10/30/12: PhysOrg reports It is expected to be the mother of all cyber diplomatic battles. When delegates gather in Dubai in December for an obscure UN agency meeting, fighting is expected to be intense over proposals to rewrite global telecom rules to effectively give the United Nations control over the Internet. Russia, China and other countries back a move to place the Internet under the authority of the International Telecommunications Union, a UN agency that sets technical standards for global phone calls. US officials say placing the Internet under UN control would undermine the freewheeling nature of cyberspace, which promotes open commerce and free expression, and could give a green light for some countries to crack down on dissidents.
10/21/12: Reuters reports an online election to choose a “shadow parliament” opposed to Russian President Vladimir Putin was disrupted on Saturday by a cyberattack. “Today we already know that there are some problems with the server, there are some attacks,” Sergei Udaltsov, a prominent protest leader, said at rally on Saturday. Opponents of Putin say elections in Russia are rigged in favor of his ruling party and are instead holding their own online vote which they hope will reinvigorate the flagging opposition movement. Information on their website, www.cvk2012.org, told visitors there could be problems casting their votes and to try again later. Organizers and activists did not suggest who was behind the attacks. The Kremlin has said it will ignore the results of the separate poll.
10/20/12: Here are this week's technology updates related to National Security:
10/14/12: The Miami Herald reports Iran has denied any role in recent cyberattacks against oil and gas companies in the Persian Gulf and said it welcomes a probe of the case. Mahdi Akhavan Bahabadi, secretary of the National Center of Cyberspace, dismissed American allegations of an Iranian link to the Shamoon virus that hit Saudi state oil company Aramco and Qatari natural gas producer RasGas in remarks carried by Iran’s semiofficial news agency. The virus can spread through networked computers and ultimately wipes out files by overwriting them. US Defense Secretary Leon Panetta said it rendered more than 30,000 computers useless, calling them probably the most destructive cyberattacks the private sector has seen to date. Last week reports indicated American authorities believe Iranian hackers, likely supported by the government, were responsible for the attacks.
10/12/12: The New York Times reports Defense Secretary Panetta warned that the US was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government. He was responding to a recent wave of cyberattacks on large American financial institutions. He also cited an attack in August on the state oil company Saudi Aramco, which infected and made useless more than 30,000 computers. The Defense Department is finalizing “rules of engagement” that would put the Pentagon’s cyberweapons into play only in case of an attack on American targets that rose to some still unspecified but significant levels. Short of that, the Pentagon shares intelligence and offers technical assistance to the F.B.I. and other agencies.
10/02/12: NextGov reports telecom giant Huawei, accused by lawmakers of cyberespionage, has hired a number of well-connected former U.S. officials. The concern with Huawei’s hiring strategy is that the multinational tech company, founded by a former People’s Liberation Army member, may be acting on behalf of the Chinese military. House members are investigating the company for allegedly inserting backdoors into products that can remotely siphon data or incapacitate computers. No policies prohibit federal employees from working for Chinese companies following their federal service.
09/29/12: Here are some of the latest technology updates from this week related to national security.
09/22/12: Welcome to the first weekly tech updates post. This will list some of the weeks updates in technology news that may have some impact on national security.
09/18/12: PhysOrg reports that the Flame virus is linked to at least three other malware programs citing a report by Kaspersky Labs. The report suggests that the effort to develop Flame, widely reported to be part of a US-Israeli effort to slow Iran's suspected nuclear weapons development, has been going on longer than initially believed and has more components, including some not yet fully understood. Kaspersky said the latest analysis shows that "at least three other Flame-related malicious programs were created" but added that "their nature is currently unknown."
08/17/12: JURIST reports the Supreme Court of New Zealand declined Wednesday to overturn a lower court decision holding that US authorities must turn over a large amount of evidence in order to secure the extradition of Megaupload.com founder Kim Dotcom, who is accused of orchestrating the largest copyright infringement in the country’s history. Justice Helen Winkelmann rejected Washington’s appeal to limit the amount of information requested, which includes all records connected to covert operations undertaken by agents involved in the investigation. Dotcom, 38, was indicted in the US on charges of generating more than $175 million in criminal proceeds from the exchange of pirated film, music, book, and software files. The US is currently seeking his extradition for a trial in Virginia; he faces a possible twenty-year prison sentence on each charge.
