Archive for the ‘FIRE SALE!’ Category
Lights Out: A Modern Tragicomedy
I had heard that Ted Koppel was making the rounds on TV trying to pimp his book on the end of the world as well know it through cyber. Of course I instantly knew it would be utter trash, a tissue of assertions and half ass reporting relying on government and beltway bandit quotes that likely would enrage me. How little did I know about the true scope of fuckery and rage that would ensue from reading its breathlessly penned pages about our coming Armageddon. Once again we have a reporter who does not really do his homework and takes the word of people with interests over the realities of those who work in the industry at the scene of the crime.
From the first pages we are being told that the grid is vulnerable to attack. Not just physical attack, no, worse, more scary, the dreaded CYBER attack. Of course as you delve deeper in to the book you do not get any kind of technical interviews with white hat hackers or security experts other than those bottom feeders such as former NSA directors and Richard Clarke. All of these players who worked (past tense) in the government that failed to secure all the things and who now offer services as board members and pitch men. You see, no one interviewed in this book actually has hacked anything.
But trust us.. The grid will go down if attacked by the CYBER.
I will not bore you with recalling the rest of this awful book. Truly, do not buy it and certainly do not read it if you want to know anything about the potential for the power going out more permanently. Instead, I would like to give you a primer on how hard it would be to actually take the whole grid down. I would also like to show you just how hard it would be to take great sections of it out as well. Neither of these scenarios is easy and neither of them is something we will not recover from. All of the bullshit around the bugaboo that the grid could be taken out by Da’esh is fantasy for the most part and a tool to scare the public by halfwits looking for clicks or book sales.
Are there issues with the grid? Yes, there are. Could damage be done that could cause a lot of consternation and perhaps even deaths? Yes this could happen in pockets of our society. These things are true but a systemic outage across the whole of the country that would cause severe, unrecoverable damage to the grid as a whole is not probable. In fact, it may not even be possible and I plan on telling you here why. By going through the internet and seeking out data from experts, governmental files, and papers by doctoral candidates as well as those who own and operate the power systems I can give you the data you need to see what the truth of the matter is.
However, let me break this down into small consumable bullet points for you.
- Even a nation state with capable hackers could not own every system effectively enough to take them all down simultaneously
- Even if systems are hacked and malware like stuxnet implanted, it still takes a kinetic attack to damage many of the systems out there that transmit the power as well as generate it. Malware alone will not kill the grid.
- Current activities in gridsec and grid technologies are making these scenarios even harder to implement due to the nature of the diaspora that is power generation and transmission
- Certainly sections of the grid could be taken down and have in the past. All you need do is Google Squirrel+blackout and you will see how their kinetic attacks caused systemic failures that caused outages.
- Frankly, an X-Flare has a higher probability of taking out the grid as a whole should one hit the US. This should be a real concern and the companies and government should be looking to shield against EMP but they aren’t.
So all the bleak punditry about how the grid could be taken down by hackers using Shodan is really just sensationalistic bunkem. Of course there have been a couple of interesting theories, one that made some news back in 2008 I believe was a paper by a student on a cascade effect that could black out the grid. This possible attack might be the only one that would work but the control over the disparate systems involved to make it happen is almost impossible really. Another theory was one put forth by the government itself when they performed the AURORA experiment. This particularly relies on attacking nine points on the grid (power gen and transfer) that could be the genesis of a cascade attack.
It is the cascade attack that should trouble people but this is not really explained by most of the purveyors of FUD like Koppel. The real scary point about the cascade effect though is that the attack, if successful would take out the LPT’s and those by their nature are costly and take years to build. They are also on backorder so there is that too. If you take these out, and there are no replacements then you are pretty much stuck in the 19th century in certain areas until you get one replaced. Now once again I will tell you that to take them all out at one time is damn near impossible unless you have an X-Flare that covers the whole grid with an EMP.
So where does that leave us? Well, that leaves us with scary scary ideas but little follow through on actual means to that end. Of course now the big scary scary is over the CYBER right? And when they say CYBER they really mean SCADA, ICS, and HMI technologies that monitor and control the big hardware that generates and transfers the power from the generation plant to you. Now consider that there were as of 1996, 3,195 electric companies in the US that handle generation and transmission of power. That is a lot of targets to get into and control effectively, in tandem, to create a super grid blackout. All of this is going to be done by attacking their SCADA? Are there really that many of these things that are internet rout-able anyway? This means that the adversary would have to really hack the majority of them and have major footholds in all to access the networks to get at the systems that may not be networked to their non air gapped networks.
