Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

The latest news on INFOSEC from Business Insider

older | 1 | (Page 2) | 3 | 4 | newer

    0 0

    obama biden whispering tbi

    The amount spent by U.S. government agencies to classify information rose $1.2 billion to $11.36 billion last year, but the estimate leaves out key intelligence operations.

    The Information Security Oversight Office’s (ISOO) 2011 cost report discloses a 12 percent increase from 2010 for the security classification systems of 41 executive branch agencies, including the Department of Defense (DoD).

    But the report did not tally money spent by some of the most secretive government agencies like Central Intelligence Agency (CIA), the Defense Intelligence Agency, the Office of the Director of National Intelligence, the National Geospatial-Intelligence Agency, the National Reconnaissance Office and the National Security Agency (NSA).

    In 2011 Congress appropriated $54.6 billion for the government's 16 intelligence agencies, which was an increase over the previous two years, according to Andrea Stone of the Huffington Post.

    But that number doesn't seem to even begin to quantify how much is spent on secrecy as it doesn't include the Pentagon's $51 billion "black budget."

    And like the CIA, the NSA's activities and budget are kept secret. What is known is that the NSA intercepts 1.7 billion U.S. electronic communications every day and is currently undertaking a $2 billion, 1.8-million-square-foot expansion of its headquarters in Fort Meade, Md., in addition to building a $2 billion, a one-million-square-foot data collection center in Utah.

    The double-digit increase in what was disclosed of total security classification may have had to do with WikiLeaks — the anti-secrecy group began disclosing hundreds of thousands classified U.S. documents beginning with "Collateral Murder" in April 2010.

    Wikileaks founder Julian Assange is currently seeking asylum in the Ecuadorian embassy because he fears that his extradition to Sweden for preliminary questioning in a sexual assault investigation will lead to him being extradited to the U.S. over the classified disclosures.

    The U.S. Army intelligence analyst who allegedly leaked the documents, Bradley Manning, was arrested in July 2010 has been subjected to cruel and inhumane treatment during his ongoing incarceration.

    SEE ALSO: Here's What Gets Axed In The First Round Of Defense Cuts [Presentation] >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    nuclear-plant

    BOSTON (Reuters) - The U.S. government is looking into claims by a cyber security researcher that flaws in software for specialized networking equipment from Siemens could enable hackers to attack power plants and other critical systems.

    Justin W. Clarke, an expert in securing industrial control systems, disclosed at a conference in Los Angeles on Friday that he had figured out a way to spy on traffic moving through networking equipment manufactured by Siemens' RuggedCom division.

    The Department of Homeland Security said in an alert released on Tuesday that it had asked RuggedCom to confirm the vulnerability that Clarke, a 30-year-old security expert who has long worked in the electric utility field, had identified and identify steps to mitigate its impact.

    RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate.

    Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems.

    "If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke said.

    This is the second bug that Clarke, a high school graduate who never attended college, has discovered in products from RuggedCom, which are widely used by power companies that rely on its equipment to support communications to remote power stations.

    In May, RuggedCom released an update to its Rugged Operating System software after Clarke discovered that it had a previously undisclosed "back door" account that could give hackers remote access to the equipment with an easily obtained password.

    The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, which is known as ICS-CERT, said in its advisory on Tuesday that government analysts were working with RuggedCom and Clarke to figure out how to best mitigate any risks from the newly identified vulnerability.

    EASILY AVAILABLE KEY

    Clarke said that problem will be tough to fix because all Rugged Operating System software uses a single software "key" to decode traffic that is encrypted as it travels across the network.

    He told Reuters that it is possible to extract that "key" from any piece of RuggedCom's Rugged Operating System software.

    Clarke obtained RuggedCom's products by purchasing them through eBay.

    He conducted the original research in his spare time with equipment spread out on the bed of his downtown San Francisco apartment. Earlier this year, he was hired by Cylance, a firm that specializes on securing critical infrastructure and was founded by Stuart McClure, the former chief technology officer of Intel Corp's McAfee security division.

    Marcus Carey, a researcher with Boston-based security firm Rapid7, said potential attackers might exploit the bug discovered by Clarke to disable communications networks as one element of a broader attack.

    "It's a big deal," said Carey, who previously helped defend military networks as a member of the U.S. Navy Cryptologic Security Group. "Since communications between these devices is critical, you can totally incapacitate an organization that requires the network."

    So far there have been no publicly reported cases of cyber attacks that have caused damage on U.S. critical infrastructure.

    The Stuxnet virus was used to cripple Iran's nuclear program in 2010, causing physical damage to a uranium enrichment facility in that nation. Researchers recently found pieces of another virus known as Flame that they believe been used to destroy data in facilities in Iran.

