< May Newsletter #2 2014
Most UK Police don’t investigate Cyber Crime
Ninety Percent of the UK’s Police have no Tactical or Strategic plans for monitoring, training PCs and reducing cyber crime.
And the idea that overall crime is reducing depends on which statistics are applied and by which Authority they are promoted.
A new report by HMIC (Her Majesty’s Inspectorate of Constabulary) has found that the majority of Britain’s police forces are unprepared for cybercrime, with only three forces out of 43 nationwide having developed a comprehensive cyber strategy in their Strategic Threat and Risk Assessments (STRAs) and with only twelve more forces having considered their approach to cyber at all.
This means that over two thirds of the county’s police do not have any plans for dealing with cyber crime. Also another point noted in the Report states that only half the UK forces have considered terrorism as part of their strategic planning assessments, which of course means terrorism or all types, including cyber, will mainly go on unmonitored and unopposed.
HMIC identifies that much more needs to be done by forces to secure the levels of preparedness that are necessary for them to collectively respond to the all of the national threats, as required by the Strategic Policing Requirement (SPR); and recommends that chief constables need to immediately establish a collective leadership approach, in order to secure the required levels of national preparedness.
Point 2.26 of the Report states ‘Senior leaders across police forces were unsure of what constituted a large-scale cyber incident. We found that, where they existed, STRAs and plans were focused only on investigating cybercrime; they were silent about preventing it and protecting people from the harm it causes.’
Large-scale cyber incident
2.42. Research shows that cybercrime is significantly under-reported, and of those crimes reported to Action Fraud16, only 20 percent are passed to police forces. This means that police forces do not have sufficient information to identify and understand the threats, risks and harm associated with cybercrime.
5.68. There was a generally held mistaken view among those we interviewed that the responsibility for responding to a large-scale cyber incident was one for regional or national policing units and not for forces. There was very little understanding of the part forces should have in working together with regional and national organisations to respond to the threat.
http://www.hmic.gov.uk/news/news-feed/strategic-policing-requirement-report-published/
http://www.hmic.gov.uk/inspections/strategic-policing-requirement/
England and Wales are lacking a cyber strategy to deal with electronic attacks and cyber crimes. Only Derbyshire, Lincolnshire and the West Midlands have cyber plans and ninety eight percent of all English and Welsh staff has no cyber training.
This is despite the requirements for plans and training being laid out by the Home Office in July 2012 in its Strategic Policing Requirement.
Two years ago this Report began with the Home Secretary’s stating,
Organised criminals do not stop their activity where one police force ends and another begins; countering terrorism requires a seamless and integrated approach right from local communities through to foreign countries; public disorder can require police officers from across the country to work together to restore order; the police lead the response to major civil emergencies; and the police must play their part in countering the new and growing threat that exists not on our streets but in cyberspace.
These threats have national dimensions but they all cause harm locally as well. That means they must be tackled not only by local policing, strongly grounded in communities, but also by police forces and other agencies working collaboratively across force and institutional boundaries. For too long Government focused on micro- managing local policing, while not paying enough attention to its proper role of supporting the response to national threats. The election of police and crime commissioners allows Government to get out of the way of local policing, putting accountability, rightly, in the hands of local people. At the same time, this Strategic Policing Requirement demonstrates our commitment to getting a better grip on the national threats we face.
Theresa May Home Secretary – July 2012.
The Report goes on to state in 6.1 – ‘In response to the threats from terrorism, cyber and organised crime, chief constables must have regard to the requirement for resources to be connected together locally, between forces, and nationally (including with national agencies) in order to deliver an integrated and comprehensive response. This should include the ability to communicate securely, access intelligence mechanisms relevant to the threat and link effectively with national co-ordinating mechanisms.’
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/
Another Recent Report states -
Poorly integrated IT systems – Forces use various IT systems for recording incidents and crimes. Our work so far has established that there are 14 different incident-recording IT systems in use by the 43 police forces of England and Wales and 18 different crime-recording systems. In addition, specialist departments, including those investigating serious sexual offences and dealing with the protection of vulnerable people, often have separate IT systems which are primarily used for case management and information-sharing.
