Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

[ctg]

Declassified documents from America's Foreign Intelligence Surveillance Court (FISC) shows that even the NSA didn't know the limits of what it was supposed to collect, and overstepped its authorisations for years.

The documents were released to the Electronic Privacy Information Centre in response to an FOI request, and record FISC judges' disquiet about the program. Seeking a renewal for the NSA's use of “pen register and trap and trace (PR/TT)” devices in US networks to collect subscriber metadata, the papers note that “the government acknowledges that NSA exceeded the scope of authorised acquisition continuously during the more than [REDACATED] years of acquisition under these orders”.

The court says NSA's overcollection of metadata was “systematic” over a number of years.

Referring to the “serious compliance problems that have characterised the government's implementation of prior FISC orders”, the documents indicate that non-compliance was a frequent problem, with the government notifying the court of NSA breaches both in the over-collection of data and the disclosure of data to other agencies beyond the court's authorisation.

Rather than sift through the entire dataset to work out what was compliant and what was not, the court notes, the NSA at one point decided to flush it all and start again: “NSA had eliminated access to the database that contained the entire set of metadata, and repopulated the databases used by analysts to run queries so that they only contained information [REDACTED] that had not been involved in the unauthorised collection”.

Later still – but still with the dates redacted – the NSA managed a trifecta, with the court noting another round of compliance breaches relating to access to metadata; disclosure of query results; and overcollection (again).

While the details are still sketchy and redacted, it looks to The Register as if someone wrote an over-enthusiastic script: “the NSA had regularly accessed the bulk telephone metadata using a form of automated querying based on telephone numbers that had not been approved under the RAS standard” (RAS means “reasonable articulable suspicion”, that is, only persons suspected of association with international terrorist groups could be swept up in the PR/TT dragnet).

“Those conducting oversight at NSA failed to do so effectively”, the documents state.

Interestingly, the documents also reveal that the FISC court regards the line between “data” and “metadata” as blurry.

Early on, it cites this definition: “metadata is information 'about the communication, not the actual communication itself'”, which includes “numbers dialled, the length of a call, internet protocol addresses, e-mail addresses and similar information concerning the delivery of a communication rather than the message between two parties”.

So where does a URL sit in the FISC's view?

“In the context of Internet communications, a Uniform Resource Locator (URL) – 'an address that can lead you to a file on any computer on the Internet' – constitutes a form of 'addressing information' under the ordinary meaning of that term. Yet, in some circumstances a URL can also include 'contents'”, the papers state.

http://www.theregister.co.uk/2014/08/13/nsa_overstepped_fisc_collection_rules/

 

[ctg]

Edward Snowden has made us painfully aware of the government’s sweeping surveillance programs over the last year. But a new program, currently being developed at the NSA, suggests that surveillance may fuel the government’s cyber defense capabilities, too.


The NSA whistleblower says the agency is developing a cyber defense system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. The program, called MonsterMind, raises fresh concerns about privacy and the government’s policies around offensive digital attacks.

Although details of the program are scant, Snowden tells WIRED in an extensive interview with James Bamford that algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.

http://www.wired.com/2014/08/nsa-monstermind-cyberwarfare/

 

[ctg]

Just months after reports emerged that LulzSec "kingpin" turned FBI snitch Hector Xavier Monsegur had allegedly led cyber-attacks against foreign governments while under FBI control, a "cache of sealed court documents" has provided some more startling reading.

Monsegur – who prosecutors insist is "Sabu", a leading figure in hacktivist group Lulzsec – cut a deal with Feds that saw him receive a "time served" sentence of seven months and a one year supervision order back in May instead of the 20-plus years imprisonment that his numerous offences might have attracted without his co-operation in law enforcement investigations against other hackers.

Sabu operated as a "rooter" – someone who can gain root access to systems – in multiple attacks including assaults against HBGary, Fox Television and Nintendo.

Now the Daily Dot reports that Sabu helped forge an alliance between his group "AntiSec" and the politically motivated Turkish "Red Hack" hacking crew.

The news site says it got its hands on a "cache of sealed court documents", which it says show how Sabu recruited Jeremy Hammond, who was sent to jail over the Stratfor hack, to hack into foreign government websites from a list provided.

