An IBD editorial mentions the kind of news items that won’t be making the New York Times’ front page: Chinese steal thousands of secret documents from defense contractor’s computers, and a member of the US Joint Chiefs of Staff announces that the US intends to develop methods of retaliation for such attacks.
In outlining America’s cyberwarfare strategy last Thursday at the National Defense University, Deputy Secretary of Defense William Lynn disclosed that 24,000 sensitive files containing Pentagon data at a defense company were accessed in a cyberattack in March, likely by a foreign government.
He didn’t disclose the identity of that government, but in a bit of an understatement he acknowledged, “We have a pretty good idea.” So do we: the People’s Republic of China. In addition to conventional and nuclear weaponry, China has invested a great deal of time and treasure in what is known as “asymmetrical warfare” â€” the ability to exploit an enemy’s weakness rather than just try to match it tank for tank. …
Marine Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said the Pentagon must shift its thinking on cybersecurity from focusing 90% of its energy on building a better firewall. “If your approach to the business is purely defensive in nature, that’s the Maginot line approach,” he said.
He was referring to the French fixed defensive fortifications that were circumvented by the Nazis at the outset of World War II. “There is no penalty for attacking (the U.S.) right now,” he added. We need the ability to retaliate and the will to do so. Call it mutual assured hacking after the deterrence doctrine of mutual assured destruction (MAD) during the Cold War.
The Tech Herald exposÃ© then proceeds to describe how the Justice Department recommended the law firm of Hunton & Williams to undertake an internal investigation at BOA, and Hunton & Williams brought three security consultancies and US defense contractors, Palantir Technologies, Berico Technologies and HBGary, on board to do a report on WikiLeaks in order to pitch BOA on hiring all of these organizations to undertake a concerted effort to stop WikiLeaks and protect Bank of America.
The document prepared by the three security firms, titled Wikileaks Threat, contains some interesting information on the organization of WikiLeaks and identifies a number of major players.
WikiLeaks was launched in 2006 by self-described Chinese dissidents and interested parties from five continents.
Within a year of its launch, WikiLeaks claimed to possess over 1.2 million documents from thirteen countries.
As of January 2010, the WikiLeaks team consisted of five full-time employees and about 800 volunteers.
The employees and volunteers are spread across the world, with their identities largely unknown. …
Part of the strategy involves incorporating and registering WikiLeaks in different countries under different auspices that provide maximum protection under the laws of these countries: a library in Australia, a foundation in France, and a newspaper in Sweden, and two no-Âname tax exempt 501c3 non-Âprofits in the United States are some examples. Many of the releases of documents for a while were based in Iceland where laws are extremely protective of speech.
The Threat report (now hosted on WikiLeaks) identifies in particular:
Founder: Julian Assange
Registered Owner: John Shipton of Nairobi
“Uncertain” organizational status:
IT Specialist: Jacob Applebaum
“Volunteers” (Allied Left-wing Bloggers):
Journalist: James Ball
Proposed counter-measures included:
Feed the fuel between the feuding groups. Disinformation. Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error.
Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done.
Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
Media campaign to push the radical and reckless nature of wikileaks activities. Sustained pressure. Does nothing for the fanatics, but creates concern and doubt amongst moderates.
Search for leaks. Use social media to profile and identify risky behavior of employees.
They were planning to bring in Booz Allen to conduct the internal review at Bank of America, and were conducting initial social media investigations, when Aaron Barr, head of security services firm HBGary Federal, boasted to the Financial Times that he had used social media sites to gain enough information to threaten hackers with arrest.
An international investigation into cyberactivists who attacked businesses hostile to WikiLeaks is likely to yield arrests of senior members of the group after they left clues to their real identities on Facebook and in other electronic communications, it is claimed.
Supporters of the internet group – known as Anonymous, which gained wide attention after it co-ordinated attacks that crashed the websites of some businesses that had broken ties with WikiLeaks – have continued to ambush high-profile targets, recently forcing government sites in Egypt and Tunisia to close. …
[A] senior US member of Anonymous, using the online nickname Owen and evidently living in New York, appears to be one of those targeted in recent legal investigations, according to online communications uncovered by a private security researcher.
A co-founder of Anonymous, who uses the nickname Q after the character in James Bond, has been seeking replacements for Owen and others who have had to curtail activities, said researcher Aaron Barr, head of security services firm HBGary Federal.
Mr Barr said Q and other key figures lived in California and that the hierarchy was fairly clear, with other senior members in the UK, Germany, Netherlands, Italy and Australia.
Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who “are the most senior and co-ordinate and manage most of the decisions”, Mr Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data.
Retaliation was quick.
The response was brutal, resulting in full control over hbgary.com and hbgaryfederal.com. They were also able to compromise HBGaryâ€™s network, including full access to all their financials, software products, PBX systems, Malware data, and email, which they released to the public in a 4.71 GB Torrent file.
In a statement emailed to The Tech Herald, Anonymous called Barrâ€™s actions media-whoring, and noted that his claims had amused them.
