Since 2007, the FBI has very quietly put together a cadre of professionals with U.S. intelligence and other agencies to help battle crime on the Internet to help identify and respond to cyber threats against the United States. The name of the group is the National Cyber Investigative Joint Task Force (NCIJTF), and the FBI has a number of persons training together at an unnamed location near Washington. The leader of the new group is Shawn Henry, the FBI's deputy assistant director of the cyber division. Henry has stated the group is made up of intelligence, law-enforcement and other agencies from the U.S. government.
The FBI claims in a press release about the group that they plan on, "Expanding the National Cyber Investigative Joint Task Force (NCIJTF), to include representation from the U.S. Secret Service and several other federal agencies. This existing cyber investigation coordination organization overseen by the Federal Bureau of Investigation will serve as a multi-agency national focal point for coordinating, integrating, and sharing pertinent information related to cyber threat investigations."
What makes Storm the perfect Internet weapon is how it has been designed to survive. The Storm zombie does no damage to the PCs it infects, and simply sits there, waiting for an order. Those orders come via a peer-to-peer system (similar to things like Kazaa or Bittorrent). A small percentage of the zombies spend short periods of time trying to spread themselves, then turn off. This makes it more difficult to locate infected PCs. Commands from the Storm operators are sent through several layers of zombie PCs, again making it very difficult to identify where those commands come from. Moreover, Storm operates as a horde of clusters, each of two or three dozen zombie PCs. No existing methods can shut down Storm, although computer security organizations have been able to limit the spread. In fact, all that will work to kill Storm is to find the people running it, arrest them, and seize their access data. The programmers who put Storm together know their stuff, and police in dozens of country have cooperated to get their hands on them. The Storm owners were traced to Russia, but the government blocked efforts to shut down the hacker operation.
Criminal gangs are increasingly active in producing things like Storm, and, in the case of China, so are government Cyber War operations. Russia is also believed to rely on criminal hackers for help in carrying out Cyber War tasks, usually espionage. Meanwhile, it's clear what Storm is up to. It has been launching attacks at web sites involved in stopping or investigating Storm. This involves transmitting huge quantities of bogus messages ,that shut down targeted web sites (this is a DDOS, or distributed denial or service attack). The Storm botherders are also advertising their botnet as available for the usual illegal activities (various types of spam).
Early on, it was believed that Storm was owned by a Russian criminal syndicate, but once more detailed proof was available, the Russian government refused to cooperate, treating Storm like some kind of secret military resources. And to the Russians, that's apparently what Storm is. Meanwhile, the investigation indicates that the Storm crew have some American members, and now the search is on for them, or any other non-Russians who worked on Storm, and are not inside Russia.
Criminal gangs are increasingly active in producing things like Storm, and, in the case of China, so are government Cyber War operations. Russia is also believed to rely on criminal hackers for help in carrying out Cyber War tasks, usually espionage. Meanwhile, it's clear what Storm is up to. It has been launching attacks at web sites involved in stopping or investigating Storm. This involves transmitting huge quantities of bogus messages ,that shut down targeted web sites (this is a DDOS, or distributed denial or service attack). The Storm botherders are also advertising their botnet as available for the usual illegal activities (various types of spam).
Early on, it was believed that Storm was owned by a Russian criminal syndicate, but once more detailed proof was available, the Russian government refused to cooperate, treating Storm like some kind of secret military resources. And to the Russians, that's apparently what Storm is. Meanwhile, the investigation indicates that the Storm crew have some American members, and now the search is on for them, or any other non-Russians who worked on Storm, and are not inside Russia.
CNN.com was knocked offline for three hours shortly after Chinese hackers claimed to have called off a planned denial of service attack against the US publisher.
Late last week, a group of Chinese hackers called off a planned denial of service attack on CNN.com. It was reported that the attack would occur last weekend, in protest of "anti-Chinese" media reports across the Western world.
Late last week, a group of Chinese hackers called off a planned denial of service attack on CNN.com. It was reported that the attack would occur last weekend, in protest of "anti-Chinese" media reports across the Western world.
Despite the attack being officially called off, Netcraft reported that CNN.com was taken off-line for a period of three hours on Sunday -- even though CNN throttled the number of users that could access the site from risky regions.
"…CNN's website suffered downtime within a three hour period on Sunday morning, followed by other anomalous activity on Monday morning, where response times were greatly inflated," Netcraft reported on its Web site.
There were signs that the attack had already started on Saturday. Arbor Networks' security researchers claim to have monitored several attacks launched against CNN.com, which caused disruption rather than damage.