Inadequate crime-recording on IT systems directly affects a force’s knowledge about crime. Without an accurate picture, there can be no proper analysis or a full understanding of the threat, risk and possible harm to the public. This knowledge is needed to decide where and how best to deploy police resources. The ability to audit systems properly is impeded by the number of incompatible IT systems in use and also because some of these systems have not been designed with an effective audit capability.
http://thinbluelineuk.blogspot.co.uk/2014/05/interim-hmic-report-on-crime-data.html
According to a Report on Crime in England and Wales, Year Ending December 2013 crime has reduced but this is a Survey and has a partial PR purpose
Latest figures from the Crime Survey for England and Wales (CSEW) estimate there were 7.5 million crimes against households and resident adults in the previous twelve months, based on interviews with a nationally representative sample in the year ending December 2013. This was down 15% compared with the previous year’s survey, and is the lowest estimate since the survey began in 1981.
The reduction of crime measured by the CSEW was driven by decreases in a range of offence groups, including: other household theft (down 25%); violence (down 22%); and vandalism (down 15%).
http://www.ons.gov.uk/ons/dcp171778_360216.pdf
However another Report by HMIC Her Majesty's Inspectorate of Constabulary on thirteen police forces states that A fifth of crimes in England and Wales could be going on and were unrecorded by police.
http://www.bbc.co.uk/news/uk-27226110
In summary, there seems to be a serious issue with co-ordination and management of the 43 different police forces in England and Wales although our research certainly suggests that the UK is not alone with this problem.
Cybercrime is slowly displacing conventional crime and the Indian police in course of time will become equipped to handle such crimes, according to former director of the Central Bureau of Investigation R K Raghavan.
Speaking during a workshop on Cyber Crimes and e-security, organised by the Cyber Society of India, Raghavan said that more people would become victims of cyber crime than of conventional crime.
On an average only two per cent of our population is affected by conventional crime like robbery and theft but almost everyone who has access to the Internet is vulnerable to cyber crime.
http://www.newindianexpress.com/cities/chennai/Cyber-Crime-Displacing
In the US the FBI has a cyber strategy that is attempting to co-ordinate the US response. Recently on April 16th Richard P. Quinn the National Security Assistant Special Agent in Charge, Philadelphia Field Office for the Federal Bureau of Investigation gave a statement before the House Homeland Security Committee, Subcommittee on Cyber Security, Infrastructure Protection, and Security Technologies in DC.
‘Given the scope of the cyber threat, agencies across the federal government are making cyber security a top priority. Within the FBI, we are prioritizing high-level intrusions—the biggest and most dangerous botnets, state-sponsored hackers, and global cyber syndicates. We want to predict and prevent attacks, rather than simply react after the fact.
‘FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques—such as sources and wiretaps, surveillance, and forensics—to fight cyber crime. We are working side-by-side with our federal, state, and local partners on Cyber Task Forces in each of our 56 field offices and through the National Cyber Investigative Joint Task Force (NCIJTF). Through our 24-hour cyber command center, CyWatch, we combine the resources of the FBI and NCIJTF, allowing us to provide connectivity to federal cyber centers, government agencies, FBI field offices and legal attachés, and the private sector in the event of a cyber intrusion.’
Conclusions
In electronically linked global networks of states and nations a lot of crime has moved from the local to include inter-border and cross national dimensions and there is now a serious requirement for an integrated, centrally managed strategy and tactical practice for large areas of the police activity.
Recently five police forces in the UK’s Southwest have started a partnership with Bournemouth University with the aim to develop a cyber strategy. If this is successful it could be used as part of a larger plan to engage the whole of the UK police.
Certainly the economics and changes to the crime perspective require a far more integrated approach not unlike the centralised policing used in Scotland. In the rest of the larger UK a more centralised monitoring, control and integration is required than is being used at present. Integration of the 43 forces would improve the management and counter the individual focus of each force. This would improve crime reduction, tackle new un-recorded cyber crime and improve to systems and basic purchases required by such a large organisation as the police. These improvements and savings could then be used to advance local, inter-county and cross-boarder crime monitoring, intervention and reduction.
If you would like more information please contact Cyber Security Intellignece for a Research Report. Email: Info@cybersecurity-intelligence.com
Malaysian Airlines blames software for MH370 Cambodian Failed Response
Malaysia Airlines (MA) has blamed the software that it used to track its aircraft for its erroneous report to air traffic controllers that MH370 was flying over Cambodian airspace about an hour after it went missing.
