Archive for the 'Cyberwar' Category

Flame, Stuxnet and cyberwar

[link] Thursday, June 21st, 2012

From Good Morning Silicon Valley, citing the Washington Post.

There have been persistent whispers that the United States and Israel collaborated on the Stuxnet worm, which hit the computer systems of a nuclear plant in Iran a few years ago and was discovered in 2010. Earlier this month, spyware dubbed Flame was found on computers in Iran and elsewhere in the Middle East. Security experts have said Stuxnet and Flame have the same creators. Now the Washington Post reports, citing anonymous “Western officials,” that the U.S. and Israel were those creators; that Flame was created first; and that Flame and Stuxnet are part of a broader cyber-sabotage campaign against Iran. That campaign started under President George Bush and is continuing under President Barack Obama, according to a New York Times report earlier this month. (See Burning questions about Flame and cyberwar.) The Washington Post report describes Flame as “among the most sophisticated and subversive pieces of malware to be exposed to date” — a fake Microsoft software update that allows for a computer to be watched and controlled from afar.

Snooping and state power

[link] Sunday, April 8th, 2012

This morning’s Observer column:

The basic scenario hasn’t changed. Because of technological changes, we are told, criminals and terrorists are using internet technologies on an increasing scale. Some of these technologies (eg Skype) make it difficult for the authorities to monitor these evil communications. So we need sweeping new powers to enable the government to defend us against these baddies. These powers are as yet unspecified but will probably include “deep packet inspection” as a minimum. And, yes, these new measures will be costly and intrusive, but there will be “safeguards”.

The fierce public reaction to these proposals seems to have taken the government by surprise, which suggests ministers have been asleep at the wheel. My hunch is that the proposals were an attempt by the security services to slip one over politicians by selling them to senior officials in the Home Office, who, like their counterparts across the civil service, know sweet FA about technology and are liable to believe 10 implausible assertions before breakfast. In that sense, the Home Office has been “captured” by GCHQ and MI5 much as the health department has been captured by consultancy companies flogging ludicrous ICT projects….

On reading (and not understanding?) Heidegger

[link] Sunday, April 1st, 2012

This morning’s Observer column.

If you write about technology, then sooner or later you’re going to meet a smartarse who asks whether you’ve read Heidegger’s The Question Concerning Technology. Having encountered a number of such smartarses in recent years, I finally decided to do something about it, and obtained a copy of the English translation, published in 1977 by Harper & Row. Having done so, I settled down with a glass of sustaining liquor and embarked upon the pursuit of enlightenment.

Big mistake. “To read Heidegger,” writes his translator, William Lovitt, “is to set out on an adventure.” It is. Actually, it’s like embarking on one of those nightmares in which you’re wading through quicksand and every time you grasp a rope or a rock it comes apart in your hand. And it turns out that Heidegger’s fiendish technique is actually to lure you into said quicksand.

Cybercrime more dangerous than cyberwar, Says Obama Aide

[link] Wednesday, April 14th, 2010

From Technology Review.

A top White House cybersecurity aide said yesterday that transnational cybercrime, such as thefts of credit-card numbers and corporate secrets, is a far more serious concern than ‘cyberwar’ attacks against critical infrastructure such as the electricity grid.

Christopher Painter, the White House’s senior director for cybersecurity, made his comments at a conference arranged by top Russian cybersecurity officials in Garmisch-Partenkirchen, Germany. Russia is a major source of cybercrime, but its government has declined to sign the European Convention on Cybercrime–the first international treaty on the subject. The treaty aims to harmonize national laws and allow for greater law-enforcement cooperation between nations.

Painter acknowledged that critical infrastructure needed to be made more secure, but said that the best defenses start by cracking down on crime. “There are a couple of things we need to do to harden the targets, and make the systems as secure as possible,” he said. “But the other thing you need to do is reduce the threat. And the predominant threat we face is the criminal threat–the cybercrime threat in all of its varied aspects.”

We need Hague Convention 2.0. And we need it soon

[link] Sunday, June 28th, 2009

This morning’s Observer column.