Think this through people.
This is just not a real tenable plan to start with and then you have to consider just who would try to pull this off and why. If you take out the grid in the US sure you cause mayhem but we have military bases all over the globe. We have ships and subs at sea. We have the capacity to bomb the shit out of anyone we think carried off such an attack. So really, unless you attempt this a la some scenario like “Red Dawn” with planes in the air and boots on the ground, you pretty much don’t win. Many of these scare pieces don’t go into the semantics of attack and counter attack, they only cry havoc about how we are CYBER doomed and the grid is a scary scary thing. It makes my ass tired even thinking about all these idiots out there talking to the likes of Richard “Dr. Cyberlove” Clark and believing them.
Stop the madness.
In the end yes, sections of the grid could go down and yes, they could be down for a while because of the nature of the hardware and it’s replacement. It would be inconvenient but it would not be the end of the world. It also would likely be more the action of Squirrels or tree limbs rather than a clandestine hacker attack on our SCADA systems. So everyone needs to just calm the fuck down and breathe. What you really should worry about is some form of EMP that melts everything and puts the whole of the country down, and really once again, that is the only scenario I buy into on this matter. If we have another Carrington Event, we are well and truly fucked.
Anyway, don’t give Koppel any money…
K.
UPDATE: I left a review of this book on Amazon and the one response back was this:
I guess I am no Dick Clarke so meh, nevermind.
Not So 3R337 Kidz
Once again we find ourselves following the story of a new uber dump of data on a Friday (Fuck FBI Friday’s) as they have been dubbed by the skiddies. It seems that 4cid 8urn, C3r3al Kill3r, and Zer0C00l once again have failed to deliver the goods in their #antisec campaign with their ManTech dump. ManTech, for those who don’t know, is a company that handles defense and government security contracts for such things as secure networks etc. The skiddies decided to try and haxx0r the Gibson and get the goods on the bad bad men at ManTech.
Once again, they failed.
The files are mostly UNCLASS (kids, that means UN-CLASSIFIED mmkay?) with a few SBU (Sensitive but UNCLASSIFIED) as well. Many of the files are just documents of finances, bills, resume’s and email addresses that frankly you could get with a good Googling session. Again, we are not impressed by this crap Lulz skiddies. I have told you once, and now I till tell you again, you are failing to deliver anything of interest really.
Now, if you were real APT, then you would have used the data in the excel sheets to create some nice phishing exploits and then gone on to root some good shit. But no, you aren’t that advanced are you? You just want to do the quick hit and dump your ‘booty’ to collect the love from your adoring, albeit stupid, fans. I am sure some of them are at home now wanking off to the idea that you have really stuck it to ManTech and by proxy ‘the man’
Well, you haven’t.. Not so 3r337 as Raz0r and Bl4d3 say.
What you keep failing to understand are sever key things here:
- The good shit is in more protected systems, ya know, like the ones Manning had access to
- You have no idea what you are taking or what you are dumping! Bitch please, understand the classification markings!
- It’s only important to your ‘movement’ if the data actually uncovers bad behavior on the part of the government!
And it’s on that last point I want to harp a little more on. You guys say you are exposing fraud and devious behavior (other than your own subversive tendencies?) and yet, you keep missing the mark. There have been no cohesive plots outed by you other than Aaron and HB Gary’s little foray into creating 0day and programs for propaganda tools online.
Yay you!… ehhh… not so much.
You certainly did spank Aaron though, and for that my top hat and monocle are off to you. He rather deserved what he got for being so God damned stupid. However, you must all understand that these are the standard operating procedures in warfare (PSYOPS, INFOWAR, PROPAGANDA) every nation plays the game and its just the way of life. So, unless you get some real data of a plan to use this type of tech by the US on the US, (other than Rupert & Co.) Once again, I am not really so impressed.
Of course, you have to know that you are now the target of all of those tools right? Not only by the US, but other nations as I have mentioned before. Do you really think that you have not opened the door for other nation states to attack using your name? No one mentioned yet that you are now considered domestic terrorists and could even be considered non domestic after you get caught? You have opened Pandora’s box and all the bad shit is coming.. And much of it is going to be aimed straight at you.
The ironic thing is this.. You have delivered shit. It’s the idea and the cover you have given other nation states or individuals that is key here. You say you can’t arrest an idea… I say certainly not! BUT They can arrest YOU and then make that IDEA not so appealing to the other skiddies once your prosecutions begin on national TV.