Monsegur, whose actions at the time were being overseen by the FBI, orchestrated these attacks. He was arrested by the Feds in June 2011 and turned, partially under pressure of what would happen to his two adopted children. He acted as as FBI asset in the investigation of other hackers for months afterwards until the arrest of his former LulzSec cohorts in March 2012.

"During an encrypted chat session on Jan. 25, 2012, less than two months before Hammond’s arrest, Monsegur instructed him to 'pop off' several dozen foreign government websites from a list that Monsegur provided," the Daily Dot claims. "Access to any hacked Turkish websites, Monsegur told Hammond, would be provided to the RedHack group," it alleged. RedHack was a group which had allegiances to AntiSec/LulzSec.

Monsegur reportedly used zero-day vulnerabilities in Plesk, a common web-publishing platform, to draw up a list of vulnerable targets. The Daily Dot alleges the court docs confirmed that these systems were rooted by Hammond, who passed over details of the pawnage to RedStar, a core member of RedHack’s team. "Some of the government domains Monsegur supplied access to were later defaced, and confidential emails belonging to Turkish officials were stolen," the report adds.

The New York Times previously reported how Monsegur worked with the FBI on cyber-attacks against governmental websites in Brazil, Iran, Iraq, Pakistan and Syria.

The latest revelations add Turkey to the list while filling in the blanks on how the process was run.

The revelations also renew questions about whether the FBI – or some other agency working with the former LulzSec co-founder – was using hackers to gather foreign intelligence. The FBI has consistently denied doing so. ®

http://www.theregister.co.uk/2014/0...terminded_turkey_attacks_according_to_report/

 

[ctg]

Edward Snowden has made us painfully aware of the government’s sweeping surveillance programs over the last year. But a new program, currently being developed at the NSA, suggests that surveillance may fuel the government’s cyber defense capabilities, too.

The NSA whistleblower says the agency is developing a cyber defense system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. The program, called MonsterMind, raises fresh concerns about privacy and the government’s policies around offensive digital attacks.

Although details of the program are scant, Snowden tells WIRED in an extensive interview with James Bamford that algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.

Cryptographer Matt Blaze, an associate professor of computer science at the University of Pennsylvania, says if the NSA knows how a malicious algorithm generates certain attacks, this activity may produce patterns of metadata that can be spotted.

“An individual record of an individual flow only tells you so much, but more revealing might be patterns of flows that are indicative of an attack,” he says. “If you have hundreds or thousand of flows starting up from a particular place and targeted to a particular machine, this might indicate you’re under attack. That’s how intrusion detection and anomaly-detection systems generally work. If you have intelligence about the attack tools of your adversary, you may be able to match specific patterns to specific tools that are being used to attack.”

Think of it as a digital version of the Star Wars initiative President Reagan proposed in the 1980s, which in theory would have shot down any incoming nuclear missiles. In the same way, MonsterMind could identify a distributed denial of service attack lobbed against US banking systems or a malicious worm sent to cripple airline and railway systems and stop—that is, defuse or kill— it before it did any harm.

More than this, though, Snowden suggests MonsterMind could one day be designed to return fire—automatically, without human intervention—against the attacker. Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks.

Snowden doesn’t specify the nature of the counterstrike to say whether it might involve launching malicious code to disable the attacking system, or simply disable any malicious tools on the system to render them useless. But depending on how its deployed, such a program presents several concerns, two of which Snowden specifically addresses in the WIRED story.

First, an attack from a foreign adversary likely would be routed through proxies belonging to innocent parties—a botnet of randomly hacked machines, for example, or machines owned by another government. A counterstrike could therefore run the risk of embroiling the US in a conflict with the nation where the systems are located. What’s more, a retaliatory strike could cause unanticipated collateral damage. Before returning fire, the US would need to know what it is attacking, and what services or systems rely upon it. Otherwise, it could risk taking out critical civilian infrastructure. Microsoft’s recent move to take down two botnets—which disabled thousands of domains that had nothing to do with the malicious activity Microsoft was trying to stop—is an example of what can go wrong when systems are taken down without adequate foresight.

Blaze says such a system would no doubt take the attribution problem—looking beyond proxies to find exactly where the attack originated—into consideration. “Nobody would build a system like this and be unaware of the existence of decentralized botnet attacks laundered through the systems of innocent users, because that’s how pretty much all attacks work,” he says. That does not, however, make so-called hackback attacks any less problematic, he says.