    The report on the RuggedCom vulnerability is among 90 released so far this year by ICS-CERT about possible risks to critical infrastructure operators. That is up from about 60 in the same period a year earlier, according to data published on the agency's website.

    "DHS works closely with public and private sector partners to develop trusted relationships and help asset owners and operators establish policies and controls that prevent incidents," said DHS spokesman Peter Boogaard. "The number of incidents reported to DHS's ICS-CERT has increased, partly due to this increased communication."

    (Editing by Bill Trott)

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    computer, delete, mac

    It kind of went underneath the radar, but last Friday (Sept. 7) a Japanese military panel ruled to define cyberspace as  "a 'territory' where various activities such as information gathering, attack, and defence occur, on the same way as land, sea, air and space."

    Jay Alabaster with CIO reported:

    While careful to state that online attacks should be considered on a case-by-case basis, the panel made clear Japan's right to respond to hostile attacks against its infrastructure. It called for a new cyber-military group that would exist separately from the country's existing ground, sea and air forces.

    Alabaster also said it's important to note that Japan's constitution forbids it from using force to settle international problems.

    Nonetheless, the implications here are astounding. Though it should be recognized that these are far from policy level orders, the statements are not binding, they're simply recommendations of a Ministry of Defense panel. Still, in light of American and Israeli cyber attacks on infrastructure, these statements do two important things:

    - Cast Americans and Israeli digital attacks on Iran as acts of war.

    - Maybe more ominously, set the stage for international criminals, hackers, to find safe haven within the United States—putting the U.S. in a position to receive extradition requests at an alarming rate.

    As it is, so would China, the United Kingdom, and Russia: sophisticated hacks require sophisticated technology.

    Now: read about how McCain doubled down on warnings of impending defense cuts > 

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    html code computer developer

    They're saying it's a campaign to defend "the prophet of Allah."

    Several Western websites have been compromised recently as a part of a concerted effort by a group dubbed the "Arab Electronic Army" to get some payback for the recent YouTube anti-Islamic film everyone's been talking about.

    Antone Gonsalves of CSO Online reports that nine sites were attacked, and that of those nine at least five were down or showing "messages praising Allah's prophet." Gonsalves notes that many of the growing attacks coming out of the Arab world could be just 'denial of service' attacks linked to economic sanctions against Iran (the same sanctions that angered Iranian World of Warcraft players).

    According to CSO Online, seven of the nine attacked sites had Brazilian URLs, meaning they're Western but not American. Recently though, supposed 'Iranian' hackers attacked bigger targets, in America.

    Reuters reported Sep. 21 that a few major American banks had experienced cyber attacks from Iran, supposedly using "beefed up" cyber resources developed since and in response to the Stuxnet and Flame viruses.

    These may not, and are in all likelihood not, located all in one place. A Pakistani news source refers to the hackers as the Anonymous of the Islamic world. Part of what makes Anonymous crowd sourcing techniques so effective is the use of different pools of personnel, concurrently, in different parts of the world.

    Al Arabiya, who allegedly talked to one of the team's members, reported that the hackers are indeed spread all around the region. From the site:

    Ridouan [hacker alias RéD-Zàr], the spokesman for the group, explained that after he proposed the idea of forming an “electronic army” he received wide support from young Muslim hackers to “repel all offenses against our religion.”

    Ridouan confirmed to Al Arabiya the locations and handles of a few fellow hacktevists, from Saudi, Syria and Morocco. Whether his interview, admission and name-dropping was just a troll meant to throw off reporters and investigators alike is also a possibility.

    A hacker group of the same name, the "Syria Electronic Army" boasts attacks as well, and may just be an arm of the same Islamic Anonymous Collective.

    There's also a 'group' in Gaza, calling themselves the "Gaza Hacker Team," which made headlines in Israel over the weekend who actually succeeded in hacking the head Rabbinite's website. 

    From a report in the Times of Israel:

     The website, which ordinarily provides information for government-provided religious services, sported a black background on which the hackers wrote “a message for all Jewses [sic]” in English. "Your safety and security are linked to the safety of Palestinian captives whose [sic] on hunger strike You [sic] must responds [sic] to their demands soon. Otherwise, let you wait [sic] the Palestinian missiles if anyone of the Palestinian captives was in bad healthy situation [sic],” the hackers wrote.

    The Times report quotes the hackers, translated from Arabic, as saying, "One is wrong to fight a war he can avoid, but one is more wrong if he doesn’t fight a war that was forced upon him… And if your freedom of speech is uncontrolled… so your chest should be wide for the freedom of our actions."

    Undoubtedly this is reference to the ire felt within the Muslim world for perceived disrespect for Islam and Muhammed in a cheesy film uploaded to YouTube in June and translated into Arabic in September.

    Also, though Anonymous and other hackers have been around for a few decades, it wasn't until recently that the Arab world had the necessary infrasctructure for or even the concept of cyber warfare—this realization is, again, in all likelihood a result of highly publicized American attacks on Iran.