So keep it up.. That hornets nest won’t spew hundreds of angry wasps…
Digital Kinetic Attacks: South Korean DD0S Botnets Have “Self Destruct” Sequence
From McAfee Blog
There has been quite a bit of news recently about distributed denial of services (DDoS) attacks against a number of South Korean websites. About 40 sites– including the Presidential, National Intelligence Service, Foreign Ministry, Defense Ministry, and the National Assembly–were targeted over the weekend, beginning around March 4 at 10 a.m. Korean time. These assaults are similar to those launched in 2009 against sites in South Korea and the United States and although there is no direct evidence connecting them so far, they do bear some similarities.
DDoS attacks have occurred with more and more frequency, but one of the things that makes this attack stand out is its use of destructive payloads. Our analysis of the code used in the attack shows that when a specific timezone is noted by the malware it destroys the infected computer’s master boot record. If you want to destroy all the data on a computer and potentially render it unusable, that is how you would do it.
The malware in the Korean attacks employs an unusual command and control (C&C) structure. Instead of receiving commands directly from its C&C servers, the malware contacts two layers of servers. The first layer of C&C servers is encoded in a configuration file that can be updated at will by the botnet owner. These C&C servers simply provide a list of servers in the second layer, which will provide additional instructions. Looking at the disbursement of the first-layer C&Cs gives us valuable insight into the malware’s global footprint. Disbursement across this many countries increases resilience to takedowns.
The rest HERE
At first, the idea of a digital kinetic attack to me would be to somehow affect the end target in such a way as to destroy data or cause more down time. These current attacks on South Korea’s systems seems to be now, more of a kinetic attack than just a straight DD0S. Of course one then wonders why the bot-herders would choose to burn their own assets with this new type of C&C system and malware. That is unless the end target of the DD0S is just that, one of more than one target?
So the scenario goes like this in my head;
- China/DPRK work together to launch the attacks and infect systems also in areas that they would like to do damage to.
- They choose their initial malware/C&C targets for a secondary digital kinetic attack. These systems have the potential of not only being useless in trying to trace the bot-herders, but also may be key systems to allies or the end target themselves.
- If the systems are determined to be a threat or just as a part of the standard operation, the attackers can trigger these systems to be rendered (possibly) inert with the wipe feature. This too also applies to just going after document files, this would cause damage to the collateral systems/users/groups
Sure, you burn assets, but at some point in every operation you will likely burn at least one. So doing the mental calculus, they see this as a win/win and I can see that too depending on the systems infected. It is not mentioned where these systems (C&C) were found to be, but, I am assuming that they were in fact in China as well as other places around the globe. This actually steps the DD0S up a level to a real threat for the collateral systems.
Of course the malware here does not physically destroy a drive, it is in fact just rendering it useless (potentially, unless you can re-build the MBR AND you zero out the data on board) as you can see from this bit of data:
The malware in its current incarnation was deployed with two major payloads:
- DDoS against chosen servers
- Self-destruction of the infected computer
Although the DDoS payload has already been reported elsewhere, the self-destruction we discussed earlier in this post is the more pressing issue.
When being installed on a new computer, the malware records the current time stamp in the file noise03.dat, which contains the amount of days this computer is given to live. When this time is exceeded, the malware will:
- Overwrite the first sectors of all physical drives with zeroes
- Enumerate all files on hard disk drives and then overwrite files with specific extensions with zeroes
The service checks for task files that can increase the time this computer is allowed to live, so the botmaster can keep the botnet alive as long as needed. However, the number of days is limited to 10. Thus any infected computer will be rendered unbootable and data will be destroyed at most 10 days after infection! To protect against tampering, the malware will also destroy all data when the system time is set before the infection date.
The malware is aware enough to see if someone has tampered with the date and time. This sets off the destruct sequence as well, but, if you were able to stop the system and forensically evaluate the HD, I am sure you could make an end run and get the data. Truly, we are seeing the next generation of early digital warfare at this scale. I expect that in the near future we will see more nastiness surface, and I think it highly likely in the post stuxnet world, that all of the players are now thinking in much more complex terms on attacks and defences.
So, let me put one more scenario out there…
Say the malware infected key systems in, oh, how about NASDAQ. Those systems are then used to attack NYSE and suddenly given the order to zero out. How much kinetic warfare value would there be to that?