The second issue with the program is a constitutional concern. Spotting malicious attacks in the manner Snowden describes would, he says, require the NSA to collect and analyze all network traffic flows in order to design an algorithm that distinguishes normal traffic flow from anomalous, malicious traffic.

“[T]hat means we have to be intercepting all traffic flows,” Snowden told WIRED’s James Bamford. “That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”

It would also require sensors placed on the internet backbone to detect anomalous activity.

Blaze says the algorithm scanning system Snowden describes sounds similar to the government’s recent Einstein 2 (.pdf) and Einstein 3 (.pdf) programs, which use network sensors to identify malicious attacks aimed at U.S. government systems. If that system were secretly being extended to cover all U.S. systems, without public debate, that would be a concern.

Although MonsterMind does resemble the Einstein programs to a certain degree, it also sounds much like the Plan X cyberwarfare program run by Darpa. The five-year, $110 million research program has several goals, not the least of which is mapping the entire internet and identifying every node to help the Pentagon spot, and disable, targets if needed. Another goal is building a system that allows the Pentagon to conduct speed-of-light attacks using predetermined and pre-programmed scenarios. Such a system would be able to spot threats and autonomously launch a response, the Washington Post reported two years ago.

It’s not clear if Plan X is MonsterMind or if MonsterMind even exists. The Post noted at the time that Darpa would begin accepting proposals for Plan X that summer. Snowden said MonsterMind was in the works when he left his work as an NSA contractor last year.

The NSA, for its part, would not respond to questions about the MonsterMind program.

http://www.wired.com/2014/08/nsa-monstermind-cyberwarfare/

 

[koponen]

Uutisvirran lomaan ajatuksia.

Onko sinulla millään tietoverkkoihin liitetyllä laitteella tietoa / sähköistä aineistoa, jonka et voi sallia päätyvän suuren yleisön tai yksityisen/taloudellisen/sotilaallisen "vastapuolesi" käsiin? Olethan täysin tietoinen siitä, että kontrollisi häviää sillä sekunnilla, kun kyseinen laite saa kylkeensä verkkokaapelin, WLAN-radio aktivoituu tai SIM-kortti laitetaan sisään? Eikä mikään sinun saatavillasi oleva / käytettävyydeltään inhimillinen salaus ole oikeasti päättäväisen hyökkääjän kannalta kuin hidaste? Että koko sähköinen historiasi kertyy vähintään yhteen, todennäköisesti moneen laariin klikkaus klikkaukselta, merkki merkiltä, yhteys yhteydeltä?

Papereilla, tapaamisilla, kassakaapeilla on edelleen paikkansa maailmassa. Naurattaa tai ei.

On muuten pirun työlästä järjestää säntillistä tiedonhallintaa jakamistalouden ja belfieiden maailmassa.

 

[hessukessu]

Onko sinulla millään tietoverkkoihin liitetyllä laitteella tietoa / sähköistä aineistoa, jonka et voi sallia päätyvän suuren yleisön tai yksityisen/taloudellisen/sotilaallisen "vastapuolesi" käsiin? Olethan täysin tietoinen siitä, että kontrollisi häviää sillä sekunnilla, kun kyseinen laite saa kylkeensä verkkokaapelin, WLAN-radio aktivoituu tai SIM-kortti laitetaan sisään? Eikä mikään sinun saatavillasi oleva / käytettävyydeltään inhimillinen salaus ole oikeasti päättäväisen hyökkääjän kannalta kuin hidaste? Että koko sähköinen historiasi kertyy vähintään yhteen, todennäköisesti moneen laariin klikkaus klikkaukselta, merkki merkiltä, yhteys yhteydeltä? Papereilla, tapaamisilla, kassakaapeilla on edelleen paikkansa maailmassa. Naurattaa tai ei.

Näinhän se on. Mutta muistakaa, että se laite voi välittää tietoa myös bluetoothin välityksellä sekä loistaa em-spektrillä kuin majakka lähiseudulle.