â€œLet us teach you a lesson you’ll never forget: you don’t mess with Anonymous. You especially don’t mess with Anonymous simply because you want to jump on a trend for public attention,â€ the statement directed to HBGary and Barr said.
â€œYou have blindly charged into the Anonymous hive, a hive from which you’ve tried to steal honey. Did you think the bees would not defend it? Well here we are. You’ve angered the hive, and now you are being stung. It would appear that security experts are not expertly secured.â€
Anonymous also released more than 50,000 HBGary internal emails to the public.
HBGary admits that the attacks were successful:
HBGary, Inc and HBGary Federal, a separate but related company, have been the victims of an intentional criminal cyberattack. We are taking this crime seriously and are working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately. To the extent that any client information may have been affected by this event, we will provide the affected clients with complete and accurate information as soon as it becomes available.
Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data.
Hat tip to Slashdot.
If you are the US Army, you pick a gay, self-medicating, emotionally-unstable computer hacker, who harbors extreme liberal opinions, and who has “the personality of a bull in a china shop.”
Despite being apparently completely recognizable to acquaintances and associates as gay, and despite displaying a fairy wand on his desk, the Don’t Ask, Don’t Tell policy did not cause Pfc. Bradley Manning to be separated from the service. Manning had a drag queen boyfriend, hung out in politically-motivated circles of computer hackers, and had been reprimanded for assaulting an officer, but none of that kept him from having a Top Secret clearance providing access to what the New York Times describes as “some of the most secret information on the planet.”
Blackmail, Cryptome, Department of Defense, Encryption, Hackers, Hacking, Hillary Clinton, Julian Assange, Leaks, State Department, Sweden, The Internet, The Pirate Bay, Wikileaks
The Pentagon is demanding that Wikileaks cease publishing and return immediately stolen US documents in its possession, hinting darkly at legal prosecution if the Internet news site does not comply. (Christian Science Monitor)
Of course, it is always possible that Julian Assange and his merry band of pranksters may be less than intimidated by an adversary so clueless that its first response to the theft and publication of Top Secret military documents is to issue a directive prohibiting its own personnel from gazing at the offending web site.
This is the “Close the barn door from the inside when the horse got out” approach to security breaches. [Wired]
Besides, Wikileaks has uploaded a password-protected file labeled “Insurance,” and believed to contain a massive collection of highly toxic State Department material, consisting of, according to a chat interview published by Wired:
260,000 classified U.S. diplomatic cables that Manning described as exposing â€œalmost criminal political back dealings.â€
â€œHillary Clinton, and several thousand diplomats around the world are going to have a heart attack when they wake up one morning, and find an entire repository of classified foreign policy is available, in searchable format, to the public,â€ Manning wrote.
Wikileaks has arranged, in the event that the US Government succeeds in shutting down its web site, to have the password released via Cryptome.
6 August 2010. If there is a takedown of Wikileaks, the insurance.aes256 file will be available through Cryptome along with the entire files of the Wikileaks website which have been archived.
Even without Julian Assange’s blackmail threat, Some News Agency sees problems trying to stop Wikileaks legally.
[F]rom a legal standpoint, there is probably little the U.S. government can do to stop WikiLeaks from posting the files.
It is against federal law to knowingly and willfully disclose or transmit classified information. But Assange, an Australian who has no permanent address and travels frequently, is not a U.S. citizen.
Since Assange is a foreign citizen living in a foreign country, it’s not clear that U.S. law would apply, said Marc Zwillinger, a Washington lawyer and former federal cyber crimes prosecutor. He said prosecutors would have to figure out what crime to charge Assange with, and then face the daunting task of trying to indict him or persuade other authorities to extradite him.
It would be equally difficult, Zwillinger said, to effectively use an injunction to prevent access to the data.
“Could the U.S. get an injunction to force U.S. Internet providers to block traffic to and from WikiLeaks such that people couldn’t access the website?” Zwillinger said. “It’s an irrelevant question. There would be thousands of paths to get to it. So it wouldn’t really stop people from getting to the site. They would be pushing the legal envelope without any real benefit.”
And the technical approach is problematic, too.
WikiLeaks used state-of-the-art software requiring a sophisticated electronic sequence of numbers, called a 256-bit key [to protect its “Insurance” files].
The main way to break such an encrypted file is by what’s called a “brute force attack,” which means trying every possible key, or password, said Herbert Lin, a senior computer science and cryptology expert at the National Research Council of the National Academy of Sciences.
Unlike a regular six- or eight-character password that most people use every day, a 256-bit key would equal a 40 to 50 character password, he said.
If it takes 0.1 nanosecond to test one possible key and you had 100 billion computers to test the possible number variations, “it would take this massive array of computers 10 to the 56th power seconds â€” the number 1, followed by 56 zeros” to plow through all the possibilities, said Lin.
How long is that?
“The age of the universe is 10 to the 17th power seconds,” explained Lin. “We will wait a long time for the U.S. government or anyone else to decrypt that file by brute force.”
Could the NSA, which is known for its supercomputing and massive electronic eavesdropping abilities abroad, crack such an impregnable code?