08/11/12: The Hill reports that Representative Ed Markey (D-Mass.) on Thursday released a discussion draft of legislation that would limit such digital searches and seizures after investigations revealed a startling number of law enforcement requests for private cell phone data in recent years. As co-chairman of the Congressional Bipartisan Privacy Caucus, Markey’s inquiry with nine major wireless carriers revealed that law enforcement officials at all levels of government made 1.3 million requests for user data from the companies in 2011. The responses also showed that the number of requests by law enforcement is increasing each year, in some cases by as much as 16 percent. Markey’s proposed Wireless Surveillance Act of 2012 would require law enforcement to provide regular disclosure of information on the requests and to obtain search warrants prior to conducting geolocation tracking.
08/05/12: The Hill reports the White House hasn’t ruled out issuing an executive order to strengthen the nation’s defenses against cyberattacks if Congress refuses to act. Although Senate Republicans killed possible legislation this week, White House Press Secretary Jay Carney refused to rule out executive action. “In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed,” Carney said in response to whether the President is considering a cybersecurity order. “Moving forward, the President is determined to do absolutely everything we can to better protect our nation against today’s cyber threats and we will do that,” Carney said.
08/03/12: The New York Times reports a cybersecurity bill that had been one of the Obama Administration’s top national security priorities was blocked by a Republican filibuster in the Senate on Thursday, severely limiting its prospects for this year. The Senate voted 52-46 to cut off debate, falling short of the sixty votes needed to force a final vote on the measure, which had bipartisan support but ran into a fight over what amendments to the legislation could be proposed. The White House released a statement calling the outcome “a profound disappointment.” The bill’s most vocal opponents were a group of Republican senators led by John McCain (R-Ariz.) who took the side of the US Chamber of Commerce and steadfastly opposed the legislation, arguing that it would be too burdensome for corporations.
08/02/12: The Washington Times reports the Senate could leave town this week for a month-long break without passing legislation to protect the US electrical grid, water supplies, and other critical industries from cyberattack and electronic espionage. Congressional sponsors of cybersecurity legislation scrambled Wednesday to overcome Republican resistance to the measure, but they appeared short of the votes needed for passage despite dire warnings from top national security officials about the potential for devastating assaults on the computer networks that control the country’s essential infrastructure. President Obama urged lawmakers to pass the legislation as soon as possible. The President “strongly, strongly believes that this nation’s well-being is at risk from cyberattacks and intrusions,” said White House counterterrorism adviser John Brennan. “We find it hard to believe there is any reason or basis to oppose this legislation.”
07/28/12: The New York Times reports the top American military official responsible for defending the United States against cyberattacks said Thursday that there had been a seventeen-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers, and other nations. The assessment by General Keith B. Alexander, who heads the National Security Agency and also the newly created United States Cyber Command, appears to be the government’s first official acknowledgment of the pace at which America’s electricity grids, water supplies, computer and cell phone networks, and other infrastructure are coming under attack. Those attacks are considered potentially far more serious than computer espionage or financial crimes.
07/27/12: The Washington Times reports the Senate on Thursday agreed to debate a long-delayed bill to secure the nation’s power grid, water supply, and telecommunications system from cyberattack by hackers or foreign enemies. The Cybersecurity Act of 2012 has supporters from both parties, but it is unclear whether it will garner enough votes to pass in the face of opposition from Republican and business leaders who oppose provisions that would give the Department of Homeland Security authority to set standards for computer security at thousands of private facilities such as power stations and oil refineries. Several Democrats said they would offer amendments strengthening privacy protections in the bill. The bill’s backers, led by Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Me.), said they already made major concessions to critics in the latest draft.
07/25/12: The San Francisco Chronicle reports Iran’s nuclear facilities have suffered a cyber attack that shut down computers and played music from the rock band AC/DC. The F-Secure Security Labs website said a new worm targeted Iran’s nuclear program, closing down the “automation network” at the Natanz and Fordo facilities, citing an e-mail sent by a scientist inside Iran’s Atomic Energy Organization. The virus also prompted several of the computers on site to play AC/DC’s song “Thunderstruck” at full volume in the middle of the night. F-Secure Security Labs said that while it was unable to verify the details of the attack described, it had confirmed that the scientist who reported them was sending and receiving the e-mails from within Iran’s Atomic Energy Organization.
