The week started pretty much as we would expect with more discussion of the 24k files lost by the Department of Defense as disclosed by the Deputy Secretary Defense William Lynn in the previous week. The loss of classified information is not necessarily an act of war though and the rhetoric spinning up is interesting but not necessarily viable. James Lewis from CSIS wrote an interesting piece about what constitutes an attack. Though I have a tendency to pillory him (he won’t speak to me at conferences anymore) his piece does have a semblance of reason. I think he goes a bit far down a particular path but he’ll find his way to reason after a bit.
Throughout the week there are lots of articles showing up discussing how to “prepare” for cyber warfare. Most of these pieces are really about good information security practices and realistically most people can only hope to accomplish that. War is an attack on sovereignty and few incidents of network exploitation are going to be able to rise to that level of attack. More importantly cyber warfare is like naval warfare. It is a strategic suite of tools and techniques encompassing a variety of weapons and systems to accomplish military activities in a particular domain. It isn’t merely packet sniffing or spoofing Internet Protocol addresses. Few civilians or corporations are going be prepared to deal with naval warfare and why would we suddenly expect them to be ready to deal with cyber warfare. This is one of those logical fallacies so many people fall into so quickly. That cyber is so different that we can expect people to have ‘super’ powers or something.
There is another element to the rhetoric of cyber warfare that continues this week. The defense industrial base or colloquially the military industrial complex are out in force to sell their wares to the government and people. Which brings up the question of whether the rhetoric is nothing more than a push to sell more stuff to the military and government. Coupled with the nearly incomprehensible call for a “Internet kill switch” and legislation to authorize the president to push it (the President already has that power so we need legislation to say he has it again because…?). Now we have big dollars on the line and freedoms in the balance. If the efforts of the Transportation Security Administration (TSA) are any indicators freedoms will lose out to the boogeyman threat. Not that we had the freedoms in the first place.
The use of “attack” is taking on new connotations too. On the one hand we have an attack against Lady Gaga’s website and on the other hand the Gaza flotilla had their server farm attacked or more likely faced a denial of service. Neither case rises to cyber war and though in the second case a state proxy or sponsor may have been involved (wild speculation) in the first case it is more in the thread of hacktivism or hooliganism. What isn’t needed is articles like the Seattle Times put out referring to a cyber Pearl Harbor. More distant than 9/11 but lauded in movies and the national narrative the Pearl Harbor analogy is right up there with idiotic. Pearl Harbor happened as part of a long political struggle between peer competitors over substantial resources and rights of passage across numerous domains. Hawaii wasn’t even a state at the time of the attack (statehood was 1959) and though an ally and protectorate it wasn’t like the Japanese attacked Iowa. Pearl harbor for the time represented a projection of naval air power as a nation state took arms against another which was a relatively new concept but one we were well prepared to defend against. The element of surprise also is suspect even if the results aren’t. The cyber Pearl Harbor construct is no more relevant to the discussion than a cyber 9/11 or “remember the Maine”. Whatever happens in the future will be something new and unexpected. It won’t be even close to something that happened before.
There were arrests in the LulzSec and Anonymous cases. Much like I’ve said before the Internet is NOT anonymous and attribution is possible it just takes time. Like any forensics the process of evaluating and examining evidence even if it is computers simply takes a lot of time. I will not be surprised to see more arrests in the coming weeks. I do think that there are still individuals who have obscured their trail sufficiently to avoid arrest and prosecution but I also think they are in such a minority as to be simply not an issue.