It depends on how much time and effort they want to put into it, said James Bamford, who has written two books on the NSA.
The NSA has the largest collection of supercomputers in the world. And officials have known for some time that WikiLeaks has classified files in its possession.
The agency, he speculated, has probably been looking for a vulnerability or gap in the code, or a backdoor into the commercial encryption program protecting the file.
At the more extreme end, the NSA, the Pentagon and other U.S. government agencies â€” including the newly created Cyber Command â€” have probably reviewed options for using a cyber attack against the website, which could disrupt networks, files, electricity, and so on.
“This is the kind of thing that they are geared for,” said Bamford, “since this is the type of thing a terrorist organization might have â€” a website that has damaging information on it. They would want to break into it, see what’s there and then try to destroy it.”
The vast nature of the Internet, however, makes it essentially impossible to stop something, or take it down, once it has gone out over multiple servers.
In the end, U.S. officials will have to weigh whether a more aggressive response is worth the public outrage it would likely bring. Most experts predict that, despite the uproar, the government will probably do little other than bluster, and the documents will come out anyway.
Mikael Viborg, owner of PRQ hosting company at its server location
Were the Department of Defense, the NSA, or the FBI actually inclined to do anything about Wikileaks, NYM would be glad to help.
Be aware, however, that PRQ is associated with the notorious Swedish Bit Torrent file sharing hub The Pirate Bay.
Armand de Borchgrave, in the Washington Times, shares some impressive figures from a recent Cyber Security conference.
Cyberwarfare is waged on a massive scale the world over. Ostensibly friendly nations zap each other’s electronic nerve cells frequently, and with reckless abandon. On a single day in 2008, the Pentagon was hit by would-be intruders 6 million times in 24-hour period. Before Sept. 11, 2001, the highest annual figure for cyber attacks against the Pentagon was 250,000.
Speaking not for attribution at a think tank meeting, a Pentagon “cyber warrior,” said it felt “like a perpetual hailstorm pelting an imaginary glass envelope around the Defense Department, but there is still no way of telling whether these were attempted intrusions by teenagers testing their hacking skills or the electronic warfare departments of China and Russia, that we know are constantly flexing their electronic muscles.”…
he Pentagon cybernaut did not disclose how many, if any, of the 6 million attempted intrusions were successful. Another Pentagon insider, speaking privately, said “an important internal e-mail system was taken down for two days.”
Speaking at the same think tank meeting, the chief security officer of a major New York-based financial house said they had been attacked 1 million times in a 24-hour period.
Was identified as having its origin in Russia. Multiple attempts to gain access took place for over four hours. Entrance finally occurred via a vulnerability in an older WordPress release. Every php file was altered and scripts inserted to copy and transmit entered data. My stolen password was then presumably used to hijack my email account at another site, which tends to suggest strongly that one should avoid being lazy like me and using the same password on more than one account.
2008 Election, Barack Obama, Hackers, Hacking, MacRanger, MacsMind, Political Commercials, Technology, The Blogosphere
Obama campaign supporters’ thuggish efforts to suppress criticism of Obama have progressed to the level of hacking attacks (using “sql bombs”) on prominent conservative blogs like Macsmind, published by Jack Moss, who signs his posts “MacRanger.” Moss is a journalist and lecturer, retired from a professional military career focused on Intelligence and Logistics, who writes commonly on Intelligence and Defense issues as well as politics.
Gateway Pundit has the story.
This is MacRanger of Macsmind. As you know I was hacked by operatives of the Obama Campaign last month. Well, it happened again. Basically they flooded the site with â€œsql bombsâ€ according to the host that caused the shared server to stop running. Subsequently he had to disable the site. This had to do with running the â€œObama wants to Disarm Americaâ€ post which more than 2 million people viewed on the site. Just like the goons in Missouri, the Obama truthers canâ€™t let the truth be known. Iâ€™ve now moved the blog back to blogspot at macsmind.blogspot.com at least temporally. Because of the hacking job I had to move to another host but unfortunately they havenâ€™t got the server up yet to redirect the traffic to blogspot. I would appreciate a mention to your readers. Iâ€™m getting a couple of hundred emails about â€œwhat happenedâ€, but as you can imagine it hard to get the word out by reply.
MacRanger’s temporary site is here.
MacRanger believed the hacking attacks were in response to this political ad criticizing Obama’s avowed policy of unilateral disarmament.
Gawker still has a copy of the bizarre Tom Cruise 9:25 video, removed from YouTube as the result of the Church of Scientology claims of copyright infringement.
The Church of Scientology’s heavy-handed suppression of Internet access to this video has resulted in a declaration of war by a group of anonymous internet-users, based in the imageboard -chans.orgs, the darkest, deepest refuges of obsessive geekdom and compulsive nerdery, home to an energetic and enthusiastic population of young men with no girlfriends, good programming skills, and plenty of free time. Unquestionably, an enemy deserving to be feared.
Declaration of war 2:03 video
Wired: There Can Be Only One
Wikipedia Project Chanology entry, many news links