MA explained that it made the deduction based on its ‘flight-following system’ which displayed the aircraft’s predicted position and not its actual location.
The system also does not alert MA if there were anything abnormal, the airline said in a statement sent late last night, and will continue displaying the aircraft’s predicted flight path and location until told otherwise by pilots. In addition, although the system’s map showed that MH370 was supposed to be in Vietnamese airspace at the time, the map label for Vietnam was missing when zoomed in.
In actual fact, at the time, about 2.15am on March 8, the aircraft was flying over the Straits of Malacca, but that fact was not be identified until days later because its transponder was either switched off or malfunctioning.
Shortly after MH370 disappeared from civilian radar and was diverted from its original flight path, military radar tracked it as an unidentified aircraft flying from off the coast of Penang until it left radar coverage over the Andaman Sea.
The airline stressed, however, that it is the responsibility of air traffic controllers to track aircraft, and airlines only use flight-following systems to help pilots cope with weather conditions or route diversions.
MA clarified that the ‘signals’ reported in the time-line actually referred to MH370’s expected location based on the flight-following system. It added that since air traffic controllers had alerted MA that it could not contact MH370, it had made its own attempts to contact the aircraft as well but was unsuccessful.
According to the timeline released on Thursday, it took MA 95 minutes to inform air traffic controllers that its position report was based on a projected flight path and may not be reliable.
In the interim period, Kuala Lumpur air traffic controllers had contacted their counterparts in Cambodia and Ho Chi Minh City asking for information on MH370, as well as seeking further information from MA.
Ho Chi Minh City controllers replied that it has no contact with MH370 and confirmed that the aircraft’s flight plan only took it through Vietnamese airspace, while Cambodian controllers said they have no information on the flight.
One notable example of a stray airliner being intercepted was the Helios Airways Flight 522 incident in 2005, where a Boeing 737-300 aircraft flew off-course and did not respond to attempts to contact it.
Two Hellenic Air Force fighters were scrambled to investigate the Helios flight, and saw that the co-pilot was unconscious, the captain was missing, a person was waving at the fighter pilots from the cockpit, and oxygen masks had been deployed. It crashed 30 minutes later after running out of fuel.
The question arises, did air traffic control or MA conformed to this particular provision? With regards to military standards the military documents will be classified information and are not available.
Previously, when questioned on why MH370 was not intercepted although its identity could not be ascertained at the time, Prime Minister Najib Abdul Razak replied that air defence officers were certain that the aircraft was not hostile. This was because although the identity of the aircraft was unknown, it behaved like a commercial airliner, he said.
MH370 Rescue coordination centres should have been alerted of a possible emergency within 30 minutes of losing contact with an aircraft, according to the International Civil Aviation Organisation (ICAO) guidelines.
This lends credence to criticism that Malaysia had been slow in taking about four hours to inform the Kuala Lumpur Air Search and Rescue Centre (ARCC) that MH370 had gone missing in the early hours of March 8 with 239 persons on board.
Snowden hires a well-known DC lawyer in hopes of a plea bargain
Edward Snowden, the NSA (National Security Agency) contractor who provided journalists with thousands of classified documents retained a well-known Washington attorney last year. This was in hope of reaching a plea deal with federal prosecutors that would allow him to return to the United States and hopefully reduce significantly his prison sentence.
The attorney is Plato Cacheris, who has represented spies like Aldrich Ames and Robert Hanssen and the whistleblower Lawrence Franklin. A federal judge in January 2006 sentenced the Defense Department analyst, Franklin, to more than 12 years in prison today after Mr. Franklin admitted passing classified military information to two pro-Israel lobbyists and an Israeli diplomat.
But nearly a year after Cacheris became involved in the Snowden case, no agreement appears imminent, and government officials said the negotiations remained at an early stage and Cacheris has told journalists that he has no comment to make about the case.
In the case of Franklin, a Pentagon analyst accused of leaking classified information about Iran to pro-Israel lobbyists, Cacheris was able to secure a final sentence of 10 months community confinement.
Snowden faces as much as 30 years in prison after being charged with multiple violations of the Espionage Act in 2013. He now lives in Moscow, where he has been granted temporary asylum.
Snowden has maintained he did not bring documents to Russia and told Vanity Fair there was no 'doomsday cache,' as he feared it would simply make him more of a target.