    Blasphemy is a crime punishable by death in some Islamic Republics. The fury directed toward the American government to "protect religion" from U.S. citizen's "freedom of speech" highlights the sharp cultural disconnect between the Western and Muslim worlds.

    Now Read: What this expert says about hacked phones at OWS protests >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Silent Circle App Iphone

    Silent Circle, the military-grade encryption and information protection app that we covered recently, is now officially for sale on Apple's App Store, as of this week.

    The following available apps are:

    Silent Phone: The voice encryption app is available for iOS now and Android soon to come. It's WiFi, Edge, 3G or 4G compatible anywhere in the world.

    Silent Text: The "burn" feature can help users determine when private texts will be deleted from both sender and recipient's route registries. 

    Silent Eyes: Encrypted audio and video teleconference through Silent Circle's custom HD network. Available for Windows, soon on Mac.

    Silent Circle is an ingenious design which uses custom encryption keys generated and subsequently destroyed for every transmission. Not only can the transmissions themselves be destroyed, but the self-destructing encryption code means that encrypted information cannot be dug up via reverse engineering.

    The creators of the app say their intent is not to aid and abbet potential criminals, but to support the safe communications of military, government, and secret operators in their travels abroad — though they are aware that anyone can use this app, and have been recently given "the hair eyeball" from international government agencies, according to cocreator and Navy SEAL Mike Janke.

    The whole batch of three apps can be bundled for a cost of $20 a month.

    NOW SEE: Here's How The U.S. Should Have Known Iran Would Cyberattack Major Banks >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Hacker

    A Russian company called "dedicated express" is selling access to private company servers for as little as $4, according to a recent report.

    Security investigative journalist Brian Krebs said in a post on his website krebsonsecurity.com Oct. 22, "The service I examined for this post currently is renting access to nearly 17,000 computers worldwide, although almost 300,000 compromised systems have passed through this service since its inception in early 2010."

    Krebs says the problem stems from corporations use of 'remote access' networks, which allow workers to access their corporate desktops from home. The service is called Remote Desktop Protocol, and it's built into Microsoft Windows "to give users graphical access to the host's PC desktop."

    Experts in the research community as well as in cyber security fields have raised increasingly dire warnings about U.S. cyber security. Two particularly thin skinned areas they mentioned most were infrastructure, as well as outdated networks open to employees for remote access.

    Jarno Limnell, a cyber security expert, recently told Business Insider, ""Cyberwarfare is like Wild West right now, there’s a huge lack of norms and rules."

    Russian CompanyThis lack of norms couldn't be exemplified any better than by this Russian website, which gleefully markets illegal access to American servers and even promises customer support if any problems occur.

    They are not the only guilty party though, the U.S. is anything but a hard target. It only took getting to the letter C on an alphabetical list before Krebs found a Fortune 500 website on the "dedicated express" site. It was Cisco. Their username? "Cisco". Password? You guessed it: "Cisco."

    "A contact at Cisco’s security team confirmed that the hacked RDP server was inside of Cisco’s network; the source said that it was a “bad lab machine,” but declined to offer more details," wrote Krebs.

    The company can hardly blame "hackers" for stumbling on to such an obvious username and password scheme. A more complete guide for protecting usernames and passwords can be found here.

    The service, according to the report, doesn't sell any hacks to Russian companies "probably because its proprietors are from that country and do not wish to antagonize Russian law enforcement officials."

    NOW SEE: The Cyberwar Isn't In The Future, It's Already Being Waged >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Heart attack

    Just this morning, the Naval Surface Warfare Center (NSWC) posted an information and equipment request to the Federal Business Opportunities (FBO) website concerning cardiac pacemakers and their vulnerabilities.

    From the FBO posting:

    This notice serves as a sources sought synopsis seeking information from companies capable of providing cardiac pacemakers for government testing, pacemaker programming hardware (loan OK), data and methodology for testing of electromagnetic vulnerability, and data on the demographic distribution of pacemaker devices domestically and internationally.

    The above statement is basically a request for equipment to conduct various tests, as well as any known vulnerabilities within current lines of cardiac pacemakers. NSWC then goes a spooky step further in asking companies to provide 'demographic' information regarding exactly what types of people use pacemakers.

    Recently Business Insider Military and Defense published an article on the hackability and potential weaponization of cardiac pacemaker software.

    NOW SEE: The Spy Blocking App The Government Hates Just Popped Up In The App Store >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    shoppers-asian

    We've covered surveillance tech that identifies faces and people under the influence, even an iPhone app that helps block potential spies, government or otherwise.

    Now there's surveillance that could change the future of retail.

    Bioscholar.com reports that "Mirela Popa and colleagues at Delft University of Technology, Netherlands, are developing a software that can automatically categorise shoppers’ behaviour using video footage from the fisheye cameras."