You hit the stock market and people freak
You hit the NASDAQ systems with the compromise and then burn their data
Ouch.
Interesting times….
Yippee Ki Yay Mutha *%$#%^#
Casper: That was creepy.
Trey: I tried to find more Nixon
Quote from Die Hard 4
A friend of mine, a more-or-less retired CIA paramilitary operative, sees the solution in characteristically simple terms. “We should go get him,” he said, speaking of Assange.
When my friend says “get him,” he isn’t thinking of lawsuits, but of suppressed pistols, car bombs and such. But as heart-warming as it is to envision Assange surveying his breakfast cereal with a Geiger counter, we shouldn’t deal with him and WikiLeaks that way.
At the risk of abusing the Bard, let’s “Cry havoc, and let slip the geeks of cyberwar.” We need to have a WikiLeaks fire sale.
A “fire sale” (as those who saw Die Hard 4 will remember) is a cyber attack aimed at disabling — even destroying — an adversary’s ability to function. Russia did this to Estonia in 2007 and Israel apparently did this to Syrian radar systems when it attacked the Syrian nuclear site later that year. The elegance of this is that if we can pull off a decisive cyber operation against WikiLeaks, it can and should be done entirely in secret.
Plausible deniability, anyone?
Full article HERE
So, with the revelations over the weekend of rape charges that mysteriously just vanished, one has to wonder if indeed there are forces at work trying to discredit Assange as step one in a much more ornate plan. After all, if one were to discredit him, then he could more easily be shipped out of his hidey hole to a more US friendly place with regard to legal standings right? Though, one wonders at the rape charge.. I mean we couldn’t get Polanski back here for child molestation, so what do you think is gonna happen with a regular rape charge?
Also this last week there was an article claiming to have a story being told by Lamo that there is a “velvet spy ring” Umm yeah, those days are not so over as this was the big deal with the Cambridge five no? I haven’t yet chased that story down due to laziness as well as.. Well, I can see that just as a poorly constructed propaganda attempt by someone.
Adrian, care to comment?
Anyway, this whole Fire Sale thing.. Uhh guys.. It ain’t gonna work. Sorry, but as the article alludes to, the Wikileaks pages are all over the place. They have some online ready to go and others are in their silos waiting to be prepped for launch. So, there is no real way to stop the data coming out if they want it out. I mean, I didn’t even mention the torrents… But this is who we are dealing with… A mindset that cannot grasp the intricacies of the intertubes sometimes. The damage has been done and short of taking down the whole of the Internet, the data will be set free by Wikileaks.
So what now?
Well, how about we make sure that the data does not get out of the compartmented systems in the first place huh? Manning evidently showed signs to others that he was a security risk and nothing was done. He had access to systems that if they were paying attention to infiltration and exfiltration methods, would have prevented the data from being burned to disc and taken out. It really reminds me of “The Falcon and the Snow Man” they were not paying attention to many of the rules in the secret areas and at the guard stations, thus the data was just taken out in quantity. I am sure that if the precautions were in place effectively and watched, Manning would have been caught sooner and perhaps this would not be as much a debacle.
Now, on the other side of the coin here… I am not against Wikileaks altogether. I agree with what Daniel Ellsberg did with the Pentagon Papers. The government was clearly lying about the war. In this case today, I am also sure that there were lies being told and likely still are… But the data I have seen thus far is no smoking gun and in no way shows any real malfeasance by the government. In fact, all the data thus far is about Afghanistan. Where I feel the big lies… well lie.. is in Iraq. Of course Assange is saying that data is coming soon.
We shall see.
So, to sum up..
1) You military and gov types… Get over it and tighten up your security!
2) Anything done to Assange will only make him a martyr
3) There is no stopping this data because it is already out of your control (pentagon, White House) So just buckle up cuz its likely to be a bumpy ride.
CoB
Talk on Chinese Cyber Army Pulled From Black Hat: Nothing To See Here… Move Along…
“Operation Aurora, GhostNet, Titan Rain. Reactions were totally different in the US and in Asia. While the US media gave huge attention, Asia find it unbelievable and interesting, that cyber warfare and government-backed commercial espionage efforts that have been well established and conduced since 2002, and have almost become a part of people’s lives in Asia, caused so much “surprise” in the US.
Here we’ll call this organization as how they’ve been properly known for the past eight years as the “Cyber Army,” or “Wang Jun” in Mandarin. This is a study of Cyber Army based on incidences, forensics, and investigation data since 2001. Using facts, we will reconstruct the face of Cyber Army (CA), including who they are, where they are, who they target, what they want, what they do, their funding, objectives, organization, processes, active hours, tools, and techniques.”