 

[koponen]

Eräässä yhteydessä tovi sitten kävin läpi omissa työverkostoissani olevien avainhenkilöiden some-kytköksiä. Lähes kaikilla, joilla oli lähipiiriä laajempi some-verkosto, oli "kavereina" tai "yhteyksinä" tuntemattomia, yleensä keskieurooppalaisia tai kaakkoisaasian bisneshubeista väitetysti olevia tahoja. Yleisin syy kytkökseen oli, että ko. henkilö kertoo profiilissaan ja kytkentäviestissään olevansa ylimmän johdon hakuagentti, headhunter.

Samoja profiileja löytyi lukuisilta ihmisiltä, oli "Alex" ja "Tim" ja muutama itäisempi nimi, tyypillisesti englanninkielinen etunimi ja "lokaali" sukunimi. Joitain näistä oli minuakin lähestynyt, mutta ilman yhteistä historiaa hylkään aina pyynnöt.

Hassua kyllä, ko. profiilien headhunting-firmoja ei ole olemassa, tai niiden kautta ei tavoita ko. henkilöitä.

Pientä, todella pientä, mutta ilmeisen määrätietoista työtä tehdään. Jossain.

 

[elso]

Näinhän se on. Mutta muistakaa, että se laite voi välittää tietoa myös bluetoothin välityksellä sekä loistaa em-spektrillä kuin majakka lähiseudulle.

Salausmenetelmien tulee skaalautua sen mukaan kuinka tärkeää salattava materiaali on.

On selvää, että ylimmän turvallisuusluokituksen tavaraa ei pidä mennä liikuttelemaan korkeimman turvaluokituksen saaneen rakennuksen seinien ulkopuolelle. Jo tämä takaa yksistään sen, että radioaalto/akustinen tiedustelu on erittäin haastavaa.

Mitä tulee vähemmän tärkeisiin asioihin, pitää ottaa mukaan myös käytännöllisyys, ja luottaa yleisiin salaustandardeihin kuten AES256 . Side-channel hyökkäysten vuoksi tärkeimmät salaukseen liittyvät operaatiot lienee fiksuinta suorittaa PC:n ulkopuolella siihen suunnitellu raudalla, esimerkiksi sirukortilla.

Ja kun mennään vieläkin vähemmän tärkeisiin asioihin, mielestäni salauksen voi hoitaa suoraan PC:llä, jonka työnantaja on luovuttanut työntekijän käyttöön tai vaihtoehtoisesti jättää salaus kokonaan tekemättä.

 

[ctg]

According to newly published documents, the National Security Agency has built a “Google-like” search interface for its vast database of metadata, and the agency shares it with dozens of other American intelligence agencies. The new documents are part of the Snowden leaks and were first published on Monday by The Intercept.

The new search tool, called ICREACH, is described in an internal NSA presentation as a “large scale expansion of communications metadata shared with [intelligence community] partners.” That same presentation shows that ICREACH has been operational since the pilot launched in May 2007. Not only is data being shared to more agencies, but there are more types of such data being shared—ICREACH searches over 850 billion records.

New data types being shared include IMEI numbers (a unique identifier on each mobile handset), IMSI (another unique identifier for SIM cards), GPS coordinates, e-mail address, and chat handles, among others.

http://arstechnica.com/tech-policy/...terface-to-scan-850-billion-metadata-records/

 

[ctg]

European police agency Europol has launched an counter-cybercrime taskforce.

The Joint Cybercrime Action Taskforce (J-CAT) will coordinate international investigations into malware distribution, hacking and underground cybercrime forums.

J-CAT, which is being piloted for six months, will be based at the European Cybercrime Centre (EC3) at Europol. The unit will be led by Andy Archibald, deputy director of the national cybercrime unit at the UK’s National Crime Agency.

http://www.theregister.co.uk/2014/09/01/cybercrime_taskforce/

 

[ctg]

Rogue cell phone towers can track your phone and intercept your calls, and it’s only a matter of time before they’re as ubiquitous as GPS trackers. But at least now there’s a way to spot them.

A firewall developed by the German firm GSMK for its secure CryptoPhone lets people know when a rogue cell tower is connecting to their phone. It’s the first system available that can do this, though it’s currently only available for enterprise customers using Android phones.