    The CCTV cameras would be outfitted with a special algorithm in their software which logs and learns a shopper's behavior — and a 'confused' shopper could become the target of floor personnel.

    Popa told Bioscholar that there will be more cameras at eye level, measuring customers' interactions with certain products. 

    The military has been working on "Behavior Recognition Algorithms" for a while now.

    Popa plans to deliver the findings of all the data she and her team gathers to the International Conference on Image Processing in Florida this month. The Conference is sponsored by the Institute for Electronics and Electronic Engineer's Signal Processing Society, which caters often to the needs of military and government agencies.

    NOW SEE: This Russian Website Is Selling Illegal Access To Private American Servers

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Google HQ

    Zachary Harris didn't think he was cut out for the job, but when Google emailed him an offer he figured he'd give it a wack anyway.

    Or a hack, rather.

    Kim Zetter of Wired reports that a strange email hit Harris's inbox asking if he was interested in a job with google. “You obviously have a passion for Linux and programming,” the e-mail from the Google recruiter read. “I wanted to see if you are open to confidentially exploring opportunities with Google?”

    Harris knew google was renowned for throwing curve ball tests at prospective employees, so he was intrigued.

    Zetter writes:

    So he wondered if the e-mail might have been spoofed – something sent from a scammer to appear to come from the search giant. But when Harris examined the e-mail’s header information, it all seemed legitimate.

    The first thing Harris noticed, though, was that the cryptographic key meant to verify the email wasn't using  up to standards.

    As Elise Ackerman of Forbes writes:

    [Google] wasn’t using a standard 1,024-bit key, which is the digital equivalent of an kryptonite U-lock for your bike. It was using a 512-bit key, which is like buying your bike lock for $10 at Walmart.

    Still thinking it was part of a test, Harris cracked the key. Then he sent an email to Google CEO Larry Page, pretending to be Sergey Brin, Google's cofounder.

    Here's the email he sent, via Wired:

    Hey Larry,

    Here’s an interesting idea still being developed in its infancy:

    http://www.everythingwiki.net/index.php/What_Zach_wants_regarding_wiki_technology

    or, if the above gives you trouble try this instead:

    http://everythingwiki.sytes.net/index.php/What_Zach_wants_regarding_wiki_technology.

    I think we should look into whether Google could get involved with this guy in some way. What do you think?

    -Sergey

    Then he made sure the site, his own, led back to his personal email.

    But the really mindblowing part is when his personal site was bombed with traffic from Google. Instead of an invite to a real job interview, Google quietly changed their cryptographic key to 2048 bits.

    That's when he knew it was no joke. Google had really sent him an email with an astoundingly sub standard encryption.

    “I love factoring numbers,” Harris told Wired. “So I thought this was fun. I really wanted to solve their puzzle and prove I could do it.”

    NOW SEE: Here's How The US Invited Iranian Hackers To Attack Domestic Banks >


    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    xbox kinect pod racing

    A new Microsoft patent will allow the company to remotely surveil, and effectively count American citizens as they order online or cable pay-per-view from the comfort of their own homes.

    From the patent:

    A content presentation system and method allowing content providers to regulate the presentation of content on a per-user-view basis ... Consumers are presented with a content selection and a choice of licenses allowing consumption of the content. The users consuming the content on a display device are monitored so that if the number of user-views licensed is exceeded, remedial action may be taken.

    The patent, submitted on April 26, 2011, and passed on Nov. 1, 2012, essentially allows the company to remotely turn on any cameras, be they mobile or from something like the XBox Kinect, and count the number of 'consumers' watching licensed content.

    What Microsoft dubs 'complex algorithms' will not only count how many people are consuming that Mixed Martial Arts Championships, but also for how long they consumed the content, paving the way for charging users for half or even quarter uses of content.

    From the patent:

    In the case of the mobile display device, the display 105 is generally designed for use by one person but it is possible that more than one person may be able to view content on the display 105. As such the consumer detector uses data from the camera or capture device 102 to determine the number of consumers. In one example, camera 102 is an RGB imaging camera and the consumer detector analyzes one or successive images from the camera to ensure that the licensed number of users per view is enforced.

    "Enforced" means the patent also gives licensers using Microsoft's surveillance 'product' the right to 'shut off' content if an unauthorized amount of users start to watch.

    So you may want to tell the folks you invite over for the next fight to shut off their cell phones and remove the batteries prior to beginning the show.

    NOW SEE: Here's One Of The Ways Microsoft Is Becoming An Integral Part Of The Military's Surveillance Apparatus >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Thumb Drive Cyber

    WASHINGTON (Reuters) - The U.S. Congress should conduct an in-depth assessment of Chinese cyber spying and consider imposing tougher penalties on companies that benefit from industrial espionage, a federal advisory group said Wednesday.