Full article Here:
“We’ve been hacked! Oh wait, you’re in Paris… You can’t help us.. CLICK”
Color me not surprised to see that this talk was yanked off of the BlackHat schedule. This is specifically in light of the fact that the presenter is from Taiwan, a protectorate of China and likely if the talk went ahead, then the speaker and his company would have been sanctioned by the Chinese government. Though, it could be that there are other players here that may not want some bits of information out in the open but who’s to say at this juncture? Suffice to say that something in this iteration (and there have been others of this same talk given) got them spooked.
The other comment that struck me was the red text above that mirrors what I have been saying all along since the whole Google APT thing erupted onto the media stage here in the states.
This is nothing new.
The Chinese have been at this for some time just as other countries had been doing the same thing. It is just perhaps the scale and the persistence that has been the key to the difference here. The Chinese have the 1000 grains of sand approach that is culturally specific to them. They took that notion, the game of “Go” and and what they learned from Sun Tzu then applied it to their cyber warfare/inforwar stratagem. Its only a natural progression really given their culture and history. What really takes me aback is just how little the West (ala the US) seems to be so ignorant of this that it has me wondering just what navel they have been gazing at all of this time while the Chinese ate our collective lunches.
So here we are, months later after the Google revelations and years after the successful attacks that no one dare name for fear of national security or perhaps national egg on the collective national face with regard to incursions in the past on sensitive networks. You see, yes Virginia, there have been other incursions and much more has been stolen via networking infrastructure as well as HUMINT by the likes of China in the past. Its just that its either classified, hush hush, or, more likely, the targets have no idea that they had been compromised and their data stolen. It’s all just a matter of the security awareness that we have had.. Well, where that has been nationally has been in the toilet really, so extrapolate from that the amount of data that has been stolen ok? Lets use the JSF as an example of this as its been in the news.
Trending Lately.. APT+JSF = Chinese Love
Now, given that this type of talk has been the “du jour” lately on the security and government circuit, lets move the target further out and to the left a bit ok? I have been noticing something in the news that has direct connection to my last employer, so I will be judicious with my speech here.. How shall I start….
Ok… Lets name the players…
Lockheed Martin: Hacked and about 2TB of data taken out of the systems… Inclusive on the JSF project
(Undisclosed company that makes hot object integral to flight) : Nothing in the news…. wink wink nudge nudge..
The FAA: Hacked and back channeled through trusted networks into Lockheed and ostensibly other companies
The JSF itself.. Well the congress wants to keep the program afloat while the main military brass want to kill it. You see, its been compromised already and I suspect well enough, that the technical advantages that it was supposed to have, are pretty much gone now. You see, all those hacked systems and terabytes of data exfiltrated out were enough to compromise the security of the ship herself and give the enemy all they needed to defeat her “stealth” systems.
Somewhere in China there’s a hangar, a runway, and a Chinese version of the JSF sitting on the tarmac doing pre-flight I think.
So the latest scuttlebut out there with regard to the cost overruns and the problems with the JSF are just one part of the picture I think. Sure, there is political intrigue and backstabbing going on too, but, were I the military and my new uber plane was no longer uber, nor cost efficient, I would be killing it too and looking for something else to use in theater.
So how did this happen?
Causality: Trusted Networks, Poor Planning, Poor Technical and Procedural Security, and The Human Equation
The method of attack that compromised the networks in question involved a multi-layer strategy of social hacks as well as technical ones. The Chinese used the best of social engineering attacks with technical precision to compromise not only the more secured networks, but also to use trust relationships between companies working on the JSF to get the data they wanted. You see, all of these companies have to talk to each other to make this plane. This means that they will have networked connections either via VPN or directly within their infrastructures to pass data. By hitting the lesser secured network/company/individuals they can eventually escalate privilege or just hop right onto the networks that they want in a back door manner.
Hit the weakest point and leverage it.
In the case of the JSF, the terabytes of data were never really elaborated on but I can guess that not only was it flight traffic data, but integrally, the flight recording data concerning all of the systems on board as the plane was tested. Inclusive to this, if the APT got further into Lockheed and other companies that make the plane, they might have data on the level of actual CAD drawings of parts, chemical analysis and composition details, as well as the actual code written to operate the systems on board the plane for it to function.