Some leak cases under the Obama administration have ended with plea deals for no more than a few years in prison while others have been punished far more severely, such as Chelsea Manning, who received a 35-year sentence for her role in getting classified documents to WikiLeaks.
Even if Snowden can offer something, it's likely the U.S. government will want to make an example of him.
UK Official Says Terrorists Have Changed Methods Since Snowden Leaks; Snowden Reportedly Retained Espionage Defense Lawyer Cacheris
Michael London had an online article on April 29, 2014 in Reuters, with the title above. “The Snowden effect has been a very, very severe one,” said Stephen Phipson, a Director at Britain’s Office for Security and Counter Terrorism (OSCT), told a London security conference. “Our adversaries, the terrorists out there, now have full sight of the sorts of tools and range of techniques that are being used by government — hindering intelligence agencies’ capabilities to track them. I can tell you data show a substantial reduction in the use of those methods of communication as a result of the Snowden leaks. Some methods he [Snowden] describes that governments use to track terrorists, as a natural consequence, you see terrorists trying to use other methods to of communication,” he added.
Research by CS-I has discovered a large disagreement and radically different views and perspectives on Snowden’s activities and the ways in which he should be considered and dealt with by the US authorities.
Even within the US intelligence services the current views concerning Snowden’s activities is incredibly divided. These range from Snowden being a whistleblowing hero who has shown Americans that their government was countering the US Constitution’s Amendments for protecting American citizens personal rights as they are monitoring their mail and personal activities. At the other end of the scale, there are other individuals in the US intelligence agencies who would like Snowden electrocuted for treason to give an example to the rest not to break the secret service agreement and give information to US enemies.
There is also debate concerning the rights of The Guardian, the Washington Post and the New York Times to use constitutional protection.
For instance, Peter Scheer at The Blog at Huff Post Media says ‘Snowden is a source who leaks information, not a journalist who receives leaks. The difference is crucial: in the transaction between source and journalist, constitutional protections extend only to the latter.’
Across the Atlantic the European Parliament's civil-liberties committee on 12 February 2014 rejected a call for the European Union to protect Edward Snowden against possible prosecution or extradition.
Earlier, Green MEPs on the committee had asked to include the call in a draft report on mass surveillance prepared by Claude Moraes, a centre-left UK MEP.
Therefore under intense pressure from both the Obama administration and national governments in Europe, a committee of the European Parliament has killed a measure calling for asylum and protection for National Security Agency (NSA) whistleblower Edward Snowden, should he leave his temporary haven in Russia for anywhere within the European Union.
Another amendment proposed by Green MEPs on the committee called on the US to drop any criminal charges it might be preparing against Snowden. The amendments were supported by some MEPs from the liberal and left groups. But centre-right MEPs from the European People's Party and the European Conservatives and Reformists opposed the asylum call, as did many MEPs from the centre-left Socialists and Democrats group. Moraes described the asylum call as a “red line” for centre-right MEPs.
Perhaps not surprisingly the EU goes along with US Government sensitivities and says that Snowden’s asylum would cross a red line.
https://www.wsws.org/en/articles/2014/02/13/snow-f13.html
https://www.europeanvoice.com/article/imported/parliament-rejects-proposal-to-protect-edward-snowden/79639.aspx
http://www.huffingtonpost.com/peter-scheer/edward-snowden-first-amendment_b_4140277.html
http://www.nytimes.com/2014/04/29/us/snowden-retained-expert-in-espionage-act-defense.html?_r=0
http://thehill.com/blogs/blog-briefing-room/news/204636-report-snowden-retained-expert-in-espionage-act-defense
http://fortunascorner.com/2014/05/01/snowden-leaks-prompt-terrorist-groups-to-change-methods-says-u-k-official/
Russia could wage cyber war on US
Russia, annoyed by the US sanctions over Ukraine, may strike back at America by using cyber warfare and then claim that no attack ever took place, a former top intelligence official said Tuesday.
Russia, considered the second country most adept at cyber warfare after the US, could use an attack on American computer systems as a way to seek revenge on the US, said Richard Clarke, a top counter-terrorism and intelligence official for both the Clinton and George W. Bush administrations.
Former Defense Secretary Leon Panetta, who joined Clarke and former National Security Agency Deputy Director Chris Inglis at the Milken Institute Global Conference, says Russia is no different than the US when it comes to cyber warfare.