    The recommendations by the bipartisan U.S.-China Economic and Security Review Commission reflect its stated concern that China has become "the most threatening actor in cyberspace."

    In its annual report to Congress, the commission said the most notable trend in Chinese cyber-espionage over the past year had been "increasingly creative and resourceful targeting" across government, industry and civil society.

    Among these are stepped-up efforts to defeat so-called two factor authentication, it said, referring to the use of a security token in addition to a traditional password.

    Separately, Beijing appeared to be within two years of putting nuclear-tipped ballistic missiles on submarines as it continues to modernize and expand its nuclear stockpile, the report said, citing U.S. Defense Department estimates.

    Congress should require the State Department to spell out steps to bring China into existing and future nuclear arms control efforts, the group said.

    The report included 32 recommendations for congressional action on ties between the United States and China, the world's No. 1 and No. 2 economies.

    The pair also are the top spenders on their militaries, although Washington spends about five times as much as Beijing, according to the Stockholm International Peace Research Institute, which tracks the figures.

    The commission's report did not address U.S. espionage involving China, whose rise as a global competitor has helped frame a U.S. geo-strategic "pivot" toward the Pacific, announced a year ago after a decade of land wars in Iraq and Afghanistan.

    The report was written before China's 18th Party Congress that will bring in a new generation of leaders. So the commission did not analyze the change in leadership, perhaps the most significant political event in China in a decade.

    After the political transition, the same issues that complicate the bilateral relationship are expected to continue in the near term, Dennis Shea, a Republican appointee who is the commission's chairman, told reporters ahead of the report's release.

    Chinese Foreign Ministry spokesman Hong Lei condemned the report.

    "The relevant commission has not let go of its Cold War mentality. We hope the relevant commission can discard its prejudice, respect facts, and cease its interference in China's internal politics and making of statements that are harmful to China-U.S. relations," he told reporters in Beijing.

    "Regarding Internet security, we have repeatedly pointed out that China resolutely opposes internet attacks and has established relevant laws," Hong added.

    "Actually China and the United States have already engaged in cooperation on Internet security. The content of the relevant report is not helpful in building trust and respect between China and the U.S., or in conducting further cooperation."

    STATE-OWNED

    Some recommendations could add to bilateral strains. The commission said Congress should consider tougher screening laws for investments made by China's state-owned enterprises because of their allegedly unfairly subsidized challenges to U.S. corporate competitors.

    The commission was set up by Congress in 2000 to study the national security implications of U.S.-China trade and economic relations after President Bill Clinton's administration granted China permanent trading status and approved its accession to the World Trade Organization.

    Many U.S. entities lag in their ability to deal effectively with the growing sophistication of Chinese computer-launched espionage, the commission reported.

    "China's cyber capabilities provide Beijing with an increasingly potent tool to achieve national objectives," it said. "A diverse set of Chinese hackers use pilfered information to advance political, economic and security objectives."

    In response, relevant congressional committees should conduct an "in-depth assessment of Chinese cyber-espionage practices and their implications," then report the findings in an unclassified format so the public will be aware, the group said.

    Congress also should conduct a review of existing legal penalties for companies found to engage in, or benefit from, industrial espionage, it recommended.

    The call for congressional assessments is reminiscent of work carried out over the past year by the House of Representatives intelligence committee.

    The panel's top Republican and Democrat, reporting on the findings of an 11-month investigation, warned last month that Beijing could use for spying equipment made by Huawei Technologies Co HWT.UL], the world's second-largest maker of routers and other telecom gear, and rival Chinese manufacturer ZTE Corp, the fifth largest.

    Speaking to reporters on Saturday on the sidelines of the Party Congress, China's commerce minister, Chen Deming, said the United States was exhibiting a "Cold War mentality" with its fears that Huawei posed a security risk because of its ties to the Communist Party.

    Tom Collina, research director of the Arms Control Association, a nonpartisan advocacy group in Washington, said China should be more transparent about its forces, but the United States has a 20-to-1 edge in nuclear weapons that can span the Pacific.

    "The United States should continue to pursue consultations with China, but Washington and Moscow need to draw down their forces significantly before expecting others to participate in formal negotiations," he said.

    (Additional reporting by Michael Martina in Beijing, Editing by Jonathan Thatcher)

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Cyber Warfare Low

    Obama has signed Presidential Order Number 20 and made an important change to the way the US will respond to attacks on National Security structures via the web, according to Ellen Nakashima of the Washington Post.

    Nakashima reports that that the directive had been signed back in October, but the new cyber security defense capabilities are secret, and they can't be accessed.

    Crucially the new rules seem to allow for far more pre-emptive action. From the WaPo report:

    “What it does, really for the first time, is it explicitly talks about how we will use cyber operations,” a senior administration official said. “Network defense is what you’re doing inside your own networks. . . . Cyber operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.”

