pakistan are attacking each other in cyberspace almost daily, attempting to take down websites with denial-of-service attacks. Among the victims have been Indian police websites, an industry cybersecurity specialist said.

As tensions rise between China and Japan, hackers in both countries have lobbed cyber attacks at each other this month, with Chinese denial of service attacks on Japan's Defense Ministry, as well as its trade ministry and others. Earlier this year, a Kuwaiti hacker attacked a handful of Israeli banks.

The recent computer worm dubbed Stuxnet was the first public example of cyber weapons targeting software for computer-control systems. Most of the systems infected were in Iran, and analysts have speculated that the worm was targeting Iran's Bushehr nuclear facility.

Such weapons could also be used to target software running petroleum refining and production facilities, one industry cyber specialist said.

Stuxnet alarmed officials both in the Pentagon and U.S. industry, because it targeted the core of industrial computer-control systems. "Instead of messing with the nervous system, you're going right to the brain now," one U.S. official said.

Gen. Keith Alexander, the chief of the new U.S. Cyber Command told a congressional panel this week: "What concerns me the most is destructive attacks that are coming, and we're concerned that those are the next things that we will see."

The danger, Gen. Alexander said, is that such attacks can do damage that is difficult to reverse and can't be fixed by blocking Internet traffic, destroying computers and other automated devices connected to the Internet before the government or a company can respond.

"That could cause tremendous damage," he said. "If that were to happen in a war zone, that means our command and control system and other things suffer."

Another danger, he said, is that such an attack could be mounted on the U.S. electrical or banking sector, and the affected company would largely be on its own to defend itself.

The White House is still trying to figure out how the government could aid the response to an attack on the private sector. If there were an attack today, Gen. Alexander said, his Cyber Command does not have the authority to respond to it.

"We need to come up with a more dynamic or active defense," he said. "That is what we are working on right now." The Cyber Command is developing a response model, he said, that Homeland Security and the White House might seek to adapt to the civilian sector.

John Sawers, the head of MI6, Britain's foreign intelligence service, told a private meeting of a U.K. parliamentary panel this year that "the whole question of cyber security is shooting up everybody's agendas," and that it is "a major new challenge to the intelligence community."

Jonathan Evans, his counterpart at MI5, the domestic security service, said, "I don't think we are where we need to be."

NATO also needs to develop the means to identify attacks in the early stages and to better detect the source of any attacks, Mr. Rasmussen said. It has set up a new department to cope with the issue: the Emerging Security Challenges Division.

The growth of the threat is prompting calls for an international agreement to limit cyber attacks.

Nigel Inkster, a former senior MI6 official, now with the International Institute of Strategic Studies in London, said an agreement needed to establish thresholds beyond which a cyber attack would be deemed to constitute an act of aggression.

Jamie Shea, head of policy and planning in Mr. Rasmussen's office, has also called for an agreement to establish an international consensus on limiting and punishing cyber attacks. Through a U.N. working group, the U.S., China, Russia and other countries have taken initial steps to devise ground rules for cyber crime and cyber warfare.

Write to Siobhan Gorman at siobhan.gorman@wsj.com and Stephen Fidler at stephen.fidler@wsj.com


The 7 worst cyberattacks in history (that we know about)

Kevin Hall
Sep 22, 2010

We get a little taste of cyber attacks all the time — look no further than this week's Twitter virus — but what about full-on cyber warfare? Recently the true destructive potential of a cyber attack became frighteningly clear: whole government, banking and military networks overloaded and shut down, vital data and money stolen, and even physical damage if the right components are targeted. The worst part? We usually only find out after the fact.

1. Titan Rain

Target: U.S. military intel

Attacker: China

Damages: In 2004, a Sandia National Laboratories employee, Shawn Carpenter


, discovered a series of large "cyber raids" carried out by what is believed were government-supported cells in China. "Titan Rain" is the name given to these attacks by the FBI, and it was found that several sensitive computer networks were infiltrated by the hackers, such as those at Lockheed Martin and Sandia (owned by Lockheed), but also at the likes of NASA. The danger here is not only can the attackers make off with military intel and classified data; they can also leave backdoors and "zombify" machines — as you'll read below — that make future cyber espionage easier. Titan Rain is considered one of the largest cyberattacks in history.

(It's worth mentioning that Carpenter lost his job for blowing the whistle. You can read about him here.)