Monday July 18th
| 24000 data files stolen from defense contractor in massive cyber attack The Warner Robins Patriot by Gene Rector Deputy Defense Secretary Bill Lynn said Thursday a massive cyber attack by a “foreign intelligence service” could force redesign of a new, developmental weapon system. Lynn said 24000 data files were stolen from an undisclosed defense … See all stories on this topic » |
| The false cries and fog of ‘cyber war‘ GCN.com This fog unfortunately applies not only to war but also to much that is being written today about war, and cyber war in particular. James Lewis, a senior fellow at the Center for Strategic and International Studies, has written a thoughtful commentary … See all stories on this topic » |
| US Military System Design Badly Compromised in March Cyber Attack? IEEE Spectrum Secretary Lynn did state, however, that that cyber attack “… was done, we think, by a foreign intelligence service.” “In other words, a nation state was behind it.” Secretary Lynn declined to state which nation state he thought it was, or what the US … See all stories on this topic » |
| MT Expert’s Ten Top Tips: Defending against cyber attack Management Today By Malcolm Marshall Friday, 15 July 2011 We’ve heard plenty about the impact hackers (of the non-phone variety) can have on a company. So how do you prevent it? With Sony, and even the CIA having fallen foul of hackers lately, we’re all aware of the … See all stories on this topic » |
| Will Obama sign ‘Kill Switch Bill’ after theft of 24000 classified files? The News International A research conducted by The News International reveals that this is not the first time when the Pentagon has been hit by a cyber attack, as a similar offensive had also inflicted quite a lot of damage to its secrecy in 2008. … See all stories on this topic » |
| Warp Pipe: Pentagon’s cyber war strategy Newsday (subscription) Click here Warp Pipe: Pentagon’s cyber war strategy Published: July 15, 2011 2:36 PM THE ASSOCIATED PRESS Facing escalating risks of cyberattacks by hackers, criminals and other nations, the Pentagon is developing more resilient computer networks so … See all stories on this topic » |
| iBrowse: Pentagon’s cyber war strategy Newsday (subscription) Click here iBrowse: Pentagon’s cyber war strategy Originally published: July 15, 2011 2:36 PM Updated: July 15, 2011 5:00 PM THE ASSOCIATED PRESS Facing escalating risks of cyberattacks by hackers, criminals and other nations, the Pentagon is … See all stories on this topic » |
| Northrop Grumman Discusses Cyber Security At BRIDEX Exhibition And Conference … Science 2.0 (press release) Northrop Grumman Corporation is participating as a keynote conference speaker on cyber warfareand is providing a series of cyber awareness seminars during the Brunei International Defence Exhibition (BRIDEX) and Conference, highlighting its … See all stories on this topic » |
| Thoughts On The Era of Cyberwar All Things Digital (blog) But we’re still unfamiliar with the concept of cyberwar. In 1998, John Arquilla, professor at the Naval Postgraduate School, tried to envision it in a piece for Wired Magazine, The Great Cyberwar of 2002, in which a loose coalition of rogue states, … See all stories on this topic » |
||
| U.S. Pentagon Recent Cyber Attack Secaucus New Jersey News There were 24000 sensitive data that were stolen due to the cyber attack made by a foreign government. The United States Department of Defense secretary, William Lynn, had said that the Pentagon’s sensitive data was stolen “from the computers of a … See all stories on this topic » |
||
| Let Slip the Dogs of Cyberwar… Windows IT Pro (blog) This week, we had the Pentagon both admitting that they had a major breach in multiple systems in March and putting forth a strategy for stronger response to future attacks. Deputy Defense Secretary William Lynn said that over 24000 files were stolen … See all stories on this topic » |
||
|
||
|
|
||
| Pentagon Working On Cyber Warfare iNEWP- Freedom of Speech After initial uproar over the news of an unknown robbery of nearly 24000 files back in March 2011 subsided, the United States Department of Defense, namely the Joint Chiefs of Staff, decided to work on a new strategy for both its cyber defense and … See all stories on this topic » |
||
|
||
|
||
| Anticipating the Pearl Harbor of the digital age The Seattle Times Cyber war is the new Cold War, nations and corporations vying against each other. The… (July 17, 2011, by Pheanor) Read more We need to come up with a better response to cyber attacks than we did in the “War… (July 17, 2011, by ddraig) Read more … See all stories on this topic » |
Tuesday July 19th
| Cyberwar Strategy: Will Dual-Hatted NSA Plug Holes in Leaky Pentagon? Network World The DoD cyberspace strategy calls for five strategic initiatives to sustain “good cyber hygiene,” but also maintains a destructive cyberattack could be considered an “act of war.” While it also further empowers the NSA, will even the super spy agency … See all stories on this topic » |
||
| US Cyberwar Plan Has New Focus on Deterrence Huffington Post We needed to Cyber warfare & domestic cyber policing are going to be new arms of both the Military & the FBI or domestic police, it may be unwanted but it’s necessary.Human nature is such that people simply won’t play nice, they are slaves to the Ego. … See all stories on this topic » |
||
|
||
| GCHQ spooks get poached by google and microsoft Birmingham Mail (blog) The parliamentary Intelligence and Security Committee (ISC) said it was “concerned” GCHQ was unable to retain a “suitable cadre of internet specialists” to deal with the growing threat of cyber warfare. In its annual report, the committee – made up of … See all stories on this topic » |
Wednesday July 20th