    In theory, this means that if you attempt a denial of service attack on a government website, you're computer might suddenly shut down. The new directive gives commanders the right, according to rules of engagement not yet finalized (and most certainly classified), to take preemptive action against hackers.

    According to Wapo, the preemptive attacks could even "include a cyberattack that wipes data from tens of thousands of computers in a major industrial company, disrupting business operations, but doesn’t blow up a plant or kill people."

    With that basis, the cyber-defense may not be limited to private hackers, and may well include the military industrial complex of other nations.

    NOW SEE: Why Obama decided he needed to strengthen cyber security defenses >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Blackberry email

    Islamic Jihad allegedly sent an email message to 5000 Israeli soldiers: 'Gaza will be the graveyard of your soldiers and Tel Aviv will be a ball of fire.'

    The organization operates out of Gaza under what many analysts believe to be Iran's stewardship. The group has launched a concerted effort to hack into Israeli military databases.

    Reza Kahlili, a prominent and secretive former CIA spy who worked for Iran's revolutionary guard, reports today that Iran's media says Islamic Jihad hacked into a government website and obtained 5,000 top Israeli military and government officials email accounts.

    Usually statements from Iran's media are taken with several grains of salt, except this time they published 92 of the email addresses and also posted a link to download the rest. Both lists contain names and email addresses that appear to be Israeli.

    Iran stepped up its cyber defenses when Stuxnet wrecked its nuclear centrifuges. The U.S. also considers Iran the prime suspect for the attacks on several Middle Eastern oil companies.

    The hacker collective 'Anonymous' has also claimed responsibility for countless attacks on Israeli government websites — except unlike Islamic Jihad, Anonymous culture is diametrically opposed to acts of violence.

    Nonetheless, several western intelligence and media organizations have gone as far as calling the collective a 'terrorist organization.'

    There have been tens of millions cyber attacks on Israel since the beginning of the conflict last week.

     NOW SEE: See how the military built Israel's Iron Dome >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Al Qassam IDF

    While on the exterior, on television, and even on the live blogs, it seems like everyone involved in the Israel and Gaza conflict are pushing for peace, things have gone awry.

    Beneath it all, on the individual Twitter accounts representing the Israeli Defense Force and Hamas (Al Qassam Brigades), the battle is still sharp and pitched — Israel even repurposed the #GazaUnderAttack hashtag to their own #IsraelUnderFire.

    Yes, the battle for the hearts and minds of witnesses is still very much alive in cyber space.

    The pictured exchanged above came at 7:29 a.m. EST.

    Let's look at some more:

    There have been some outright, direct jabs, like this one:

    Twitter IDF Hamas

    Then various leaders are quoted to the advantage of the quoter — numerous statements come out from each side's leaders, and it seems like each statement is more extreme than the next. While Hamas focuses on rousing their troops (the "Zionist enemy") so-to-speak, Israel focuses on steady assurance that diplomacy is possible (Netanyahu's offer of "the hand or the sword"), but not at the behest of their citizens' safety.

    Hamas IDF Twitter

    Speech IDF Qassam

    Qassam Israel Twitter

    Messages are "sent"— Hamas sends several "messages," to mostly "military" sites in their Twitter feed's laundry list of strikes.

    While the IDF, on the other hand, frames every one of Hamas' strikes as being on innocent civilians.

     Qassam IDF

    Qassam IDF Twitter

    Rockets fired at Jerusalem — Again, this is a morale thing. Hamas fighters love to hear about rockets reaching Jerusalem, whereas Israel reassures its citizens that no such rockets exist. 

    Hamas IDF Twitter 

    IDF Hamas Twitter

    Yes, there is abattle for the hearts and minds of the online audience. Both parties take great pains to paint the other as targeting civilians, and both take great pains to express that they are targeting only military.

    Just a minor perusal of either side's Twitter feed shows that "military" and "civilian" are some of the most common words.

    David Cole of the Daily Beast quips that Hamas' Twitter feed may be illegal, and that the owner of Twitter is possibly liable (though he goes on to say that that would make telephone companies liable as well):

    Is Twitter guilty of aiding Hamas terrorism? That’s what a petition by the pro-Israel group Christians United for Israel (CUFI) claims. In a campaign launched—where else?—on Twitter, the group argues that providing “services” of any kind to a designated terrorist organization like Hamas is a federal crime.

    There is a stark difference between the Twitter war and what the News tells us. Television and MSM was informing everyone that a peace deal was possible — yet here were the IDF and Hamas' tweets, sent concurrently with the media coverage, which made the "imminent" peace deals seem unlikely.