The news that the Pentagon ran a systematic information campaign to get favourable analysis on Iraq from military officers should hardly be news to many people. The New York Times has used the Freedom of Information Act in America to get some 8,000 pages of transcripts of emails and other communications in the Pentagon to reveal how Donald Rumsfeld waged the war of spin over Iraq, and lost it.
The high point came in 2005, when it was clear that things were really falling apart in Iraq. Chosen analysts, former generals and colonels to the fore, were given privileged access to information, which they then spun on through the media. Some were hired talking heads for mainstream channels like CNN and Fox News. In all, says the New York Times, some 75 officers were hired by Rumsfeld to do the job.
The most striking thing about this story about a story - and full marks to the NYT for uncovering it at last - is how badly the whole thing was done. It has not helped the administration's credibility over Iraq, nor America's standing in the world. As a campaign it has been less than victorious.
When former army general Montgomery Meigs claimed to NBC, that there "had been over $100 million of construction" at Guantánamo, he, and more to the point his editors, must have known that the increasing band of sceptics in the audience were unlikely to be persuaded. The general had been a part of carefully selected group of "analysts" allowed by the Pentagon into the Guantánamo complex.
Keith Allard, a former consultant to NBC and an instructor in information warfare at the National Defence University said that what the analysts were given in their "private" briefings bore little relation to the facts later uncovered by inquiries and reporters' books.
One method of protecting your military networks from hackers is to use an operating system other than the ubiquitous Microsoft Windows (which controls over 85 percent of the market). Linux has been a popular choice for the military. The U.S. Navy uses Linux to run critical systems on its warships. The U.S. Army is using Linux for its networked FCS (Future Combat System) vehicles (which are still in development). The army is also converting many of its Microsoft Windows applications to run under Linux.
It's not just the better security Linux provides, but the fact that there are many versions of Linux to choose from, and the operating system is easier to modify (being an "open source" system, unlike the proprietary Windows.) Currently, the U.S. Department of Defense has over 200 Linux based software projects in development.
China has also gone down this route, and is trying to get all Chinese computer users to switch to Linux. This has proved difficult, because so many Chinese use stolen Windows software to run their businesses. Often, there is no Linux alternative for key Windows applications. The military, however, uses custom made software for its most critical applications, and it's easier to create this stuff using Linux.
It's not just the better security Linux provides, but the fact that there are many versions of Linux to choose from, and the operating system is easier to modify (being an "open source" system, unlike the proprietary Windows.) Currently, the U.S. Department of Defense has over 200 Linux based software projects in development.
China has also gone down this route, and is trying to get all Chinese computer users to switch to Linux. This has proved difficult, because so many Chinese use stolen Windows software to run their businesses. Often, there is no Linux alternative for key Windows applications. The military, however, uses custom made software for its most critical applications, and it's easier to create this stuff using Linux.
CIA, Scientists, Engineers & Technology
In today's world of ever-changing challenges, it is more important than ever for the CIA to stay ahead of fast-paced global technology developments. The classified work we are presently undertaking allows us to meet the Agency's foreign intelligence mission through leadership in a wide range of scientific and technical disciplines. This is truly a unique opportunity for scientific and engineering experts to look beyond a commercial, product-driven mindset to goal-oriented, highly focused work of significant national importance.
In today's world of ever-changing challenges, it is more important than ever for the CIA to stay ahead of fast-paced global technology developments. The classified work we are presently undertaking allows us to meet the Agency's foreign intelligence mission through leadership in a wide range of scientific and technical disciplines. This is truly a unique opportunity for scientific and engineering experts to look beyond a commercial, product-driven mindset to goal-oriented, highly focused work of significant national importance.
The Directorate of Intelligence (DI) seeks engineers and scientists to analyze challenging national security issues, such as foreign weapons development, weapons proliferation, information warfare and emerging technologies. These engineers and scientists will serve as professional intelligence officers, applying their scientific and technical knowledge to solving complex intelligence problems, and presenting their assessments to senior policymakers. This work demands initiative, creativity, analytical skills and technical expertise. Agency analysts are encouraged to maintain and broaden professional ties through academic study, contacts, and attendance at professional meetings. They may also choose to pursue additional studies in fields relevant to their areas of responsibility. Opportunities exist for foreign travel, language training, analytic and management training, and assignments in other offices in the Agency and throughout the US Government.
*Higher starting salary possible depending on experience level.
The ongoing army commanders' conference, chaired by General Deepak Kapoor, has decided to boost the "cyber-security" of its information networks right down to the level of divisions, which are basically field formations with over 15,000 troops.
Apart from creating cyber-security organisations down to the division-level to guard against cyber warfare and data thefts, the Army top brass has also underlined the urgent need for "periodic cyber-security audits" by the Army Cyber Security Establishment (ACSE).
