When reform becomes impossible, revolution becomes inevitable.
Phi Beta Iota: This guy is amazing. Visit his website.
When reform becomes impossible, revolution becomes inevitable.
Phi Beta Iota: This guy is amazing. Visit his website.
Everybody is putting out their Top 10 lists of predictions for 2011. Not to be left out of the party, below is a list of what we expect to see in 2011 in Cyber Security.
2. Blame the User.
3. Reactive approaches to security will continue to fail.
4. Major Breaches in Sectors with Intellectual Property.
5. Hacktivists will bask in their new-found glory.
6. Critical Infrastructure Attacks.
7. Hello Android.
8. Windows Kernel Exploits.
9. Organized Crime rises.
10. Congress will rear its head.
Phi Beta Iota: Nothing wrong with any of the above, except that they are out of context. As the still-valid cyber-threat slide created by Mitch Kabay in the 1990’s shows, 70% of our losses have nothing to do with disgruntled or dishonest insiders, or external attacks including viruses. Cyber has not been defined, in part because the Human Intelligence crowd does not compute circuits, and the circuit crowd do not computer human intelligence. We are at the very beginning of a startling renaissance in cyber/Information Operations (IO) in which–we predict–existing and near-term hardware and software vulnerabilities will be less than 30% of the problem. Getting analog Cold War leaders into new mind-sets, and educating all hands toward sharing rather than hoarding, toward multinational rather than unilateral, will be key aspects of our progress. Cyber is life, life is cyber–it’s all connected. Stove-piped “solutions” make it worse.
Information has never been so free. Even in authoritarian countries information networks are helping people discover new facts and making governments more accountable. — US Secretary of State Hillary Clinton, January 21, 2010
So much for that….
By Noah Shachtman, Wired, December 9, 2010 | 7:02 pm<
It’s too late to stop WikiLeaks from publishing thousands more classified documents, nabbed from the Pentagon’s secret network. But the U.S. military is telling its troops to stop using CDs, DVDs, thumb drives and every other form of removable media — or risk a court martial.
Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the Dec. 3 “Cyber Control Order” — obtained by Danger Room — which directs airmen to “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” the Defense Department’s secret network. Similar directives have gone out to the military’s other branches.
WikiLeaks turned over all of the classified State Department cables it obtained to Le Monde, El Pais in Spain, The Guardian in Britain and Der Spiegel in Germany. The Guardian shared the material with the New York
Times, and the five news organizations have been working together to plan the timing of their reports.
They also have been advising WikiLeaks on which documents to release publicly and what redactions to make to those documents, Kauffmann and others involved in the arrangement said.
Wikileaks was forced Friday to switch over to a Swiss domain name,
wikileaks.ch, after a new round of hacker attacks on its system prompted its American domain name provider to withdraw service.
WikiLeaks’ U.S. domain name system provider, EveryDNS, withdrew service to the wikileaks.org name late Thursday, saying it took the action because the new hacker attacks threatened the rest of its network.
“Wikileaks.org has become the target of multiple distributed denial of service attacks. These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure,” EveryDNS said in a statement.
Phi Beta Iota: The first story represents the emergence of hybrid governance and hybrid capabilities networks that will over time displace the inherently corrupt hierarchical stovepipes of the Industrial “Rule by Secrecy” era. The second story represents both the emergence of jackals in cyber-space, attacking “because they can,” and the abject failure of both the Internet Service Providers (ISP) and the US Government to provide order, discipline, and security in cyberspace. We recommend that WikiLeaks seek severe financial damages from both Amazon and EveryDNS–both have failed to be honest and diligent. At the same time, this is an opportunity: any country, such as Chile, that can integrated unlimited low-cost renewable energy, massive data storage & services, and multinational intelligence, all in a cyber-cocoon of absolute confidence immune to attack, will bury the US and EU ISP and telecommunications industries.
A great adjustment in human affairs is underway. Political, commercial and cultural life is changing from the centralized, hierarchical and standardized structures of the industrial age to something radically different: the economy of the emerging digital era.
