Posts tagged cyber
Six years after the White House first started running amok on the computer networks of its adversaries, US President Barack Obama has signed off on a top-secret order that finally offers blueprints for the Pentagon’s cyberwars.
Pres. Obama has autographed an executive order outlining protocol and procedures for the US military to take in the name of preventing cyberattacks from foreign countries, the Washington Post reports, once and for all providing instructions from the Oval Office on how to manage the hush-hush assaults against opposing nation-states that have all been confirmed by the White House while at the same time defending America from any possible harm from abroad.
According to Post’s sources, namely “officials who have seen the classified document and are not authorized to speak on the record,” Pres. Obama signed the paperwork in mid-October. Those authorities explain to the paper that the initiative in question, Presidential Policy Directive 20, “establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace.”
Confronting a threat may sound harmless, but begs to introduce a chicken-and-the-egg scenario that could have some very serious implications. The Post describes the directive as being “the most extensive White House effort to date to wrestle with what constitutes an ‘offensive’ and a ‘defensive’ action in the rapidly evolving world of cyberwar and cyberterrorism,” but the ambiguous order may very well allow the US to continue assaulting the networks of other nations, now with a given go-ahead from the commander-in-chief. Next in line, the Post says, will be rules of engagement straight from the Pentagon that will provide guidelines for when to carry out assaults outside the realm of what is considered ‘American’ in terms of cyberspace.
Security for the 99%
The House of Representatives kicked off their “cybersecurity week” yesterday with a hearing titled “America Is Under Cyber Attack: Why Urgent Action is Needed.” Needless to say, the rhetoric of fear was in full force. A lot of topics were raised by members of Congress and panelists, but perhaps the most troublesome theme came from panelist and Former Executive Assistant Director of the FBI Shawn Henry, who repeatedly urged that good cybersecurity means going on the offensive:
“the problem with existing [...] tactics is that they are too focused on adversary tools (malware and exploits) and not on who the adversary is and how they operate. Ultimately, until we focus on the enemy and take the fight to them […], we will fail.”
This offensively-minded approach has major pitfalls, as it could lead to more government monitoring and control over our communications. While we think an increased focus on catching criminals using existing tools is a fine tactic that could be used by law enforcement, we fear the temptation for law enforcement to increase their surveillance capabilities in order to successfully go on the offensive in the context of computer crimes. This could mean things like breaking into people’s computers without warrants, or disrupting privacy-enhancing tools like Tor. Needless to say, we think it would be a very bad idea to link our safety to the ability for law enforcement to effectively monitor people, and that is a danger of focusing solely on an offensive strategy. Instead, we would like to offer an alternative, defensively-oriented point of view regarding security, an important view that we think was not adequately represented in yesterday’s panel.
Securing U.S. critical infrastructure networks, corporate networks, and the Internet at large depends upon securing our computers and networked devices. Fundamentally, it’s very simple: fewer software vulnerabilities means more security. Once a vulnerability is patched and an upgraded version of software is available and in use, that increases safety for all of us. Ensuring that the right mechanisms are in place to maximize this baseline security should be a major focus area of any organized effort to secure our critical and other Internet infrastructure. This means encouraging the disclosure of vulnerabilities when they are found so that they can be fixed, and no longer exploited. This is what we mean when we talk about security for everyone. This defensive strategy also takes a view of vulnerabilities that includes engineering with security in mind: if software doesn’t force good security on administrators and other humans who have a role to play to keep things secure, then that should be considered a security vulnerability in that software.
In order to understand why vulnerabilities are the foundation of insecurity and ought to the focus of defensive efforts, let’s take a bit of time for those new to the computer security world to define bugs, vulnerabilities, exploits, and a particularly nasty class of exploits called “zero-day” exploits.
By Maira Sutton
Iran: Authorities Seeking Information on Censorship Tools
The Islamic Republic of Iran has recently become notorious for its efforts to create a “halal” Internet. This week, a security researcher found that Iranian authorities published a “Request for Information” (RFI) seeking details on new types of censorship tools that are available in the market. Ars Technica reported that the Persian language RFI calls for “proper conditions for domestic experts in order to build a healthy Web and organize the current filtering situation.” The deadline for response was yesterday, April 19.
The existence of the RFI suggests that Iran is seeking to nationally expand its scope of online content blocking and filtering. The RFI states:
The creation of a comprehensive Internet purifying system that works based on analysis of Web content is considered among the most important activities in this area and efforts must be made to cultivate domestic technologies…In addition to creating a domestic industry, among other goals of the institute are the purchase and acquisition of foreign technical knowledge and leveraging of the latest technology alongside domestic ones.
What’s clear is that the Iranian government is seeking a more sophisticated system to block content, beyond its current mandate of blacklisting entire sites and banning words. EFF will continue to monitor this initiative and the Iranian government’s efforts to facilitate online censorship.
India: Professor arrested over a political cartoon; CIS urges Parliament to overturn 2011 censorship legislation
A chemistry professor in the state of West Bengal was arrested on Friday for posting political cartoons about the state’s Chief Minister, Mamata Banerjee. Ambikesh Mahapatra’s arrest follows increasing public discontent with Minister Banerjee and her style of governance. The local police charged Mahapatra with cyber crime offenses, claiming he had spread “derogatory messages against respectable persons.”