In short, all of the pieces of the puzzle on how to make one.
Sure, there must be gaps, I am sure that they did not gain access to some ITAR/EAR data but, given the nature of the beast, they can infer on some things and in other areas perhaps get analogous or dual use technologies to fill in the gaps. The two terabytes are the only terabytes that we “know of” or shall I say allowed to be known of. It is highly likely that that data is not the only stuff to be taken. Its just a matter of finding out if it has.. And in some cases, they can’t even tell because of the poor security postures of those companies involved.
The reasons for these companies (with the exception of Lockheeds) lack of insight into their security is simply because they have not been corporately aware enough to care about it… Yet. Perhaps now they are getting better post the hacks on Lockheed and others, but it has been my experience that even after a big hack is exposed in the news, many corporate entities take a “it can’t happen to me” attitude and go on about BAU until they get popped and put on the news. What’s more, the Chinese know this and use it to their advantage utterly.
You see, its not just all about super technical networking. It’s also because they don’t even have solid policies, procedures, response plans, and other BASIC security measures in place or being tested and vetted regularly. This negates the super cool technical measures that they might have bought from the likes of IBM and CISCO because Johnny Bonehead C level exec says he MUST have a 4 character password and ADMIN access to his machine.
All against policy… If they do indeed have one on that…
Failure is imminent unless the sum of the parts are in working order. This means the dogma of policy, security education, incident response, RBAC, etc, the CIA triad are in place and have acceptance from the upper echelon of the company. All too often this is not the case and thus easy compromise occurs.
Circling Back To The BlackHat Talk:
Ok, circling back now after my diatribe… My bet is that both parties (China and US) did not want this talk to go on depending on the data that was within. Some red faces would likely have ensued and or would have given people ideas on where to attack in future also. It’s a win win for all concerned if the talk was made to go away and well, it did didn’t it? Unless this guy says he quits his job, moves away from Taiwan and then gives the talk anyway. I doubt that is going to happen though.
In the end, the cyber “war” has been going on for years… Well more like cyber “espionage” but in todays long view I see them as the same thing. After all, a good cyber warfare strategem includes compromise of key systems and data in order to make them useless at the right time.
The Cyber War has been raging since the 90’s. It’s just that the American people and media have only recently heard of the “internents” being vulnerable.
Wakey wakey…
CoB
Weapons Of Mass Disruption: Cyberpocalypse-a-palooza
To avoid a digital doomsday, Clarke and co-author Robert Knake argue that America needs to treat cyberattack capabilities as nothing less than weapons of mass destruction that can “skip over the battlefield” to target civilian life. That sort of threat, like nuclear weapons, calls for a multi-tiered response: treaties, transparency, beefed-up defenses and a focused concern on rogue states.
Cyberwar treaties face a problem that traditional ones don’t. An enemy could easily hide the source of attacks by routing them through hijacked computers in another country or attributing them to independent criminals.
But Clarke contends that a government could be held accountable for helping to track down any cyberattack originating within its borders, just as the Taliban was held responsible for harboring Osama bin Laden. Although attribution on the Internet isn’t as simple as in traditional warfare, cyberattacks can be traced. Clarke says forensic hackers can follow the trail of bits when they’re given time and leave to breach enemy computers.
“The NSA can do that. And the NSA tells me that attribution isn’t actually a problem,” he says bluntly.
Full article HERE
Dick, Dick, Dick, I am with you in so many ways.. BUT, when you start talking about DPI of the WHOLE INTERNET, then you lose me pal.
Sorry *shrug*
I personally don’t want the whole of the internet being siphoned even MORE than it already is by DPI at every providers NOC with a NARUS STA6400 system installed.
Nope, no thank you.
Now, on the other things likes accountability for nations with server on their soil I am with you. If a server is public/private and is on your soil, there should be “some” responsibility there. At least there should be enough to enforce security practices be carried out to prevent it from becoming the botnet slave in the first place no? Of course Obama wussed out on that one here didn’t he? No rules will be created to enforce that type of accountability here in the private sector.. No sir! It would put an undue strain on the private sector!
*tap tap* Uhh sir, most of the infrastructure is in “private” hands… Umm without making them do some due diligence we are fucked mmmkay?
Yeah…
Meanwhile, lets talk to the italicized and BOLD text. Back in the days of yore, when pirates roamed the seas, there was a thing called a “Letter of Marque” basically, government would give a pirate hunter the letter and say “go git em” This is what we need today I think. Of course this is touchy, but, this is pretty much what Dick is alluding to. He says that he “knows” that were the NSA given a letter of marque, they could not only penetrate the systems involved, but also run the forensics to attribute where the perp really is.