A History of the Internet and the Digital Future tells the story of the development of the Internet from the 1950s to the present, and examines how the balance of power has shifted between the individual and the state in the areas of censorship, copyright infringement, intellectual freedom and terrorism and warfare. Johnny Ryan explains how the Internet has revolutionized political campaigns; how the development of the World Wide Web enfranchised a new online population of assertive, niche consumers; and how the dot-com bust taught smarter firms to capitalize on the power of digital artisans.
In the coming years, platforms such as the iPhone and Android rise or fall depending on their treading the line between proprietary control and open innovation. The trends of the past may hold out hope for the record and newspaper industry. From the government-controlled systems of the ColdWar to today’s move towards cloud computing, user-driven content and the new global commons, this book reveals the trends that are shaping the businesses, politics, and media of the digital future.
The Great Cyber-Heist
New York Times
By JAMES VERINI
November 10, 2010
Mid-1990s: Gonzalez, 14, is visited by F.B.I. agents at his high school for hacking into NASA.
Gonzalez, law-enforcement officials would discover, was more than just a casher. He was a moderator and rising star on Shadowcrew.com, an archetypal criminal cyberbazaar that sprang up during the Internet-commerce boom in the early 2000s. Its users trafficked in databases of stolen card accounts and devices like magnetic strip-encoders and card-embossers; they posted tips on vulnerable banks and stores and effective e-mail scams. Created by a part-time student in Arizona and a former mortgage broker in New Jersey, Shadowcrew had hundreds of members across the United States, Europe and Asia. It was, as one federal prosecutor put it to me, “an eBay, Monster.com and MySpace for cybercrime.”
Phi Beta Iota: We opened Hackers on Planet Earth (HOPE) in 1994, making the observation that when the Israeli’s captured a hacker they gave him a job, while the US simply kicked them in the teeth and sent them to jail. We tried to keep Phiber Optic out of jail, and we have for decades been on record comparing hackers to astronauts–full of the right stuff and pushing the edge of the envelope. No one, including Marty Harris then in charge of the National Information Infrastructure (NII) wanted to listen. Today the US Government is again ignoring the warnings on the urgency of getting a grip on all information in all languages all the time, and roughly 20 years behind in creating “root” cyber-security. This article by James Verini is a phenomenal update on what we all knew in the mid-1990’s that the US Government is still oblivious to–this is not a problem technology or wanton spending can solve–this is a problem that demands discipline, integrity, intelligence, and sharing. It is neither possible nor desireable to secure government or military computers in isolation–this is an “all in” smart safe nation challenge.
This article by Bill Gertz needs to be seen in perspective. During the Cold War the Soviet Union as well as a number of other countries, including China were constantly engaged in trying to acquire U.S. Technology of all types through various means from industrial espionage to bribery. The U.S. Department of Defense (DOD) was extremely concerned about this and the subject of illicit ‘international technology transfer’ to the Soviet Bloc (as well as a few other countries) generated numerous DOD requirements to such agencies as NSA and CIA. Much of the urgency of these requirements was downgraded precipitously when the Cold War ended. Also the number of incidents of foreign powers trying to acquire U.S. technology has declined in the 21st Century for a very sinister reason: the U.S. is no longer the sole leader in the research and development of advanced technologies that it was after WWII. Although incidents still occur, as the Chinese Huawei example shows, they are much less common than once was the case. So DOD no doubt does not see the need for the same emphasis on loss of U.S. origin technology.
Yet financial intelligence is more than technology loss it also involves major illicit financial operations, such as money laundering, and financial operations in support of espionage and terrorism against U.S. interests. This of course includes the financial infra-structure supporting al Qaeda. If Ferguson is shutting this effort down as well he is making an unbelievable mistake.
This incident is symptomatic of an Intelligence System that is indeed out of control. In the absence of a viable strategic plan for intelligence collection, analysis, and production, every time some new crises occurs the U.S. Intelligence Community (IC) resembles an ant hill that somebody has just stepped on. In the absence any real leadership or clearly defined purpose, the big four of the IC (CIA, DIA, NGA, and NSA) will continue to waste billions of dollars for minimal returns while resisting an efforts at meaningful reforms. At the same time the IC institutional bias against using non-classified (open) source information will ensure that they will only be able to provide very small windows that are of only limited usefulness to decision makers. What a way to go!
