How to protect your privacy at a protest

Micah Lee and The Intercept put together this video with “tips on how to prepare your phone before you go to a protest and on how to safely communicate with your friends.”

Read the rest

Trump to sign yet another trash executive order, this time on 'the cyber'

'President' Donald Trump is expected to sign an executive order addressing cybersecurity today, Reuters reports in an item that cites "two sources familiar with the situation.” The EO is expected to be Trump's first action to address what he called a top priority of his administration during the Presidential campaign.

Read the rest

Squirrels are vastly more harmful to the world's power grids than "the cyber" is

Of 1700+ known acts of global power-grid sabotages, affecting some 5,000,000 people, 879 were caused by squirrels; between 0 and 1 were caused by Russia, and another 1 was caused by the USA (Stuxnet). Read the rest

Trump's cybersecurity book, from (Bill) O'Reilly

(via) Read the rest

Trump's policies on net neutrality, free speech, press freedom, surveillance, encryption and cybersecurity

Three posts from the Electronic Frontier Foundation dispassionately recount the on-the-record policies of Trump and his advisors on issues that matter to a free, fair and open internet: net neutrality; surveillance, encryption and cybersecurity; free speech and freedom of the press. Read the rest

Because cybersecurity: the private jet edition

"Cybersecurity": it's the new "terrorism," a word to conjure with, a source of bottomless no-bid procurements for the military-industrial complex, full employment for snake-oil salesmen. Read the rest

Zero: the number of security experts Ted Koppel consulted for hysterical cyberwar book

Ted Koppel's new book, Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath warns of an impending disaster when America's critical infrastructure will be destroyed by cyberattackers, plunging the nation into a literal dark age. Read the rest

Jeb Bush: Leave NSA Alone

“We must stop demonizing these quiet intelligence professionals and start giving them the tools they need.”

Leaked US cybersecurity report singles out crypto as essential for security of private data

A newly released document from the Snowden trove is a five-year "cyber-threat" forecast that stresses the importance of strong civilian use of cyrptography as crucial to protecting private data, especially the industrial secrets sought by foreign spies. Read the rest

Spies can't make cyberspace secure AND vulnerable to their own attacks

In his Sunday Observer column, John Naughton makes an important point that's hammered home by the escape of the NSA/GCHQ Regin cyberweapon into the wild: spies who make war on the Internet can't be trusted with its security. Read the rest

Essential reading: the irreconcilable tension between cybersecurity and national security

Citizenlab's Ron Diebert lays out the terrible contradiction of putting spy agencies -- who rely on vulnerabilities in the networks used by their adversaries -- in change of cybersecurity, which is securing those same networks for their own citizens. Read the rest

Indispensable BBC/OU series on cybercrime starts tomorrow

Mike from the Open University sez, "The OU and the BBC have created a new six part series about cybercrime, presented by the technology journalist Ben Hammersley." Read the rest

There's no back door that only works for good guys

My latest Guardian column, Crypto wars redux: why the FBI's desire to unlock your private life must be resisted, explains why the US government's push to mandate insecure back-doors in all our devices is such a terrible idea -- the antithesis of "cyber-security." Read the rest

Cybersecurity czar is proud of his technical illiteracy

Michael Daniel thinks "being too down in the weeds at the technical level could actually be a little bit of a distraction"; Ed Felten counters, "Imagine reaction if White House economic advisor bragged about lack of economics knowledge, or Attorney General bragged about lack of legal expertise." Read the rest

MEP explains the security problem with militarizing the Internet

The Dutch MEP Marietje Schaake has a fantastic, must-read essay on the problem with "cyber-war." She lays out the case for securing the Internet (and the world of people and systems that rely on it) through fixing vulnerabilities and making computers and networks as secure and robust as possible, rather than relying on weaknesses in security as vectors for attacking adversaries.

Mass surveillance, mass censorship, tracking and tracing systems, as well as hacking tools and vulnerabilities can be used to harm people as well as our own security in Europe. Though overregulation of the internet should never be a goal in and of itself, regulation of this dark sector is much needed to align our values and interests in a digital and hyper-connected world. There are many European examples. FinFisher software, made by UK’s Gamma Group was used in Egypt while the EU condemned human rights violations by the Mubarak regime. Its spread to 25 countries is a reminder that proliferation of digital arms is inevitable.

Vupen is perhaps best labelled as an anti-security company in France that sells software vulnerabilities to governments, police forces and others who want to use them to build (malicious) software that allows infiltrating in people’s or government’s computers.

It is unclear which governments are operating on this unregulated market, but it is clear that the risk of creating a Pandora’s box is huge if nothing is done to regulate this trade by adopting reporting obligations. US government has stated that American made, lawful intercept technologies, have come back as a boomerang when they were used against US interests by actors in third countries.

Read the rest

Cybercrime sucks (for criminals)

Bruce Schneier comments on an NYT report on cybercrime that shows that there's just not much money to be had in being a ripoff artist. Dinei Florêncio and Cormac Herley wrote:

A cybercrime where profits are slim and competition is ruthless also offers simple explanations of facts that are otherwise puzzling. Credentials and stolen credit-card numbers are offered for sale at pennies on the dollar for the simple reason that they are hard to monetize. Cybercrime billionaires are hard to locate because there aren’t any. Few people know anyone who has lost substantial money because victims are far rarer than the exaggerated estimates would imply.

The authors frame cybercrime as a "tragedy of the commons," where the overfishing (overphishing) by crooks has reduced everyone's margins to nothing, making it hard graft indeed. Meanwhile, cybercrime estimates are subject to the same lobbynomics used to calculate losses from music downloading and profits from drug seizures:

Suppose we asked 5,000 people to report their cybercrime losses, which we will then extrapolate over a population of 200 million. Every dollar claimed gets multiplied by 40,000. A single individual who falsely claims $25,000 in losses adds a spurious $1 billion to the estimate. And since no one can claim negative losses, the error can't be canceled.

Cybercrime as a Tragedy of the Commons Read the rest