2. Moonlight Maze

Target: Military maps and schematics, U.S. troop configurations

Attacker: Russia (Denies involvement)

Damages: Much like Titan Rain, Moonlight Maze represents an operation in which hackers penetrated American computer systems and could pretty much raid at will. It's also one of the earlier major cyber infiltrations that we know of, starting in 1998 and continuing on for two whole years as military data was plundered from the Pentagon, NASA, the Department of Energy and even from universities and research labs.

3. The Estonian Cyberwar

Target: Estonia

Attacker: The Nashi, a pro-Kremlin youth group in Transnistria


Damages: What happened to Estonia in 2007 is considered a model of how vulnerable a nation can be to cyberattacks during a conflict. In a very brief period of time, a variety of methods were used to take down key government websites, news sites and generally flooded the Estonian network to a point that it was useless. The attack is one of the largest after Titan Rain, and was so complex that it's thought that the attackers must have gotten support from the Russian government and large telecom companies. Pictured above is the Bronze Soldier of Tallinn, an important icon to the Russian people and the relocation of which played a part in triggering the attacks.

4. Presidential-level Espionage

Target: Obama, McCain presidential campaigns

Attacker: China or Russia (Suspected)

Damages: No one wants to get a message from the FBI saying, "You have a problem way bigger than what you understand," but that's exactly what happened to both Obama and McCain during their run for the 2008 presidency. What was first thought of as simple cyberattacks on the computers used by both campaigns was discovered to be a more concentrated effort from a "foreign source" that accessed emails and sensitive data. The FBI and secret service swooped in and confiscated all computers, phones and electronics from the campaigns and — with the kind of stuff that gets dug up on the campaign trail — there are probably plenty of folks hoping the FBI keeps them.

5. China's "750,000 American zombies"

Target: U.S. computer networks, all levels

Attacker: Chinese hackers (Government-supported, organized crime related, cyber gangs)

Damages: The worst fallout from a cyberattack can be what it leaves behind, such as malicious software that can be activated later. That, compounded with ongoing efforts by hackers to infect as many machines as possible using bogus email offers, harmful website code and what-have-you can leave a lot of "zombified" machines. Those machines can then be made into cyber weapons, which can overload a network, website or other machine with a deluge of data known as a DDoS, or distributed denial of service attack. Even back in '07, former senior U.S. information security official Paul Strassmann (pictured above) estimated that there were over 730,000 compromised computers "infested by Chinese zombies."

6. The Original Logic Bomb

Target: Siberian gas pipeline in Soviet Russia

Attacker: U.S. Central Intelligence Agency

Damages: One of the scariest implications of cyberwarfare is that the damage isn't always limited to networks and systems. It can get physical, too. In 1982, the CIA showed just how dangerous a "logic bomb" — a piece of code that changes the workings of a system and can cause it to go haywire — can be. The agency caused a Soviet gas pipeline in Siberia to explode in what was described by an air force secretary as "the most monumental non-nuclear explosion and fire ever seen from space," without using a missile or bomb, but a string of computer code. Today, with the proliferation of computer control, the possible targets are virtually endless.


7. "The Most Serious Breach"

Target: U.S. military computer network

Attacker: "Foreign intelligence agency" (unspecified)

Damages: A cyber attack can come in any shape or size — digitally or physically — and one of the worst on an American network happened in 2008. Did it involve thousands of zombie machines and the muscle of a national telecom giant? Nope, you could have held it in the palm of your own hand: a corrupt flash drive. Inserted into a military laptop in the Middle East, the malicious code on the drive created a — according to Deputy Secretary of Defense William Lynn (pictured above) — "digital beachhead, from which data could be transferred to servers under foreign control." The attack acted as another reality check in security, and prompted the Pentagon to form a special cyber military command.


Pentagon breached by foreign hacker

A foreign spy agency carried out the most serious "cyber attack" on the US military's networks when a tainted flash drive was inserted into a laptop in the Middle East, according to a senior Pentagon official.

Alex Spillius, Washington
26 Aug 2010

The USB stick contained a malicious code that spread undetected and was able to transfer data about American operational plans to foreign networks.

Writing in the journal Foreign Affairs, William Lynn, the deputy defence secretary, said the attack was "the worst fear" of anyone running a computer network.

Mr Lynn did not say which country's spy agency was behind the attack or how much damage was caused. He said more than 100 foreign intelligence organisations routinely tried to break into US networks.