If you’re not worried, you have not been paying attention. Almost without realising it, our societies have become hugely dependent on a functioning, reliable internet. Life would go on without it, but most people would be shocked by how difficult much of the routine business of living would become. It would be like being teleported back to the 1970s. Even a minor conflict could slow the global internet to a crawl. So cyberwar is a bit like nuclear war, in that even a minor outbreak threatens everyone’s life and welfare.

In those circumstances, isn’t it time we thought about devising treaties to regulate it? We need something analogous to the 1925 Geneva Protocol to the Hague Convention, which prohibited chemical and biological weapons. And we need to start now.

UPDATE: Interesting to see that this is also the lead story in today’s New York Times .

The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet.

Both nations agree that cyberspace is an emerging battleground. The two sides are expected to address the subject when President Obama visits Russia next week and at the General Assembly of the United Nations in November, according to a senior State Department official.

But there the agreement ends.

Russia favors an international treaty along the lines of those negotiated for chemical weapons and has pushed for that approach at a series of meetings this year and in public statements by a high-ranking official.

The United States argues that a treaty is unnecessary. It instead advocates improved cooperation among international law enforcement groups. If these groups cooperate to make cyberspace more secure against criminal intrusions, their work will also make cyberspace more secure against military campaigns, American officials say.

“We really believe it’s defense, defense, defense,” said the State Department official, who asked not to be identified because authorization had not been given to speak on the record. “They want to constrain offense. We needed to be able to criminalize these horrible 50,000 attacks we were getting a day.”

Any agreement on cyberspace presents special difficulties because the matter touches on issues like censorship of the Internet, sovereignty and rogue actors who might not be subject to a treaty.

United States officials say the disagreement over approach has hindered international law enforcement cooperation, particularly given that a significant proportion of the attacks against American government targets are coming from China and Russia.

And from the Russian perspective, the absence of a treaty is permitting a kind of arms race with potentially dangerous consequences.

Modern warfare: first DDOS, then tanks

[link] Wednesday, August 13th, 2008

From John Markoff in the New York Times Blog

The Georgian government is accusing Russia of disabling Georgian Web sites, including the site for the Ministry of Foreign Affairs.

Because of the disruption, the Georgian government began posting the Foreign Ministry’s press dispatches on a public blog-hosting site owned by Google (georgiamfa.blogspot.com) and on the Web site of Poland’s president, Lech Kaczynski.

Separately, there were reports that Estonia, which was embroiled in an electronic battle with Russia in May of last year, was sending technical assistance to the Georgian government.

The attacks were continuing on Monday against Georgian news sites, according to Jose Nazario, a security researcher at Arbor Networks, based in Lexington, Mass.

“I’m watching attacks against apsny.ge and news.ge right now,” he said. The attacks are structured as massive requests for data from Georgian computers and appear to be controlled from a server based at a telecommunications firm, he said…

Meanwhile Google has been stung into denying that it had erased maps of Georgia. It never had them in the first place, it claimed.

Hmmm…

Later: ArsTechnica has a thoughtful post saying that the evidence that the Russian military were behind the attacks is not convincing.

According to Gadi Evron, former Chief information security officer (CISO) for the Israeli government’s ISP, there’s compelling historical evidence to suggest that the Russian military is not involved. He confirms that Georgian websites are under botnet attack, and that yes, these attacks are affecting that country’s infrastructure, but then notes that every politically tense moment over the past ten years has been followed by a spate of online attacks. It was only after Estonia made its well-publicized (and ultimately inaccurate) accusations against Russia that such attacks began to be referred to as cyberwarfare instead of politically motivated hackers. Evron writes:

“Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine…While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn’t so far seem different than any other online after-math by fans. Political tensions are always followed by online attacks by sympathizers. Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically.”

Arbor Networks’ Jose Nazario offers additional proof of Evron’s statements, writing: “While some are speculating about cyber-warfare and state sponsorship, we have no data to indicate anything of the sort at this time. We are seeing some botnets, some well known and some not so well known, take aim at Georgia websites…These attacks were mostly TCP SYN floods with one TCP RST flood in the mix. No ICMP or UDP floods detected here. These attacks were all globally sourced, suggesting a botnet (or multiple botnets) were behind them.”

Still later: Tech Review is reporting that the USAF is considering mothballing its nascent Cyberspace Command. Another report here. Bad move, IMHO.