For more than decade, a shadowy, heavily resourced, sophisticated hacker group that Kaspersky Labs calls the Equation Group has committed a string of daring, cutting-edge information attacks, likely at the behest of the NSA.
Read the rest
"An elaborate, three-year cyberespionage campaign against United States military contractors, members of Congress, diplomats, lobbyists and Washington-based journalists has been linked to hackers in Iran." The NYT's Nicole Perlroth has more
from a report released this week by the Dallas computer security firm iSight Partners
The US government may use visa restrictions to ban hackers from China from participating in the 2014 Defcon hacker conference in Las Vegas. The move is part of a larger effort by the US to combat Chinese internet espionage.
Read the rest
A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. Picture taken January 2, 2014. REUTERS/Edgar Su.
The Justice Department this week indicted five hackers
linked to China’s People’s Liberation Army. The hackers are accused of stealing data from six US companies
, and represent a "cyberwar" escalation with China: what was a diplomatic discomfort is now a criminal matter. "But cybersecurity policy-watchers say that the arrival of the indictments in the wake of Snowden’s serial revelations could both lessen the charges’ impact and leave American officials open to parallel criminal allegations from Chinese authorities," writes Wired's Andy Greenberg
Bruce Schneier points out that the leaked top-secret list of electronic attack targets picked by the Obama administration is tantamount to a declaration of Internet War on foreign powers, and shows the US government planning attacks that make the much-vaunted Chinese attacks on the USA look tame by comparison.
That's the key question: How much of what the United States is currently doing is an act of war by international definitions? Already we're accusing China of penetrating our systems in order to map "military capabilities that could be exploited during a crisis." What PPD-20 and Snowden describe is much worse, and certainly China, and other countries, are doing the same.
All of this mapping of vulnerabilities and keeping them secret for offensive use makes the Internet less secure, and these pre-targeted, ready-to-unleash cyberweapons are destabalizing forces on international relationships. Rooting around other countries' networks, analyzing vulnerabilities, creating back doors, and leaving logic bombs could easily be construed as an act of war. And all it takes is one over-achieving national leader for this all to tumble into actual war.
It's time to stop the madness. Yes, our military needs to invest in cyberwar capabilities, but we also need international rules of cyberwar, more transparency from our own government on what we are and are not doing, international cooperation between governments and viable cyberweapons treaties. Yes, these are difficult. Yes, it's a long slow process. Yes, there won't be international consensus, certainly not in the beginning. But even with all of those problems, it's a better path to go down than the one we're on now.
We can start by taking most of the money we're investing in offensive cyberwar capabilities and spend them on national cyberspace resilience.
Has U.S. started an Internet war?
Illustration for WIRED by Mark Weaver
"Infiltration. Sabotage. Mayhem. For years four-star general Keith Alexander has been building a secret Army capable of launching devastating cyberattacks. Now it's ready to unleash hell."
In this month's Wired Magazine, James Bamford profiles Keith Alexander, the man who runs cyberwar efforts for the United States, "an empire he has built over the past eight years by insisting that the US’s inherent vulnerability to digital attacks requires him to amass more and more authority over the data zipping around the globe."
The claims in Edward Snowden's leaks are the tip of one big, secret iceberg.
Read: NSA Snooping Was Only the Beginning. Meet the Spy Chief Leading Us Into Cyberwar (Wired.com)
Glenn Greenwald and the Guardian have published details of another Top Secret US surveillance/security document. This one is a presidential order from Obama to his top spies directing them to draw up a hit-list of "cyber war" targets to be attacked by American military hacking operations.
The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".
It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".
The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.
The document further contemplates preemptive first strikes on foreign targets.
As Greenwald points out, this document has been published on the eve of a meeting between Obama and the Chinese Premier Xi Jinping. China has been publicly accused by the USA of carrying out electronic attacks on American infrastructure, and Xi has rebutted by saying that the US has engaged in aggressive "cyber-war" attacks on Chinese infrastructure. This document lends credence to Xi's claim.
Obama orders US to draw up overseas target list for cyber-attacks
I reviewed Ronald Diebert's new book Black Code in this weekend's edition of the Globe and Mail. Diebert runs the Citizen Lab at the University of Toronto and has been instrumental in several high-profile reports that outed government spying (like Chinese hackers who compromised the Dalai Lama's computer and turned it into a covert CCTV) and massive criminal hacks (like the Koobface extortion racket). His book is an amazing account of how cops, spies and crooks all treat the Internet as the same kind of thing: a tool for getting information out of people without their knowledge or consent, and how they end up in a kind of emergent conspiracy to erode the net's security to further their own ends. It's an absolutely brilliant and important book:
Ronald Deibert’s new book, Black Code, is a gripping and absolutely terrifying blow-by-blow account of the way that companies, governments, cops and crooks have entered into an accidental conspiracy to poison our collective digital water supply in ways small and large, treating the Internet as a way to make a quick and dirty buck or as a snoopy spy’s best friend. The book is so thoroughly disheartening for its first 14 chapters that I found myself growing impatient with it, worrying that it was a mere counsel of despair.