Following the arrest last week, there has been a massive backlash and an online campaign to condemn the charges. The highest trending Twitter hashtag in India is currently #arrestmenow, which has been adopted by users to tweet critical, often humorous, opposition to the police action. It echoed a similar situation in December, when the Indian blogosphere and Twitterverse was aflame with criticism against Minister of Communications and IT, Kapil Sibal after he demanded that websites such as Google and Facebook filter content deemed offensive. Indian netizens’ increasing use of social media to fight back against state-mandated efforts to censor online speech is a welcome sight.
The Electronic Frontier Foundation (EFF) is urging the public to take part in a Twitter protest directed at their lawmakers.
You can access EFF’s online interactive tool to find your representatives and their Twitter handles. The campaign will use the hashtags #CongressTMI and #CISPA.
If you download and distribute copyrighted material on the Internet, or share any information that governments or corporations find inconvenient, you could soon be labeled a threat to national security in the United States.
That’s the aim of a bill in Congress called the Cyber Intelligence Sharing and Protection Act (CISPA), which some have labeled in recent weeks as a type of sequel to the Stop Online Piracy Act (SOPA), a highly controversial series of proposals that were utterly destroyed by an online mass work-stoppage protest earlier this year.
CISPA, however, is nothing like SOPA, despite its recent association in the media. While SOPA included provisions that would have essentially broken the Internet by allowing the U.S. to delete domains from a central registry system, CISPA does nothing of the sort, and aims more at “cyber threat intelligence” gathering than censorship and piracy prevention.
March 31, 2012
Credit card data — enough to create counterfeit cards — has been stolen from Visa and Mastercard users, Visa confirmed today. The companies are doing damage control, alerting banks and affected card members.
According to security researcher, Brian Krebs, a group of individuals, have compromised the a payments processor, rumored to be Global Payments Inc. The group is believed to be New York-based, targeting the payment system in New York parking garages. Cyber criminals have gained access through the processor to “Track 1 and Track 2 data,” which gives them enough information to make fraudulent purchases on the compromised cards.
Visa and Mastercard have alerted a number of banks and credit unions associated with the cards, warning that they should be on the lookout for fraud.
“Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards,” the company said in a statement, “As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity.”
Summary: In a press conference held Wednesday morning, FBI agent Shawn Henry said the current cyber security of corporations in the US is completely unsustainable. The cyber expert even went as far as to say that companies need to make major changes in the way they use computer networks to avoid National Security and economic threats. This comes after dozens of high profile attacks by so-called Hacktivists from the Department of Justice to Sony have been targeted and hundreds of millions were successfully hacked. Greg Housh, an Internet activist and CEO of Local SEO Company, joins RT\’s Liz Wahl to explain.
Funny story if you really listen to this. China hacks not discovered for 1 year. Fear mongering to….? This is affecting the corporatism, not you and I. Trying to recruit the smart folks, but they are not willing to play, lol. Maybe the more intelligent of the crowd realize that they can think for them selves. Please say the word “terrorist” 100 more times. We The People are not the threatened corruption in DC. Internet CEO represents banks and corporations but wanting to spread the fear to you and I.
By Steve Dibert
Sweetheart Mortgage Deals and Mortgage Assignments Don’t Add Up.
Bobbi Bowman and Zandy Dudiak, Patch.com
A search of land records for the $2 million Great Falls, VA, home of Republican presidential candidate and former Pennsylvania Senator Richard Santorum turns up a series of mortgages that at times equaled and exceeded the sales price of the property.
The industry guideline is usually mortgages should not exceed 75 percent of the appraised value of a property, according to mortgage experts. The assessed value of the Great Falls home, which is set by Fairfax County, has fallen since Santorum bought it in 2007.
Property values have fallen throughout the county—even in the wealthiest communities of McLean and Great Falls—because of the recession.
It’s a fascinating story to follow the real estate transactions of this presidential aspirant who is also a neighbor. All the transactions are found in the Fairfax County land records. We’re going to walk you through Santorum’s life as a Fairfax County homeowner.
In September 1995, as a newly elected senator from Pennsylvania, Santorum and his wife bought a house in Herndon, VA, for $292,000, according to the Fairfax County deed.
As a Congressman, Santorum had lived in Mt. Lebanon, but sold that house in 1995, the same year he bought the one in Herndon. He then bought a house in Penn Hills in 1997.
In November 1998, the couple took out a mortgage of $244,000 on the Herndon home, according to the mortgage filed in the Fairfax County courthouse.
In November 2001, the Santorums sold the home for $429,900. They moved to Leesburg in Loudoun County.
Usually mortgages are paid off when homes are sold. Not in this case. The Santorums paid off the mortgage in October 2003, according to county documents.
In 2006, Santorum ran for a third term in the U.S. Senate and lost, due in part to the controversy over whether he actually lived in Pennsylvania, and after he enrolled five of his children in an online cyber school paid for by the Penn Hills (PA) School District, despite the fact that all the children lived in Virginia.
The family returned to Fairfax County in August 2007. They bought a house with five acres in Great Falls with a high-ranking official of a major development and mortgage company.
Santorum formed the Creamcup Trust with James Sack, the secretary and general counsel of NVR, a major single-family developer and mortgage finance company in northern Virginia and 15 states. Creamcup Trust bought a house and five acres of land on Creamcup Lane in Great Falls for $2 milllion in August 2007, according to the deed.