07/20/12: The Hill reports Senate Homeland Security Committee leaders Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Me.) introduced a revised version of their cybersecurity bill on Thursday. The latest version of the legislation includes elements of a voluntary program outlined in a compromise framework drafted by a bipartisan group of senators led by Senators Sheldon Whitehouse (D-R.I.) and Jon Kyl (R-Ariz.). The revised bill proposes to establish a multi-agency council, called the National Cybersecurity Council, that would assess the risks and vulnerabilities found in computer systems of critical infrastructure. The council would be chaired by the Homeland Security Secretary and include members from the Pentagon and Commerce and Justice Departments as well as the intelligence community and federal regulatory agencies that oversee critical infrastructure for specific sectors.
07/20/12: The Hill reports Senator Al Franken (D-Minn.) pressed a Facebook official on Wednesday to provide stronger privacy protections for the company’s tool that identifies users’ faces. He argued that Facebook should require that users opt in to the feature, rather than just allowing them to opt out of it. He also expressed concern that Facebook does a poor job of explaining how the feature works. “I’m worried about how Facebook handles the choices it does give users about this technology,” Franken said at a hearing of the Senate Judiciary Committee’s subcommittee on Privacy, Technology and the Law, which he chairs. Facebook began using a tool last year that identifies a user’s friends in pictures based on their facial features and suggests that the user should tag them.
07/17/12: The Miami Herald reports the Army private charged in the biggest leak of classified information in US history is renewing a request to have two of the twenty-two charges against his client dropped. The attorney for Private-First Class Bradley Manning made his argument before a military judge Monday, the first day of a planned five-day hearing at Maryland’s Fort Meade. Lawyers for Manning and the government are discussing a number of issues in advance of his trial, which is set for September. The now 24-year-old is accused of giving hundreds of thousands of classified diplomatic cables and war logs to the secret-sharing website WikiLeaks. Manning’s attorney argued Monday that two charges alleging Manning exceeded his authorized access to a Defense Department computer network are improper. The judge has yet to rule.
07/16/12: The Hill reports that with the August recess nearly three weeks away, it will be difficult for the Senate to move forward on cybersecurity legislation, but some are holding out for progress to be made on a compromise framework drafted by Senators Jon Kyl (R-Ariz.) and Sheldon Whitehouse (D-R.I.) on provisions dealing with critical infrastructure, such as water systems and telecommunications networks. The US Chamber of Commerce met with Kyl and his staff this past week to discuss the latest version of the framework. A spokesman for the Chamber said the business lobby had a “constructive dialogue” with Kyl at the meeting and didn’t comment further. The business lobby opposed an earlier draft of the compromise proposal circulated last month, but so far has not spoken out against the latest version of the framework.
07/16/12: The Guardian has this interview with cyberwarfare expert John Arquilla in which he argues that instead of prosecuting hackers, the United States should recruit them to assist our efforts in the war on terror. The brilliance of hacking experts could be put to use on the United States' behalf in the same way as German rocket scientists were enlisted after World War II, said Arquilla, a defense analyst at the US Naval Postgraduate School in Monterey, California. Arquilla, who invented the term cyberwarfare two decades ago, said a few master hackers had already been recruited but more were needed. He acknowledged that many dabbled in illegal or questionable acts, but noted that Wernher von Braun, Hitler’s top scientist, was put to work on American rockets and space programs.
H/T to John-Michael Cummings
07/11/12: The Washington Post reports the director of the National Security Agency (NSA) made a fresh appeal Monday for cybersecurity legislation to enable the sharing of threat data between the private sector and the government, asserting that the NSA and other agencies were not interested in reading Americans’ e-mails. General Keith Alexander, who also heads US Cyber Command, said such data-sharing was necessary if the NSA and Cyber Command are to defend the nation against a cyberattack from a foreign adversary. Several cybersecurity bills are pending in Congress, with Senate leadership expressing the intent to bring a package of legislation to the floor this month. Senate Democrats and Republicans are hashing out a compromise on that legislation, which includes an effort to require critical private sector industries to set and meet network security standards.