GSMK’s CryptoPhone 500, a high-end phone that costs more than $3,000 and combines a Samsung Galaxy S3 handset with the CryptoPhone operating system, offers strong end-to-end encryption along with a specially hardened Android operating system that offers more security than other Android phones and the patented baseband firewall that can alert customers when a rogue tower has connected to their phone or turned off the mobile network’s standard encryption.

http://www.wired.com/2014/09/cryptophone-firewall-identifies-rogue-cell-towers/

 

[hessukessu]

3G-verkossa sekä puhelin että tukiasema tunnistavat toisensa. Jos puhelin on niin paska ja tyhmä, ettei varoita jos tunnistus menee pieleen, niin...

 

[ctg]

Hyökkääjän hajauttaessa koneitaan pitkin nettiä voi tehdä siitä hemmetin vaikean vastuksen puolustajalle. Joissain tapauksissa ylivoimaisen kuten te voitte lukea tästä Wiredin artikkelista mikä kohdistuu "Dark Netin" uusiin alue valtauksiin.

When the FBI tore down the billion-dollar drugs-and-contraband website Silk Road last October, its death made room for a new generation of black-market bazaars—many with better defenses against the Feds. Nearly a year later, more drugs are sold online than when the Silk Road ruled the dark web, according to a study by the Digital Citizens Alliance last April. Here’s how the world of anonymous ecommerce has mutated and evolved over the last year.

Silk Road 2.0

A month after the FBI arrested 29-year-old Ross Ulbricht, the alleged Silk Road creator known as Dread Pirate Roberts, someone else using the same pseudonym launched Silk Road 2.0. This defiant clone of the original claimed that its source code was backed up to 500 locations in 17 countries, so if authorities shut it down, administrators can rebuild in 15 minutes flat. “If Silk Road was taken down we could have it up and running again within 15 minutes,” wrote the new DPR. “Hydra effect on a massive scale.”

Evolution

In February, Silk Road 2.0 said it had been hacked, losing $2.7 million in users’ bitcoins. Tired of seeing their coins stolen or seized by the cops, savvy users migrated to sites like Evolution, Cloud Nine, and the Marketplace, which allow multisignature transactions—bitcoins are held in escrow at an address agreed on by buyer, seller, and the site. To move them, two out of three parties must sign off on a deal.

OpenBazaar

A Virginia coder named Brian Hoffman created this open source project to be a fully peer-to-peer uncensorable marketplace: Product listings are hosted on the computers of anonymous users, and freelance arbiters settle disputes for a fee. Hoffman says he’s not inviting in drug dealers, but that he can’t stop them from crashing the party. And with potentially thousands of different computers hosting the network and no central target for the Feds, it could be nearly impossible to shut them down.

http://www.wired.com/2014/09/internet-black-market/

 

[ctg]

Aika pitkälle kinukit on tullut sitten kun jenkkien tiedustelukone tuli alas heidän tontille. Varmaan sieltä on otettu oppia kun heidän elso koneensa näyttää samalta kuin länsimaissa. Paljonko tuolla on Taiwanin taikka E-Korean piirejä on sitten toinen asia.

 

[ctg]

Prime Minister John Key acknowledged today that NSA whistleblower Edward Snowden’s claim that New Zealanders’ data is accessible through the controversial XKeyscore system “may well be right”.


However, he maintained that information will not have been gathered under any Government Communications Security Bureau (GCSB) mass surveillance programme as the agency doesn’t have that capability.

During Monday night’s Kim Dotcom sponsored “Moment of Truth” Mr Snowden claimed that as an NSA (National Security Agency) analyst stationed in Hawaii some years ago, he regularly came across New Zealanders’ data held in the agency’s XKeyscore system.

Mr Snowden claimed at least some of that information was gathered via mass surveillance programmes the GCSB was involved with.

Speaking on Radio New Zealand this morning, Mr Key said there were a number of devices and programmes used by the GCSB but he would not go into details.

“However, what I can say in terms of those kinds of Five Eyes databases… yes New Zealand will contribute some information but not mass, wholesale surveillance as people might say.”

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11326387

 

[ctg]

This week, Australian Prime Minister Tony Abbott used recent terrorist threats as the backdrop of a dire warning to Australians that “for some time to come, the delicate balance between freedom and security may have to shift. There may be more restrictions on some, so that there can be more protection for others.”