| US arrests 14 for roles in PayPal cyber attack Reuters UK By Jeremy Pelofsky and Diane Bartz WASHINGTON (Reuters) – US authorities on Tuesday arrested 16 people on charges they participated in major cyber attacks, including an attempt to cripple eBay’s PayPal website as retribution for dropping WikiLeaks as a … See all stories on this topic » |
||
| Senators: US needs to define acts of cyberwar The Hill (blog) That document, however, does not define what the Obama administration considers an act ofcyberwar, nor does it detail how the military would respond to a major electronic attack. It also features no description of the kinds of actions the military is … See all stories on this topic » |
||
| FBI Arrests 16 in Broad Cyber Attack Crackdown National Journal By Michael Catalini In a sweeping crackdown against cyber crime, the FBI on Tuesday arrested 14 people on charges stemming from their alleged involvement in a November attack on PayPal’s website, the Department of Justice announced. … See all stories on this topic » |
||
| US arrests 14 for roles in PayPal cyber attack Reuters Canada FBI agents arrested 14 people in nine states and Washington, DC specifically for the PayPal attack coordinated by the vigilante hacking group Anonymous, the biggest take down so far tied to the high-profile cyber attack. (Reporting by Jeremy Pelofsky, … See all stories on this topic » |
||
| Las Cruces man suspected of cyber attack ABQ Journal (subscription) By Patrick Lohmann / Journal Staff Writer on Tue, Jul 19, 2011 Tweet A Las Cruces man was arrested Tuesday for allegedly posting confidential AT&T documents on a public file-sharing site, part of a string of more than a dozen arrests nationwide that … See all stories on this topic » |
||
| INFORMATION WARFARE: America Has A War Plan Strategy Page July 20, 2011: The United States has developed a new strategy for Cyber War, and hopes that it will enable America to better deal with Internet based espionage from China (and others), as well as potential Cyber War itself. The first goal is to get the … See all stories on this topic » |
||
| Arrests made in PayPal hack attack San Jose Business Journal More than a dozen people nationwide were arrested Tuesday on charges related to a cyber attack on PayPal Inc. ‘s website, as federal agents conducted a broad sweep of alleged computer hackers. Agents from the Federal Bureau of Investigation arrested 14 … See all stories on this topic » |
||
| The Circuit: Hackers hit the Sun; mobile moms; kids’ privacy Washington Post (blog) By Hayley Tsukayama LEADING THE DAY: LulzSec, the hacking group that hit went after the Senate, US intelligence agencies and PBS, came out of retirement Monday to wage a cyber attackon the Sun, The Washington Post reported. … See all stories on this topic » |
||
|
||
|
Thursday July 21st
| ‘Cyber attack‘ schoolboy held by cops The Sun By ANTHONY FRANCE A BOY of 16 suspected of launching global cyber attacks from a computer in his bedroom has been arrested. He was held as cops in three countries launched a crackdown on hacking groups LulzSec and Anonymous – who have hit the websites … See all stories on this topic » |
||
| Senators Demand Answers on U.S. Cyber Warfare Policy Bloomberg By David Lerman – Wed Jul 20 19:34:53 GMT 2011 The Defense Department has failed to deliver to Congress a report on US cyber warfare policy that would clarify the legal authorities and rules of engagement to be used in the event of a cyber attack, … See all stories on this topic » |
||
|
||
|
||
| Book Review: Cyber Warfare Slashdot Clarke and Knake’s book, Cyber War: The Next Threat to National Security and What to Do about It, discusses how weak the US network defenses are and offers suggestions about how to improve. Carr’s book, Inside CyberWarfare: Maping the Cyber Underworld, … See all stories on this topic » |
||
| Cyber Attack Steals $28000 from Small Town eSecurity Planet By eSecurityPlanet Staff “The case once again highlights the mismatch between the sophistication of today’s attackers and the weak security measures protecting many commercial online banking accounts,” writes Krebs on Security’s Brian Krebs. … See all stories on this topic » |
||
| Are NSA InfoSec Efforts Enough to Defend America in Cyber Warfare? Top Secret Writers These areas are not found on foreign soil or even outer space. The new frontier of warfare is Cyber Space. The methods and technologies used in this new virtual warfare are advancing on a daily basis. These advancements are being made so quickly that … See all stories on this topic » |
||
| Nation’s fight against cyber intruders goes local BusinessWeek An explosion in threats against the nation’s cyber networks has led the Pentagon to develop a cyber war strategy and states to open cyber security offices. The Pentagon revealed last week that it sustained, earlier this year, one of its largest-ever … See all stories on this topic » |
||
| Dimasoft MD on hacking into the mind of a thief nebusiness.co.uk by John Hill, The Journal AN increasing number of companies are recognising the need to protect themselves from cyber attack, but sometimes forget to check whether someone’s just wandering in through the front door. As a certified ethical hacker, … See all stories on this topic » |
Friday July 22nd
|
||
|
||
| Sony insurer seeks hack opt-out BBC News One of the company’s insurers has asked a judge to rule that it is not liable for losses related to thecyber attack. In April, Sony discovered that hackers had gained access to 77 million accounts on its PlayStation Network. … See all stories on this topic » |
||
| Cyberspace is the nation’s indelible ink Malaysia Kini Susah Kes: Higher Education Miniser Mohamed Khaled Nordin, Umno also lost the cyberwar in 2008. Since then, many Umno cyber-troopers and bloggers got on the bandwagon. Even Umno apologists from the MCA and the Star took up blogging. … See all stories on this topic » |