"Some governments already have the capacity to disrupt elements of the US information infrastructure," he said.

He said that every year hackers stole enough data from US government agencies, businesses and universities to fill the Library of Congress many times over.

The article went on to warn that adversaries of the US could threaten American military might without building stealth fighters, aircraft carriers or other expensive weapons systems.

"A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target," Mr Lynn wrote.

The Pentagon had never openly discussed the 2008 incident, which was reported at the time without the degree of its seriousness being known. Mr Lynn was evidently granted permission to reveal the details of the attack because officials wanted to raise awareness of the growing threat posed to government computer networks.


Feds want backdoors built into VoIP and email

Warn of investigations 'going dark'

Dan Goodin in San Francisco
27th September 2010

Developers of email, instant-messaging and voice-over-internet-protocol applications would be forced to redesign their services so their contents can be intercepted by law enforcement agents armed with legal wiretap orders under federal legislation reported on Monday by The New York Times.

The legislation would, among other things, require cellphone carriers, websites and other types of service providers to have a way to unscramble encrypted communications traveling over their networks, the report said. It specifically mentions companies such as Research in Motion and Skype, which are popular in part because their cellular communications and VoIP services respectively are widely regarded as offering robust encryption that's impractical if not impossible for government agents to crack.

That in turn has led to warnings by investigators that their ability to wiretap criminal and terrorism suspects is "going dark” as the world increasingly communicates using newer technologies instead of the traditional phone system.

“We're talking about lawfully authorized intercepts,” Valerie E. Caproni, general counsel for the FBI, told The New York Times. “We're not talking expanding authority. We're talking about preserving our ability to execute our existing authority in order to protect the public safety and national security.”

Under the Communications Assistance to Law Enforcement Act, phone and broadband service providers are required to have the technical means in place to eavesdrop on their subscribers. But it doesn't apply to communication service providers, which often offer strong end-to-end encryption services that make it infeasible for them to intercept traffic even through it travels over their networks.

Under a draft bill expected to be submitted to the US Congress when it convenes next year, such services would have to be redesigned, according to Monday's report. Foreign-based providers that do business inside the US would also have to install a domestic office capable of performing intercepts, it said.

The measure is sure to stoke fierce opposition among business leaders, security experts and civil liberties advocates. They argue that the backdoors may have vulnerabilities that can allow hackers to illegally intercept protected communications. Indeed, something similar to that occurred in 2006 when hackers took advantage of legally mandated wiretap functions in Greece to spy on top government officials, including the prime minister.

In addition to threatening the public's privacy, such backdoors can put US-sanctioned services at a competitive disadvantage with those that don't have backdoors built in, critics have charged.

The FBI spent $9.75m last year helping communication companies comply with surveillance requests, the report said. Beyond the costs, the process can significantly delay critical investigations, defenders of the measure said.

U.S. should be able to shut Internet, former CIA chief says

September 26, 2010

SAN ANTONIO (Reuters) - Cyberterrorism is such a threat that the U.S. president should have the authority to shut down the Internet in the event of an attack, Former CIA Director Michael Hayden said.

Hayden made the comments during a visit to San Antonio where he was meeting with military and civilian officials to discuss cyber security. The U.S. military has a new Cyber Command which is to begin operations on October 1.

Hayden said the president currently does not have the authority to shut down the Internet in an emergency.

"My personal view is that it is probably wise to legislate some authority to the President, to take emergency measures for limited periods of time, with clear reporting to Congress, when he feels as if he has to take these measures," he said in an interview on the weekend.

"But I would put the bar really high as to when these kinds of authorities might take place," he said.

He likened cyberwarfare to a "frontier."

"It's actually the new area of endeavor, I would compare it to a new age of exploration. Military doctrine calls the cyber thing a 'domain,' like land sea, air, space, and now cyber … It is almost like a frontier experience" he said.

Hayden, a retired U.S. Air Force general, was director of the Central Intelligence Agency during the administration of President George W. Bush from 2006 to 2009.


Anthony G. Martin
Conservative Examiner

Obama demands access to Internet records without court review

August 16th, 2010

'Big Brother is watching you.' Yet another move toward a totalitarian government has secretly occurred that bears ominous signals for personal freedom.

Barack Obama is demanding access to the Internet records of average citizens, in secret, and without court review.