     

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    photo

    A hacking collective calling themselves the ZCompany Hacking Crew successfully hacked and hijacked the LinkedInFacebookYouTube, and Twitter accounts of Israeli Vice Prime Minister Silvan Shalom.

    They quickly changed banner photos and fired off several embarrassing tweets.

    Here are a few of the tweets:

     photo

    The Israeli Defense Force and Hamas have been in a fierce social media battle since the fighting started, but Israel in particular has suffered tens of millions of hacker attacks on government websites, banks, and private accounts.

    Though most of the hacks consist of Denial of Service Attacks — sometimes called "cyber sit-ins"— some have taken it to the next level by deleting government databases or, like Shalom, online identity takeovers.

    NOW SEE: The Twitter conversation between Hamas and the IDF is one of the most revealing aspects of the conflict >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    cyberwar

    The U.S. Air Force has paid a security firm to build a virtual town to prepare government hackers for battles in cyberspace, Robert O'Harrow Jr. of the Washington Post reports.

    "CyberCity" has a population of more than 15,000 along with a bank, hospital, power plant, water tower, train station and coffee shop (with free WiFi). Computers simulate communications as well as the operation of e-mail, heating systems, the railroad and an online social networking site called FaceSpace.

    The town is designed to prepare government hackers for cyberattacks on America's critical infrastructure, which is vulnerable because it has become so interconnected over the past four decades that it's too complex to secure.

    "All of our systems are connected together — our finance systems, our power generation systems, our social media sites, and so on," Dr. Mike Lloyd, Chief Technology Officer at RedSeal Networks, told BI. "We're interconnected here much more than anywhere else in the world. And that means if this stuff is fragile, it is much more fragile than everywhere else."

    CyberCity began two years ago, around the time that the Stuxnet virus—built by the U.S. and Israel—attacked the infrastructure of Iran's nuclear enrichment facilities and sent almost 1,000 centrifuges spinning out of control.

    Lloyd, who spends his days helping organizations understand how they can be attacked, noted that "People in glass houses shouldn't throw stones" and "Very simple stones can break our glass windows."

    That's why the military—having already fired the first salvo of the global cyberwar—is building numerous virtual environments to run cyber experiments and learn how to defend against a "cyber Pearl Harbor" or even the millions of cyberattacks that occur every day.

    The problem is the bad guys are getting better much faster than we are,” Ed Skoudis, founder of the security firm that is developing the project, told the Post. “We don’t want to fall further behind on this.”

    Tony Romm of Politico reports that cyber cuts were “not even considered” as the Pentagon prepares for more than $480 billion in reductions over 10 years, and spending on cybersecurity products and services could reach $14 billion by 2017.

    Cyber City specifically deals with infrastructure, so cyber soldiers train with operations such as raising a railroad drawbridge to prevent a train carrying a weapon of mass destruction from entering the city or hacking into FaceSpace to pinpoint hackers who have hijacked Navy vessel or gaining control of a network so that a foreign agent doesn't hack into the hospital and alter medications.

    “In the future, nearly all military missions will have a cyber component,” Skoudis said.“Fingers-on-keyboard experience is vital.”

    SEE ALSO: How The US Invited Iranian Hackers To Attack America's Banks >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    attached image

    Erin Burnett of CNN put Julian Assange"Out Front" for an 11-minute interview Nov. 28, and the shouting match that concluded the segment had very little to do with the subject of the interview.

    Burnett attempts to prompt Assange on the fact that Ecuador, the country harboring him, allegedly cracks down on and silences journalists. She tried to draw out Assange's hidden hypocrisy, but it didn't work too well.

    Instead, Assange focused on how American policy regarding the Espionage Act, whistle blowers, and state surveillance of citizens, has global effects, whereas Ecuadorean policy is not nearly as far reaching.

    Still, Burnett is right; Assange is a pioneer of journalistic freedom who has taken refuge in a state that allegedly does not value journalistic freedom. Interestingly, Burnett works at a network that has also allegedly suppressed its own staff recently at the behest of a foreign government.

    Assange has a new book coming out called "Cypherpunks"— about government surveillance and how complex cryptography can stop "Big Brother" before he starts.

    The whole thing is pretty interesting, but if you want to skip to the shouting, start it at seven minutes: 

    NOW SEE: Personal Photos Leaked From Belarus Give A Peak At Post Soviet Military Life >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    Iarq

    The United States has delivered two support ships to Iraq, which is seeking to boost its fledgling naval capabilities, the US embassy said on Sunday.

    The two 60-metre offshore support vessels were delivered by the US navy on December 20, the embassy said.

    The vessels are "large, multi-purpose, multi-functional ships capable of providing a wide range of support to Iraqi naval operations," it said.

    They will also offer support to Iraq's patrol and fast attack boats at sea, offshore oil platforms and help move security personnel, the embassy added.

    The US military completed its withdrawal from Iraq on December 18 last year.