This pronouncement came as two of a series of three bills effecting that erosion of freedoms made their way through Australia’s Federal Parliament. These were the second reading of a National Security Amendment Bill which grants new surveillance powers to Australia’s spy agency, ASIO, and the first reading of a Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill that outlaws speech seen as “advocating terrorism”. A third bill on mandatory data retention is expected to be be introduced by the end of the year.

Whilst all three bills in this suite raise separate concerns, the most immediate concern—because the bill in question could be passed this week—is the National Security Amendment Bill. Introduced into Parliament on 16 July, it endured robust criticism during public hearings last month that led into an advisory report released last week. Nevertheless the bill was introduced into the Senate this Tuesday with the provisions of most concern still intact.

In simple terms, the bill allows law enforcement agencies to obtain a warrant to access data from a computer—so far, so good. But it redefines “a computer” to mean not only “one or more computers” but also “one or more computer networks”. Since the Internet itself is nothing but a large network of computer networks, it seems difficult to avoid the conclusion that the bill may stealthily allow the spy agency to surveil the entire Internet with a single warrant.

https://www.eff.org/deeplinks/2014/09/australian-government-scrambles-authorize-mass-surveillance

 

[Tetra]

Kännykän IMEI-koodi ei ole varma tunniste. Iltalehdessä juttu Aarniosta ja IMEI-anonymisaattorista: http://www.iltalehti.fi/uutiset/2014100618721198_uu.shtml

 

[ctg]

Given enough computer power, desire, brains and some luck, the security of most systems can be broken. But there are cryptographic and algorithmic security techniques, ideas and concepts out there that add a level of algorithmic mystification that could be built into programs that would make them close to unbreakable.

That’s what the Defense Advanced Research Projects Agency (DARPA) wants for a new program called Safeware.

http://www.networkworld.com/article...art-of-super-secure-software-obfuscation.html

 

[ctg]

Locked Shields is among the world’s preeminent cyber attack simulations. For two days, international teams of hackers and system admins play both sides of a war game, simultaneously attacking and defending critical infrastructure. The details are realistic, and the exercises reflect real-world geopolitics. It is a training ground for front-line operators in a rapidly evolving form of warfare in which network administrators at banks, electrical plants and government offices are as crucial to a country’s defense as uniformed troops.

Luca Locatelli was the first cameraman allowed behind the scenes at Locked Shields. He’s been photographing military role-playing exercises for years. “From a visual point of view I was afraid that I wasn’t going to find anything,” says Locatelli. “There’s a lot of interesting stuff to say about cyber warfare but there’s nothing to shoot. Cyber warfare is, basically, invisible.”

Locked Shields is organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. Although it is funded by NATO member, it is not directly affiliated with the organization. It plays a leading role in education and information sharing to bolster member nations’ digital defense capabilities. Last year, the Centre published the Tallinn Manual, which addresses the voluminous legal issues surrounding this new form of warfare.

In just three years, Locked Shields has established itself as a premier multinational cyber wargaming events. This year’s exercise drew 300 people from 17 countries; among them were members of the Finnish security firm Codenomicon, which uncovered the Heartbleed vulnerability earlier this year.

For years, Western powers like the US and United Kingdom have staged highly secretive exercises like Eligible Receiver 97. Locked Shields uses a more collaborative approach; the goal is to foster cooperation among European nations. Although the teams compete against each other, the gameplay encourages collaboration to shut down the attack more quickly. The exercise is not a war game in the traditional sense, because the people involved are largely civilians and the attacks targeted commercial, not military, systems. That reflects the growing reality that in cyber warfare, targets will include civilian computers operating critical infrastructure like banks and power plants.

The event, held one weekend in May, was staged from the Hotel Euroopa on the outskirts of Tallinn’s medieval town center. The ancient perimeter wall and stone towers that once helped defend the town stood in stark contrast to the rows of glowing laptops that are the first line of defense in modern warfare. “It was a visual paradox,” says Locatelli. “Seventies carpet and Soviet architecture brimming with modern technology.”

The target was a drone manufacturer in the fictional nation of Berylia, an island in the North Atlantic. As the company prepared for a demonstration at the World Drone Expo in Dubai, “hacktivists” attacked its website and network. Meanwhile, a nation-state team used the attack as a cover to launch its own assault on Berylia’s defense networks. The Red Team, outfitted in red T-shirts, launched the attacks from within the hotel while 12 Blue Teams defended Berylia from their home countries.