“Whoa” to quote Neo…
Yes, it’s quite true. Not only the NSA could do this though. Go to the BlackHat or Defcon and you would have a plethora of people to choose from really. So this is no mysterious mojo here. Its just that this type of action could cause much more ire than the original attack maybe and lead us into that physical war with the nukes. Who knows.
I guess though, that what has been seen as the model for the future “internet” with cyber-geographic demarcations might just be the real future state we need. At least that is what Dick’s advocating here and I can sorta see that as a way to handle certain problems. If we break up cyberspace so to speak, into regions (like the whole .XXX debacle) then we can have set rules of governance. At present the internet is just a giant wild west stage complete with digital tumbleweeds and an old whore house.
*pictures the dual swinging doors and spurs jangling*
The one thing that rings true though, is that there needs to be some accountability.. Just what form that will take is anyone’s guess. For now though, we will continue on with the lame government jabbering and frothing with the lapdog that is the so called “press” lapping it all up and parroting it back to the masses.
Smoke em if ya got em…
CoB
CAUI: Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies
By Ellen Nakashima
Washington Post Staff Writer
Friday, March 19, 2010; A01By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom.
“We knew we were going to be forced to shut this thing down,” recalled one former civilian official, describing tense internal discussions in which military commanders argued that the site was putting Americans at risk. “CIA resented that,” the former official said.
Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum. Although some Saudi officials had been informed in advance about the Pentagon’s plan, several key princes were “absolutely furious” at the loss of an intelligence-gathering tool, according to another former U.S. official.
Four former senior U.S. officials, speaking on the condition of anonymity to discuss classified operations, said the creation and shutting down of the site illustrate the need for clearer policies governing cyberwar. The use of computers to gather intelligence or to disrupt the enemy presents complex questions: When is a cyberattack outside the theater of war allowed? Is taking out an extremist Web site a covert operation or a traditional military activity? Should Congress be informed?
“The point of the story is it hasn’t been sorted out yet in a way that all the persons involved in cyber-operations have a clear understanding of doctrine, legal authorities and policy, and a clear understanding of the distinction between what is considered intelligence activity and wartime [Defense Department] authority,” said one former senior national security official.
The rest HERE:
I had been seeing traffic on the Muj sites that was claiming there were sites that had been set up by the CIA. It seems now that the rumours were true. Of course it was only natural that such a gambit be used to gather intelligence on the jihadists, but to unceremoniously tear down the sites is rather foolish in my mind.
By taking these sites down they have broken the chain in intelligence gathering from many perspectives. Sure, they may have stopped some planning or finishing touches on a certain attack, but, they have managed to make all of the users not only potentially move on to another site, but to change their modus operandi altogether.
Now the jihadi’s are likely to either start dark net sites, or use more traditional means of communication that would be on par with intelligence tradecraft. Means such as dead drops and encoded messages that are transmitted to one another via personal contact. Much as just after OBL learned that his SAT Phone was being listened to, he then began to talk directly to his people or send “runners” with messages ala Roman general methods.
Post this incident there has been a lot of talk about how this will create fallout for the intelligence gathering types. The CIA was opposed to this site’s being taken down but the NSA and the military won out much like they did during the run up to the now infamous UN session where Colin Powel presented the CBRN data on Iraq. I guess that the CIA is still in the dog house post Tenet’s “slam dunk”…
All of this brings up some good points though on how to handle the “Cyber Insurgency” that has been building over the years. Just what do you do about cyber jihad? What are the ground rules on a move like the one carried out by the NSA? I can bet there were more clients other than the CIA and Re’asat Al Istikhbarat Al A’amah that are pissed about this intelligence gathering tool’s loss.
I foresee much more talking having to be done in the near future to hammer out the details of such things. For now though, expect the insurgents to re-group and come up with new ways to communicate.
CoB
PLA officer urges challenging U.S. dominance
(Reuters) – China should build the world’s strongest military and move swiftly to topple the United States as the global “champion,” a senior Chinese PLA officer says in a new book reflecting swelling nationalist ambitions.
The call for China to abandon modesty about its global goals and “sprint to become world number one” comes from a People’s Liberation Army (PLA) Senior Colonel, Liu Mingfu, who warns that his nation’s ascent will alarm Washington, risking war despite Beijing’s hopes for a “peaceful rise.”