The Center for Research on Globalization reports the news:

"The Obama administration is seeking authority from Congress that would compel internet service providers (ISPs) to turn over records of an individual's internet activity for use in secretive FBI probes.

"In another instance where Americans are urged to trust their political minders, The Washington Post reported last month that "the administration wants to add just four words--'electronic communication transactional records'--to a list of items that the law says the FBI may demand without a judge's approval."

"Under cover of coughing-up information deemed relevant to espionage or terrorism investigations, proposed changes to the Electronic Communications Privacy Act (ECPA) would greatly expand the volume of private records that can be seized through National Security Letters (NSLs).

"Constitution-shredding lettres de cachet, NSLs are administrative subpoenas that can be executed by agencies such as the FBI, CIA or Defense Department, solely on the say so of supervisory agents.

"The noxious warrants are not subject to court review, nor can a recipient even disclose they have received one. Because of their secretive nature, they are extremely difficult to challenge.

"Issued by unaccountable Executive Branch agents hiding behind a façade of top secret classifications and much-ballyhooed "sources and methods," NSLs clearly violate our constitutional rights."

Under the new directive of the Executive Branch, any telecommunications entity that refuses to comply with government demands for records that are supposed to be private can be slapped with jail-time or fines. This extends to individuals within those corporations, in addition to credit card companies, banks, health insurance companies, airlines, video rental services, book sellers, and libraries.

This new initiative would give the Obama White House unprecedented, sweeping power to snoop into the private communications of every single American.

And the Obama Justice Department has lied about the intent of the directive, claiming that it would grant no power to government to gain access to 'email content.'

FACT-CHECK! The directive does precisely what the DOJ denies due to its provision that allow the Feds to arbitrarily seize private records containing email addresses, the dates and times they were sent and received, and a live 'snap-shot' of anything the user looks at or searches while online.

In addition, according to the Global Research report,

"As I have pointed out before, most recently last month when Idescribed the National Security Agency's PERFECT CITIZEN program, the roll-out of privacy-killing deep-packet inspection software developed by NSA already has the ability to read and catalogue the content of email messages flowing across private telecommunications networks."

The 4th Amendment to the U.S. Constitution, contained in the Bill of Rights, states, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Apparently the Obama Administration, federal government operatives, and their enablers in the Democrat-controlled Congress view the 4th Amendment as a mere nuisance standing in the way of their quest for unbridled power. And, as we have seen numerous times, Constitutional provisions never stop this Administration from that relentless pursuit of totalitarian power.

This is but one more compelling reason to clip the wings of these tyrannical oppressors by initiating overwhelming changes in Congress in November.

Be sure to catch my blog at The Liberty Sphere.


European Commission takes UK to court over web privacy laws

The government is failing to comply with European directives concerning internet privacy, the European Commission claims.

Claudine Beaumont, Technology Editor
30 Sep 2010

The Commission accuses the UK government of failing to provide sufficient safeguards against the illegal interception of internet traffic.

The case, which will go before the European Union’s Court of Justice, is the culmination of a year-long investigation in to the way the UK handles complaints about online behavioural advertising.

The Commission claims that under EU law, British consumers should have an independent authority to to regulate the interception of communications.

It also objects to the Regulation of Investigatory Powers Act 2000, which permits a person to intercept communications if they have “reasonable grounds” to believe that consent had been given by the individual concerned.

“The Commission considers that UK law does not comply with EU rules on consent to interception and on enforcement by supervisory authorities,” said the Commission in a statement.

“The Commission considers that existing UK law governing the confidentiality of electronic communications is in breach of the UK’s obligations under the ePrivacy Directive and the Data Protection Directive.

“EU law requires member states to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.”

If judges at the Court of Justice uphold the Commission’s case, the UK government could be issued with a hefty fine, potentially amount to millions of pounds per day, until it brings UK legislation in line with the European directives.

“We can confirm that we are in discussions with the Commission about this directive,” said the Home Office in a statement. “We are disappointed the Commission has decided to refer the case the European Court of Justice.

“We are planning to make changes to address the Commission’s concerns, and will be setting out more detail on any necessary amendments or legislation in due course.”

Privacy campaigners welcomed the Commission’s decision. “We need an official body to deal with citizens’ complaints about illegal commercial interception and enforce our legal privacy rights,” said Jim Killock, executive director of the Open Rights Group. “More and more technologies can break our privacy rights. UK law needs to provide real protection.”

No comments:

Post a Comment