At this very moment analysts at the National Security Agency some 30 miles north of the White House are monitoring countless flashpoints of data — cellphone calls to “hot” numbers, an e-mail message on a suspicious server, an oddly worded tweet — as they carom around the globe like pinballs in cyberspace.
The snippets of information could conceivably lead them to Anwar al-Awlaki, a fugitive cleric in Yemen whose fiery sermons have inspired violent jihadists. Or to the next would-be underwear bomber. Or, much more likely in the needle-in-a-haystack world of cyber detection, it might lead to nothing at all — at least nothing of any consequence in determining Al Qaeda’s next target.
This is the world of modern eavesdropping, or signals intelligence, as its adherents call it, and for many years it operated in the shadows. “The Puzzle Palace,” the 1983 best seller by James Bamford that remains the benchmark study of the N.S.A., first pulled back the curtain to provide a glint of unwanted sunlight on the place. And the years after the Sept. 11 attacks — a period in which the surveillance agencies’ muscular new role would lead to secret wiretapping programs inside the United States, expansive data-mining operations and more — gave rise to public scrutiny that made the place a veritable greenhouse of exposure.
COVER STORY: The Cyberwar Plan It’s not just a defensive game; cyber-security includes attack plans too, and the U.S. has already used some of them successfully.
by Shane Harris Saturday, Nov. 14, 2009
14 tech firms form cybersecurity alliance for governmentLockheed Martin, top suppliers launch initiative for government market
By Wyatt Kash Nov 12, 2009
Phi Beta Iota: It is a scam, big time. The U.S. does not have–outside of our small number of colleagues in Hackers on Planet Earth and the Silicon Valley Hackers/THINK Conference–the brainpower and cummulative skills to fill the Potemkin Center, much less staff a capability with global reach.
We have not featured “think tanks” on this web site because all of them, with one exception, are ideologically biased and financially-beholden to one of the two parties that monopolize power and exclude both the majority of Americans from an honest electoral process, and the majority of objective experts from the policy and budget dailog.
The CATO Institute appears to be an exception. Below are a few of their generally dated but still relevant pronouncements on the subject of intelligence as decision support.
Imagine simply visiting a Web forum and finding that doing so forced your browser to post an embarrassing Twitter message to all of your contacts, or caused you to admit a stranger to your online social network. Now consider the same dynamic being used to move money out of your online auction account or delete the contents of your e-mail inbox.
. . . . . . .
The problem with the token-based security approach, as researchers prior to Hamiel and Moyer have noted, is that it works only if the attacker doesn’t have access to that random string of data as well.
To take the Alice and Bob on the forum example a step further, consider what happens when Alice views a forum posting by Bob that includes a link to an off-site image hosted at a site controlled by Bob. That image, when loaded by Alice’s browser, will automatically send Bob’s site a referrer URL that includes the full token that is unique to Alice’s browser session with that forum. Armed with the referring URL’s token, Bob can then respond to the image request from Alice’s browser with a request to silently take action on that forum in Alice’s name.
. . . . . . .
Moyer said one way to prevent this attack is commonly used on banking Web sites involves what’s known as a nonce, which is essentially a random, one-time-use-only number that is appended to a URL each time a visitor loads a page on that site. He noted that one reason most sites don’t adopt this approach is that it requires far more computational and Web server capacity, which can drive up costs — particularly for high-traffic sites.
+++++++Phi Beta Iota Editorial Comment+++++++
In 1990-1991 Winn Schwartau testified to Congress. They ignored him the way they ignored Peak Oil testimony in 1974-1975. In 1995 Robert Steele organized three top experts, Schwartau, Jim A from NSA, and Bill Caelii, and submitted a cross-walk of crystal clear recommendations adding up to $1 billion a year to Marty Harris, responsible for the security of the National Information Infrastructure (NII). Today the US Government is about to waste $12 billion a year helping NSA further its own agenda while ignoring the root needs of the American people for trusted electromagnetic services. The federal government is so busy attacking other people it is neglecting the people that created the federal government as a service of common concern. The gap between those exercising public power and those who elected them and pay them has grown cataclysmic. Public intelligence in the public interest is one way to help the Republic heal.