“China’s big goal in the 21st century is to become world number one, the top power,” Liu writes in his newly published Chinese-language book, “The China Dream.”
“If China in the 21st century cannot become world number one, cannot become the top power, then inevitably it will become a straggler that is cast aside,” writes Liu, a professor at the elite National Defense University, which trains rising officers.
Full article HERE
Why do I feel like I have suddenly found myself in the plot of “The Bear and the Dragon” by Tom Clancy? Except instead of oil and gold deposits in Siberia we are waging battle for the gold of IP in the digital void?
This is a very important piece to pay attention to though. This Colonel really does have a contingent of the populace (the younger set) who would love nothing more than to just let the “Dragon” out of the cage to wreak havoc on us. The PLA has become strong and I am sure that some of the hard liners in power think that the “Thousand Grains of sand” approach has about run out of sand.
Look at it this way:
- Our economy is in the worst place its been since the great depression
- Our government is completely ossified and unable to do anything
- Our economic engine has been stalled out and outsourced
- Our schools are turning out less and less qualified technical people
- We are a nation divided
- Our debt is pretty much wholly owned by China
- We are in a three front war with terrorism
- Our forces are overstressed and dispersed
- We have been terrible at securing our digital infrastructure
I could go on, but this was likely ponderous enough for you all. Look, what I am saying is this guy’s right. We are easy pickins really at this moment in time. We are down on the ground and they are the cobra kai.. And we ain’t no “Daniel San” to mix movie cultural references.
Either way I look at it I see some real problems. I know I know, you are thinking that they (China) need us as a trading partner. Yes, yes they do. However, I do not think that they need us “that much” that they would not consider at the very least pulling the plug on us.
There is a growing contingent of ultra national followers in China and they want to be “THE” superpower… And I think that they see their chance now. What would it take to trip the switch?
A blended Cyberwar attack with physical and economic contingent.
Like they say “May you live in interesting times”
Indeed.
Speaking Truth To Stupid
“If the nation went to war today, in a cyberwar, we would lose,” Mike McConnell told a U.S. Senate committee. “We’re the most vulnerable. We’re the most connected. We have the most to lose.”
McConnell, director of national intelligence from 2007 to 2009, predicted that the U.S. government would eventually get heavily involved in protecting cybersecurity and in regulating private approaches to cybersecurity. Testifying before the Senate Commerce, Science and Transportation Committee, McConnell also predicted that the U.S. would make little improvements in its cybersecurity before a “catastrophic” attack will cause the government to get involved.
“We will not mitigate this risk,” said McConnell, now executive vice president for the national security business at Booz Allen Hamilton. “We will talk about it, we will wave our hands, we’ll have a bill, but we will not mitigate this risk.”
Full story HERE
Exactly what I have been saying!! McConnell and I seem to be on the same wavelength here. Of course it was rather painfully obvious to anyone watching that CNN pos, but, being in the business I know from experience.
I will say it again: We will not really take this seriously until we get hit hard. Lets just hope we come through that attack ok and learn from it.
CoB
Krypt3ia 
FUD! GET YER FUD HERE! : AP Exclusive: Report warns of Iran nuke disaster
leave a comment »
Alright enough already with this talk about Stuxnet causing an Iranian Chernobyl! Look, Stuxnet was programmed in a VERY specific way to work its voodoo on the processing of Uranium, NOT on the management of the rods being excited within a reactor! The program attacked the PLC’s for specified Siemens controllers that worked with the centrifuges that spun the Uranium into fissile material.
So, who now is thinking that perhaps this little piece of reporting might be a red herring huh?
Yep…
Of course the Iranians at this time are so freaked out that they will not patch the systems that have been infected with patches from Siemens because they are too paranoid! God, I love that! Well played USA/UK/Israel for even after Stuxnet has been outed and much research has gone into it, Iran still is totally fucked! Well done! The Iranians have been a paranoid group for a long time, now they are just totally unhinged I suspect with all of the Stuxnet hype and their own brand of internal denial and heads in the sand.
Psssst hey Iran… Jester also infected your LOIC too!
Hey.. Hey now don’t cry…
Krypt0s
Rate this:
Written by Krypt3ia
2011/02/01 at 23:28
Posted in Commentary, Con Games, CURVEBALL, CyberPocalypse, CyberWar, Economic Warfare, Espionage, FIRE SALE!, FUD, Infowar, Mahmoud The Whack