Phi Beta Iota: We are truly surprised that someone of Jim Clapper’s caliber would allow an Acting Undersecretary no one has ever heard of to be named Acting in the first place; or that such an individual would do something this dumb without clearance from the DNI. There are a couple of variations on a theme: a) Clapper wants to make it obvious that Treasury is in enemy hands and DoD wants nothing to do with Treasury intelligence which does not exist–Treasury, like Energy and the other non-national security departments are patronage stove-pipes receiving direction from ideological idiots–they don’t do “evidence-based” policy; b) Clapper is finally thinking about holistic intelligence in support of Whole of Government, and having DoD drop financial intelligence is a preamble to elevating the Financial Intelligence Center in some manner. On balance, as much as we admire the DNI, we think he has blown it–he will not accomplish anything consequential in the next few years by continuing to do the wrong things righter, and that is a shame, because so much could be accomplished in a mere 90-180 days, if he would empower those with the right mind-set to do the right things, which is to say, M4IS2 simultaneously with Whole of Government intelligence-support operations and the creation of a Smart Nation.
POLICE have served an intervention order via social networking site Facebook banning an accused cyber-stalker from bullying, threatening and harassing another user.
Tip of the Hat to Philip Golan at LinkedIn
By Misha Glenny
Published: October 8 2010 23:40 | Last updated: October 8 2010 23:40
Squared-jawed, with four stars decorating each shoulder, General Keith Alexander looks like a character straight out of an old American war movie. But his old-fashioned appearance belies the fact that the general has a new job that is so 21st-century it could have been dreamed up by a computer games designer. Alexander is the first boss of USCybercom, the United States Cyber Command, in charge of the Pentagon’s sprawling cyber networks and tasked with battling unknown enemies in a virtual world.
Last year, US Defense Secretary Robert Gates declared cyberspace to be the “fifth domain” of military operations, alongside land, sea, air and space. It is the first man-made military domain, requiring an entirely new Pentagon command. That went fully operational a week ago, marking a new chapter in the history of both warfare and the world wide web.
In his confirmation hearing, General Alexander sounded the alarm, declaring that the Pentagon’s computer systems “are probed 250,000 times an hour, up to six million per day”, and that among those attempting to break in were “more than 140 foreign spy organisations trying to infiltrate US networks”. Congress was left with a dark prophecy ringing in its ears: “It’s only a small step from disrupting to destroying parts of the network.”
Phi Beta Iota: Of the $12 billion a year to be spent, roughly 90% if not more will be spent on “vapor-ware.” To understand the gap between the 67 people who actually know what needs to be done, and the hundreds of thousands who will be employed in cyber-theater (pun intended), see below. There are multiple sucking chest wounds in this enterprise, the two largest are a) the DoD Grid is a mess with no integrity in the fullest sense of the word, trying to “secure” that mess is next to impossible; and b) the only way to make Pentagon information operations safe is to make ALL operations safe, but this is not how the US Government and especially not how the Pentagon thinks–hence, another decade will be wasted. The upside is that OpenBTS and all sorts of other opens are emergent, and we may all end up going to Web 4.0 while the Pentagon stays at Web 2.0.
Vmyths traces its roots to a “Computer Virus Myths treatise” first published in 1988. It evolved into the critically acclaimed “Computer Virus Myths home page” in 1995, then it moved to Vmyths.com in 2000. Its name has changed over the years, but Vmyths remains true to its original goal: the eradication of computer security hysteria.
Vmyths sells the truth about computer security hysteria. We take no prisoners; we pull no punches; and we refuse computer security ads in order to maintain our independence.
Rob Rosenberger edits Vmyths and writes as a columnist. He is one of the “original” virus experts from the 1980s, and the first to focus on virus hysteria. Red Herring magazine describes him as “one of the most visible and cursed critics in computer security” today, and PC World magazine says he “is merciless with self-appointed virus experts and the credulous publications that quote them.” Rosenberger was one of only a dozen industry experts invited to the White House’s first-ever antivirus summit meeting in December 2000.
George C. Smith, Ph.D. serves as Vmyths‘ editor-at-large. He also writes as a columnist. His seminal book, The Virus Creation Labs, documents the insane early history of the antivirus world. He also published the critically acclaimed Crypt newsletter. The San Jose Mercury News recommends Smith’s work to “those who insist on at least a modicum of fact, accuracy and clear thinking in their tech news.”