    Less than 200 US military personnel remain in Iraq under US embassy authority, assisting with the delivery of military equipment, and training local personnel.

    Washington is Iraq's main arms supplier as Baghdad seeks to boost its overall military capabilities.

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    google

    An agency of the Turkish government deployed a deceptive version of some Google Inc web pages, possibly to monitor activity by its employees, major Internet companies said on Thursday.

    The reports are the latest in a series of incidents in which hackers or governments have taken advantage of the loose rules surrounding the standard security for financial and other sensitive sites, those with Web addresses starting with Https.

    In the most recent case, an Ankara public transit agency known as EGO, obtained the capacity to validate such Web pages from a Turkish Internet authority called TurkTrust, which is among the hundreds of entities treated as reliable by all major Internet browsers, Microsoft Corp said in a blog post.

    Last month, EGO issued an improper certificate that told some visitors to Google they had reached it securely when they had not, Google said. The ruse was detected because unlike other browsers, Google's Chrome warns users and the company if an unexpected certificate is authenticating a Google site.

    Google asked TurkTrust, which said it had "mistakenly" granted the right to authenticate any site to two organizations in August 2011. Google also warned browser makers including Microsoft and Mozilla, makers of Internet Explorer and Firefox, and all three will now block sites that were authenticated by EGO and another TurkTrust customer.

    Though only Google was demonstrably faked, giving EGO access to Gmail and search activity, many other pages could have been faked without any of the real companies knowing about it. Spokesmen for the Turkish Embassy in Washington and the consulates in New York and Los Angeles could not be reached for comment.

    Few details were provided by the technology companies, but one person involved with the issue said that it appeared that the fake Google.com had been displayed on one internal network.

    "The logical theory is that the transportation agency was using it to spy on its own employees," said Chris Soghoian, a former Federal Trade Commission technology expert now working for the American Civil Liberties Union.

    Validation authority alone isn't enough to intercept traffic, the most likely goal of the project. The authenticator would also have to come in contact with the Web user.

    A similar situation developed in 2011, when Dutch certificate authority DigiNotar said it had been hacked and that certificates had been stolen. Google later warned that a fake certificate for its site was showing up in Iran, and it warned Gmail users in that country to change their passwords.

    Soghoian and other technologists have complained for years that the system behind Https sites is broken, but the industry has been slow to change.

    Among other issues, the certificate authorities can resell the right to authenticate and don't have to disclose who their customers are.

    "The entire Web relies on every single certificate authority being honest and secure," Soghoian said. "It's a ticking time bomb."

    (Reporting by Joseph Menn; Editing by Steve Orlofsky)

    SEE ALSO: Here's 33 strategies that will help you acieve all your goals in 2013 >

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


    0 0

    anonymousThe Pentagon plans to expand its cybersecurity force from 900 personnel to 4,900 troops and civilians over the new several years, Ellen Nakashima of The Washington Post reports. 

    The expansion reflects the need to address vulnerabilities in U.S. cyber infrastructure as well as the desire of the Defense Department’s Cyber Command to build its offensive capabilities. 

    From The Post:

    The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks.

    Earlier this month BBC reported that the U.S. told thousands of companies to beef up protection of computers which oversee power plants and other utilities after security researchers found more than 500,000 potential targets fo cyber attacks. BBC also reported that two U.S. power plants were hit with malware attacks in 2012.

    Nakashima previously reported that major U.S. banks have asked the National Security Agency (NSA) for help protecting their computer systems after hackers, suspected to be Iranian, disrupted bank websites for months.

    The national mission forces would address these defensive concerns, while the combat mission forces would be involved with the increasing use of cyberattacks to precede physical attacks.

    Marines have been conducting cyberattacks in Afghanistan for years. In March Gen. Keith Alexander, chief of both the NSA and U.S. Cyber Command (CYBERCOM), announced the plan to have teams in various regions of the world to focus on foreign foes such as China or Iran. 

    The cyber protection forces would presumably deal with events such as the recent attacks on U.S. government websites by Anonymous.

    Over the weekend hackers took background control of multiple .gov sites as they turned the U.S. Sentencing Commission website and the U.S. Probation Office for the state of Michigan website into games of asteroids to protest the aggressive prosecution of hackivist Aaron Swartz, who recently committed suicide.

    In June Obama administration officials admitted that highly-effective cyberattacks against Iran were executed by the NSA and Israel while acknowledging that employing cyberweapons "could enable other countries, terrorists or hackers to justify their own attacks."

    The Justice Department is now looking to prosecute those high-level leakers.

    SEE ALSO: Cloud Computing Has Officially Brought The Global Cyber War To The US Doorstep

    Please follow Military & Defense on Twitter and Facebook.

    Join the conversation about this story »


older | 1 | (Page 2) | 3 | 4 | newer