06/10/13: Foreign Policy published an article by Matthew M. Aid discussing an elite, rarely discussed, team of NSA hackers and spies targeting America's enemies abroad. This weekend, President Barack Obama sat down for a series of meetings with China's newly appointed leader, Xi Jinping. We know that the two leaders spoke at length about the topic du jour -- cyber espionage. The media has focused at length on China's aggressive attempts to electronically steal US military and commercial secrets, but Xi pushed back noting that China, too, was the recipient of cyber espionage. It turns out that the Chinese government's allegations are essentially correct. According to a number of confidential sources, a highly secretive unit of the National Security Agency (NSA), the US government's huge electronic eavesdropping organization, called the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People's Republic of China. The problem is that TAO has become so large and produces so much valuable intelligence information that it has become virtually impossible to hide it anymore. The Chinese government is certainly aware of TAO's activities. The "mountains of data" statement by China's top Internet official, Huang Chengqing, is clearly an implied threat by Beijing to release this data. Thus it is unlikely that President Obama pressed President Xi too hard at the Sunnydale summit on the question of China's cyber espionage activities.
05/21/13: The Washington Times reports a cheap new encryption technology for mobile phones completely blocks eavesdropping, even from warrant-wielding law enforcement agents – raising fears the technology could fall into the hands of terrorists or criminals. The software poses a growing problem that US law enforcement agencies call “going dark” – the spread of communications technologies that cannot be intercepted even with a warrant because agencies lack the technical capabilities. But experts say the feds’ proposed solution to get around the blackout – by legally mandating the insertion of “back doors” into such software to allow eavesdropping – creates an opening which could be exploited by hackers, online criminals or cyberspies. The issue is not unique to the United States. Intelligence and counter-terrorism officials in the United Kingdom are concerned about the new mobile phone application, called Seecrypt, according the London Mail on Sunday. The app provides individual users with military grade encryption — sending voice and text over the Internet in an a scrambled data stream that can only be deciphered by another user. The new application, which is free to download and will cost $3 a month, is made by a South African-based company, Porton Group, that boasts “we don’t comply” with such mandates, said CEO Harvey Boulter. The program does not have a “Legal Intercept” capability. Last year, the US company Silent Circle caused consternation in law enforcement circles when they launched a similar package here.
04/28/13: BBC News reports Spanish police have arrested a Dutch man suspected of being behind one of the biggest cyberattacks in history. The 35-year-old man was detained in Barcelona following a request from the Dutch public prosecutor. The attack bombarded the websites of anti-junk mail outfit Spamhaus with huge amounts of data in an attempt to knock them offline. It also slowed data flows over closely linked networks and led to a massive police investigation. The suspect is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack. Spamhaus servers were hit with a huge amount of data in a Distributed Denial of Service (DDoS) attack. It overwhelms a web server by sending it many more requests for data than it can handle.
03/29/13: The New York Times reports the assault, which took American Express offline for two hours, was the latest in an intensifying campaign of unusually powerful attacks on American financial institutions that began last September and have taken dozens of them offline, costing millions of dollars. JPMorgan Chase was taken offline by a similar attack this month. And last week, a separate, aggressive attack incapacitated 32,000 computers at South Korea’s banks and television networks. The culprits of these attacks, officials and experts say, appear intent on disabling financial transactions and operations. Corporate leaders have long feared online attacks aimed at financial fraud or economic espionage, but now a new threat has taken hold: attackers, possibly with state backing, who seem bent on destruction. “The attacks have changed from espionage to destruction,” said Alan Paller, director of research at the SANS Institute, a cybersecurity training organization. “Nations are actively testing how far they can go before we will respond.” Security experts who studied the attacks said that it was part of the same campaign that took down the Web sites of JPMorgan Chase, Wells Fargo, Bank of America and others over the last six months. A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for those attacks. The group says it is retaliating for an anti-Islamic video posted on YouTube last fall. But American intelligence officials and industry investigators say they believe the group is a convenient cover for Iran. Just how tight the connection is is unclear. Government officials and bank executives have failed to produce a smoking gun. North Korea is considered the most likely source of the attacks on South Korea, though investigators are struggling to follow the digital trail, a process that could take months. The North Korean government of Kim Jong-un has openly declared that it is seeking online targets in its neighbor to the south to exact economic damage.
03/25/13: The Washington Times reports a new manual commissioned by NATO’s cyberwarfare center says the cyberattack by the US and Israel that crippled Iran’s nuclear program by sabotaging industrial equipment constituted “an act of force” and was possibly illegal under international law. The Tallinn Manual on the International Law Applicable to Cyber Warfare says, “Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force.” The international group of researchers who wrote the manual were unanimous that Stuxnet — the self-replicating cyberweapon that destroyed Iranian centrifuges that were enriching uranium — was an act of force, but were divided on whether its effects were severe enough to constitute an “armed attack,” which would trigger hostilities under the UN Charter and allow Iran to retaliate in self-defense. Neither Israel nor the United States has publicly acknowledged being behind Stuxnet, but they are widely believed to have been responsible.
03/15/13: The New York Times reports North Korea, a country paranoid about perceived threats from the outside world, said on Friday that it had found new foreign invaders: hackers from the United States and its allies shutting down the North’s Web sites, the country’s main tool of spreading propaganda abroad. Until now, the complaint came from the other direction, with South Korean officials suspecting that North Korea was behind a recent series of hacking attacks on South Korean and American Web sites. After North Korea’s recent threats to retaliate against United Nations sanctions, South Korea warned of possible North Korean efforts to disrupt the Internet in the South, one of the most wired countries in the world. These accusations, although denied by the opposing sides, showed how inter-Korean tensions are increasingly spreading into cyberspace. North Korea’s often strident rhetoric has escalated to a feverish new pitch in recent weeks, complete with a threat to launch a “pre-emptive nuclear attack” at the United States and South Korea after the allies started joint military drills on March 1, followed by new United Nations sanctions for the North’s Feb. 12 nuclear test.
02/11/13: The Hill reports a cybersecurity bill that received pushback from privacy advocates and the White House last year will be re-introduced on Wednesday, setting up a potential battle between Congress and the Administration over cybersecurity legislation. House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Ranking Member Dutch Ruppersberger (D-Md.) will reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA) and hold a public hearing analyzing the current state of cyber threat information-sharing between the US Government and industry next week. The bill aims to thwart cyberattacks by making it easier for private companies to share information about threats and malicious source code with the intelligence community and the Department of Homeland Security. The privacy and civil liberties groups that fought CISPA last year plan to revive their efforts to oppose the bill.