But the final chapter of Black Code is an incandescent call to arms demanding that states and their agents cease their depraved indifference to the unintended consequences of their online war games and join with civil society groups that work to make the networked society into a freer, better place than the world it has overwritten.
Deibert is the founder and director of The Citizen Lab, a unique institution at the University of Toronto’s Munk School of Global Affairs. It is one part X-Files hacker clubhouse, one part computer science lab and one part international relations observatory. The Citizen Lab’s researchers have scored a string of international coups: Uncovering GhostNet, the group of Chinese hackers taking over sensitive diplomatic computers around the world and eavesdropping on the private lives of governments; cracking Koobface, a group of Russian petty crooks who extorted millions from random people on the Internet, a few hundred dollars at a time; exposing another Chinese attack directed at the Tibetan government in exile and the Dalai Lama. Each of these exploits is beautifully recounted in Black Code and used to frame a larger, vivid narrative of a network that is global, vital and terribly fragile.
Yes, fragile. The value of the Internet to us as a species is incalculable, but there are plenty of parties for whom the Internet’s value increases when it is selectively broken.
How to make cyberspace safe for human habitation
Black Code: Inside the Battle for Cyberspace
Defense Secretary Leon Panetta, speaking this week
: “An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches. They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.” Later, he told reporters at the NYT to relax; this imminent threat does not mean he wants to read your email.
Iranian President Mahmoud Ahmadinejad inspects centrifuges at a uranium enrichment plant.
Reporting for the New York Times, David Sanger confirms what internet security researchers suspected all along: Stuxnet, the worm that targeted computers in Iran's central nuclear enrichment facilities, was a US/Israeli project and part of an expanded effort at cyberweaponry by the Obama administration.
Read the rest
The Moscow-based security firm credited with solving various mysteries around Stuxnet and Duqu today announced the discovery of Flame, a data-stealing virus said to have lurked on thousands of computers in the Mideast for as long as 5 years. A Kaspersky Lab spokesperson described it in a Reuters interview as "the most complex piece of malicious software discovered to date."
Adds Bruce Sterling, "Given that this has been out in the wild for a couple of years now, what’s five times bigger than 'Flame' and even less understood?"
Writing today at Wired News, Kim Zetter reports that Flame is believed to be "part of a well-coordinated, ongoing, state-run cyberespionage operation."
Kaspersky has a FAQ about Flame, here.
(Image: Kaspersky Labs)
Zartan sez, "This might be the single stupidest thing I've read all year. Richard Clark advocates that the president take action
to 'increase cyber security' in the absence of congressional action, including literally hilarious (if not so scary) ideas like the following: 'If given the proper authorization, the United States government could stop files in the process of being stolen from getting to the Chinese hackers. If government agencies were authorized to create a major program to grab stolen data leaving the country, they could drastically reduce today’s wholesale theft of American corporate secrets.' 'Under Customs authority, the Department of Homeland Security could inspect what enters and exits the United States in cyberspace... And under the Intelligence Act, the president could issue a finding that would authorize agencies to scan Internet traffic outside the United States and seize sensitive files stolen from within our borders.' I would love to know how he would propose Homeland Security could 'inspect' what is leaving the US in 'cyberspace' and 'seize' sensitive files outside our borders. Unfortunately this guy is somewhat influential."
There's a good long read by John Arquilla in Foreign Policy magazine this month. He argues that a concept of cyberwar he proposed some 20 years ago with David Ronfeldt "has become a reality," in that battlefield information systems have "profound impact" as a disruptive force "in wars large and small." But Arquilla goes on to argue that a parallel notion of cyberwar popularized by others-- "less a way to achieve a winning advantage in battle than a means of covertly attacking the enemy's homeland infrastructure without first having to defeat its land, sea, and air forces in conventional military engagements" -- is a bunch of hype-y hooey.
“I think that we have to treat state-based covert activities as the equivalent of acts of war. And I think that we have to respond to that and create a level of pain which teaches people not to do it.” US presidential candidate Newt Gingrich, responding to a question about countries that target U.S. corporate and government information systems.
Pithiness from Bruce Schneier
: "I'm not worried about cyberwar, but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliability trace a cyberweapon leading to increased distrust. Plus, arms races are expensive."