Teams earned points based on how long it took them to identify an attack, how effectively they defended against it and their ability to keep networks running during the assault. They also were scored based upon how they dealt with the media–which had inside information about the attack—and their adherence to the law while crafting their response to the attacks. To that end, each team had legal experts at their disposal.

Locatelli drew mixed reactions from his subjects. Some on the Red Team avoided him and didn’t want to be photographed or identified. Others had no problem with his camera. But they all agreed that their monitors were off-limits. They didn’t want to give away their tricks and strategies.

“I had to focus on the small things, the moments,” says Locatelli. When John McHugh, secretary of the US Army showed up for a visit during the exercise, Locatelli says for an instant “it felt like a real war.”

The threat of such a war mounts as more nations develop cyber warfare units and digital weapons. The US leads the way with the US Cyber Command, whose budget this year was $447 million. Cyber Command reportedly helped develop and deploy the world’s first known digital weapon—the Stuxnet worm that targeted Iranian centrifuges used to enrich uranium. Stuxnet was a destructive digital attack, and the first of its kind in that it was designed to cause physical damage to infrastructure. Other attacks have focused on deleting data, like the Wiper malware that struck the Iranian Oil Ministry in 2012.

The Cooperative Cyber Defence Centre of Excellence was born of similar aggression—a denial-of-service attack that hit computers in Estonia in 2007 after a diplomatic dispute with Russia. Neither Estonia nor NATO was prepared to defend against such an assault, which was widely believed to have been launched by Russia. The Centre was established to help NATO members prepare such defenses.

http://www.wired.com/2014/10/luca-locatelli-locked-shields/

 

[ctg]

The Pentagon has begun putting an anti-hacking system known as Electronic Armor onto high-tech drones to prevent adversaries from digitally penetrating and potentially crashing the unmanned aircraft from anywhere around the world, military officials said.

Representatives with defense contractor Raytheon Co. displayed the technology to the public for the first time at the Association of the United States Army’s annual meeting and exposition this week in Washington. They used two remote-controlled helicopters to demonstrate how an adversary could hack and crash a drone not protected by the technology and how a protected drone could resist the commands.

Concern about such threats rocked U.S. military and intelligence cybersecurity circles in 2011 when Iranian authorities claimed that they had brought down a U.S. RQ-170 drone.

The Obama administration initially balked at the Iranian claim but later acknowledged that the drone belonged to the U.S. government and asked Iran to return it.

Brian Stites, Raytheon’s portfolio manager of active cyber and special missions, described Electronic Armor as a revolutionary approach to protecting American weapons in “an incredibly contested” cyberdomain.

The technology is capable of detecting system penetrations regardless of the source, said Mr. Stites, a former Defense Department cryptologist who focused on supporting homeland defense through cyber operations and deployment.

“Cyberattacks can come from existing unknown vulnerabilities, counterfeit parts that have a built-in back door or intentionally placed malware,” he said. “These attacks could even be developed weeks or months ahead of time and executed by the adversary at the time of their choosing.”

Electronic Armor is not entirely new as a U.S. military defense mechanism. Mr. Stites said the Pentagon began installing the technology on some fighter jets and radar systems as early as 2009.

Army Col. Steve Warren, a Pentagon spokesman, confirmed that Electronic Armor is used to protect some U.S. drones.

Such cyberdefense systems, he said, are appealing to military officials because the technology protects expensive equipment from electronic attacks.

“It’s important to have a variety of defensive capabilities on our unmanned vehicles because those platforms face a variety of threats around the world,” Col. Warren said.

He declined to specify which of the military’s drones will be fitted with Electronic Armor.

“As a long-standing matter of policy, we won’t speak to the specifics of the protection measures on our unmanned aerial vehicles,” he said.

Mr. Stites said cyberdefense is critical for the Pentagon because an electron can traverse the globe in about 137 milliseconds, which means a cyberattack can occur in the blink of an eye.

“Cyberattacks or system intrusions may be executed from the building next door or from a coffee shop with free Wi-Fi anywhere in the world,” he said.

http://www.washingtontimes.com/news/2014/oct/15/pentagon-employing-electronic-armor-prevent-enemie/