"The most advanced armies in the world like the US one also face 3,000 to 4,000 attempts a year to hack their networks. As our Army boosts its infotech levels, we also become more vulnerable to such threats. Future conflicts will be fought by 'networks'," said a senior officer.
Both China and Pakistan, for instance, are bolstering their cyber-warfare or information warfare capabilities at a rapid clip. China, in particular, has made cyber-warfare one of its topmost military priorities, with Chinese hackers breaking into sensitive computer networks of the US, UK, Germany and even India on a regular basis.
"By crippling or destroying an adversary's economic, communication and strategic networks and infrastructure, cyber-warfare can even prove more deadly than ballistic missile strikes. It can, for instance, be in the form of denial-of-service cyber-attacks and paralysing computer viruses," said another officer.
The Indian armed forces, of course, are also trying to hone their information warfare weapons as well as enhance their C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance) capabilities.
The tri-service integrated defence staff, on its part, has also come out with an information warfare doctrine. But the progress is slow compared to the infotech boom in the civilian arena.
Apart from creating cyber-security organisations down to the division-level to guard against cyber warfare and data thefts, the Army top brass has also underlined the urgent need for "periodic cyber-security audits" by the Army Cyber Security Establishment (ACSE).
"The most advanced armies in the world like the US one also face 3,000 to 4,000 attempts a year to hack their networks. As our Army boosts its infotech levels, we also become more vulnerable to such threats. Future conflicts will be fought by 'networks'," said a senior officer.
Both China and Pakistan, for instance, are bolstering their cyber-warfare or information warfare capabilities at a rapid clip. China, in particular, has made cyber-warfare one of its topmost military priorities, with Chinese hackers breaking into sensitive computer networks of the US, UK, Germany and even India on a regular basis.
"By crippling or destroying an adversary's economic, communication and strategic networks and infrastructure, cyber-warfare can even prove more deadly than ballistic missile strikes. It can, for instance, be in the form of denial-of-service cyber-attacks and paralysing computer viruses," said another officer.
The Indian armed forces, of course, are also trying to hone their information warfare weapons as well as enhance their C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance) capabilities.
The tri-service integrated defence staff, on its part, has also come out with an information warfare doctrine. But the progress is slow compared to the infotech boom in the civilian arena.
To the uninitiated, information warfare is precisely that . . . waging warfare through propaganda. It's been used throughout American military history, from convincing the Germans that the Allies planned to land at the Pas de Calais instead of Normandy, right up to the first Gulf War, when airplanes dropped leaflets on Iraqi military formations warning of imminent landings by U.S. Marines. It is irony at its most basic that an information warfare instructor would have fallen prey to propaganda.
The problem, however, is that these so-called former generals lack one thing . . . they are not journalists. This is a phenomenon, it is worth pointing out, that is rearing its ugly head at a time when the public distrusts journalists.
This is an important distinction, because it strikes at how someone is trained. Journalists, even those who don't go to journalism school, are trained to be skeptical of information. Generals have been trained throughout their career for something else, which is to win wars. Some may be equipped with a personal sense of skepticism, but this is about an individual's strengths and not a profession.
The problem, however, is that these so-called former generals lack one thing . . . they are not journalists. This is a phenomenon, it is worth pointing out, that is rearing its ugly head at a time when the public distrusts journalists.
This is an important distinction, because it strikes at how someone is trained. Journalists, even those who don't go to journalism school, are trained to be skeptical of information. Generals have been trained throughout their career for something else, which is to win wars. Some may be equipped with a personal sense of skepticism, but this is about an individual's strengths and not a profession.
Despite denials, military still studying clandestine use of blogs
Last July, Noah Shachtman -- the author of the current Wired article describing the 2006 study -- noted that the Army was working on a new "information operations" field manual that would recognize "information as an element of power [which] ... has the potential to do to highly developed modern democracies what conventional and nuclear weapons could not: compel them to quit."
This past November, Shachtman pointed out an active military effort to make use of blogs. In a piece titled "U.S. Enlists Arab Bloggers for Info War," Shachtman wrote, "It's no secret that, for a long time, the jihadists were kicking American ass in the information war -- especially online. Slowly, slowly, the U.S. government is starting to push back, just a little. The new arsenal of the propaganda campaign: Arab-language bloggers, podcasts, 'webchats' -- and maybe even Second Life and cell phone games, too."
The pilot project described in that article consisted of just a handful of Arabic, Urdu, and Farsi speakers, deployed to post pro-U.S. comments on prominent mainstream blogs in those languages. No original blogs were either initiated or co-opted by the "Digital Outreach Team."
No comments:
Post a Comment