07/08/12: The Hill reports Industry groups are expecting to see the latest version of the cybersecurity compromise framework from Senators Jon Kyl (R-Ariz.) and Sheldon Whitehouse (D-R.I.) in the coming days. A staff prepared draft of the framework released last month received poor reviews by some business groups, including the US Chamber of Commerce and Information Technology Industry Council, which saw it as too regulatory. The compromise’s chances of breaking the stalemate in the upper chamber could be put in jeopardy if the updated version receives another round of criticism from powerful industry groups. Pressure from these groups and Republicans who believe electronic security hampers business stalled a bill sponsored by Senators Joe Liberman (I-Conn.) and Susan Collins (R-Me.) and supported by the White House.
07/06/12: Wired reports tens of thousands of US internet users could be left without Internet access on Monday when the FBI eliminates domains related to the DNSChanger malware. Computers belonging to an estimated 64,000 users in the United States, and an additional 200,000 users outside the United States, are still infected with the malware, despite repeated warnings in the news, e-mail messages sent by Internet service providers (ISPs) and alerts posted by Google and Facebook. About fifty-eight of the Fortune 500 companies and two government agencies are among those that own at least one computer or router that is still infected with DNSChanger. This website has an easy test to determine whether your computer is infected.
07/05/12: Wired reports the European Parliament on Wednesday rejected the Anti-Counterfeiting Trade Agreement (ACTA). The vote, 478-39, means the deal won’t come into effect in European Union-member nations, and effectively means ACTA is dead. Its fate was also uncertain in the United States: despite the Obama Administration signaling its intent to honor the deal last year, there was a looming constitutional showdown on whether Congress, not the administration, held the power to sign on to ACTA. Overall, not a single nation has ratified ACTA, although Australia, Canada, Japan, Morocco, New Zealand, Singapore and South Korea last year signed their intent to do so. The European Union, Mexico and Switzerland, the only other governments participating in ACTA’s creation, had not signed their intent to honor the plan.
07/02/12: The Hill reports the US Senate is set to tackle legislation to protect the nation’s computer system when it returns from its July 4th recess, but the efforts are being hampered by disagreements over the government’s role in overseeing cybersecurity standards. Lawmakers of both parties worry that hackers are stealing America's business secrets and that an attack on a vital computer system could cause thousands of deaths. But sharp differences remain. The House passed its own bill, the Cyber Intelligence Sharing and Protect Act (CISPA), in April. President Obama has threatened to veto CISPA, saying it would undermine privacy and would fail to protect the nation's critical infrastructure. The White House and Senate Democratic leaders have instead endorsed the Cybersecurity Act, sponsored by Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Me.).
06/29/12: Wired reports the US Government’s bid to extradite copyright infringement king Kim Dotcom to the United States was dealt a severe blow Thursday, when a New Zealand High Court judge ruled that the raids on Doctom’s home earlier this year were “illegal.” The decision may doom the entire prosecution of the founder of the file-sharing site Megaupload; New Zealand authorities are appealing. Justice Helen Winkelmann said that warrants for the raids “fell well short of” describing the offenses they were meant to relate. She concluded words such as “breach of copyright” used in the warrants do not provide details of the alleged offense and therefore, the warrants did not comply with New Zealand law.
06/29/12: The Washington Times reports the chairman of the House Permanent Select Committee on Intelligence is warning that recent news reports describing a US role in a cyberattack against Iran’s nuclear program will cost the United States dearly. The reports, which said the US and Israel were behind the Stuxnet cyberworm that sabotaged Iran’s uranium processing plants in 2009, started “a very dangerous speculation game that we are all going to pay the price for,” said Representative Mike Rogers (R-Mich.) His comments underline growing concern among some US security officials and private-sector specialists about blowback from the Stuxnet attack itself, like retaliation from Iran, or the proliferation of cyberattacks against the kind of computer-controlled machinery for operations such as factories and city water systems.
06/23/12: The Washington Post features an op-ed by David Ignatius discussing the process of leaking and trying to put the recent outrage over intelligent leaks in context. He points out, first, that this is something every administration has done, and that the recent information published about cyberattacks against Iran contained some stories that took place before President Obama was in office and could only have been known (and thus leaked) by operatives in George W. Bush's administration. He also points out that rather than leakers simply going to reporters, a leak often begins with the reporter getting his information some other way and asking his source to corroborate it, or for clarification. At that point, since the reporter is likely to go to press even without the source's cooperation, the source cooperates to put the story in the best light he can.