Russia already used it with Georgia and Crimea, and if Russia decides on military action against Ukraine, "cyber would be part of that attack element," Panetta says.
Clarke warned that private corporations face the biggest threat from cyber warfare. He says governments like Iran or China under frequent attack these days by often-back companies.
The first step for companies is openness. Often, he says companies aren't even aware that they had been hit. "You have to realize you've been hacked and develop a strategy different than today," he says. "You're not going to keep them out. Don't kid yourself."
http://www.usatoday.com/story/money/business/2014/04/30/russia-cyber-attack/8500661/
Internet Explorer At Risk From Major Bug says FireEye
Microsoft said it is working to fix a flaw in Internet Explorer that has left web browsers, including many used by the government, vulnerable to cyber attacks.
Microsoft said on Saturday it was aware of "limited target attacks" on browsers used by more than half the world's computers. The flaw affects Internet Explorer versions 6 through 11, but security firm FireEye, which first discovered the bug, said hackers are mostly targeting versions 9 through 11.
Those three versions represent 26 percent of the browser market, according to FireEye. If versions 6 through 8 are added in, the number of affected versions jumps to 56 percent. Thousands of government computers, including some classified military and diplomatic networks also rely on Explorer.
FireEye said the vulnerability, dubbed "Operation Clandestine Fox," uses a flash exploitation technique to bypass Windows security protections and access computer users' information.
http://news.sky.com/story/1250617/internet-explorer-users-at-risk-from-major-bug
The bug could allow hackers to gain control of a victim's computer and Microsoft admitted there had already been "limited, targeted attacks" to exploit it.
The flaw affects versions six to 11 of the popular browser, which is pre-loaded on Windows computers and accounts for more than half of the world’s browser usage.
Microsoft said hackers attempting to exploit the flaw would have to host a "specially crafted website", before luring potential victims to the site to gain access to their computer.
It warned: "An attacker who successfully exploited this vulnerability could gain the same user rights as the current user."
Gaining user rights would allow the hacker to do everything from adding and removing software to changing passwords.
One simple temporary solution to avoid the vulnerability is to switch to an alternative browser such as Google Chrome or Mozilla's Firefox.
Microsoft is scrambling to patch the problem but those still running Windows XP will not receive any updates to fix the bug.
The company discontinued support for the 12-year-old XP operating system earlier this month.
Microsoft explained the potential vulnerabilities in its security post:
"These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
http://blog.al.com/wire/2014/04/internet_explorer_users_includ.html
http://www.usatoday.com/story/money/business/2014/04/30/russia-cyber-attack/8500661/
http://www.businessinsider.com/internet-explorer-security-bug-2014-4
Microsoft said the bug affects Internet Explorer (IE) versions 6 to 11 and that the firm is investigating the flaw and will take "appropriate" steps, the BBC News reported.
http://www.bbc.co.uk/news/technology-27184188
However, No patch coming for Windows XP
Users of Windows XP, which includes about 10 percent of government computers, won't receive updates fixing the bug, however, because Microsoft recently quit supporting the 13-year-old operating systems, the Washington Post reported. Between 15 and 25 percent of the world's PCs run Windows XP. Microsoft is advising Windows XP users to upgrade to either Windows 7 or 8.
An Internet Explorer Solution Offered by HelpComp
Internet Explorer problems occur when important operating system files become misconfigured, deleted or damaged. This is a common problem with computers that don't get maintained regularly. Eventually the system becomes overloaded with problems and begins to crash and display errors. Recommend downloading a repair tool. It is designed to diagnose problems on your computer.
Data Engineering a Bottleneck for The Internet Of Things
The numbers thrown out by analysts such as Gartner about savings achieved by the Internet of Things are staggering. Vendors will garner $309 billion by 2020. Positive economic impact is estimated at $1.9 trillion. But the path to creating that value is not what most people think it is.
The bounding condition in deploying the Internet of Things (IoT) is not going to be the deployment of devices but rather the management and analysis of the data coming off those devices. If you are interested in making use of the IoT you need to be working on: Data Engineering.
Data Engineering
The challenge is not just the volume of data, but the fact that the modern world of data analysis is something that uses an ensemble of technologies, and each will require its own slice of the data.
In most cases, IoT data will flow from sensors to a massive data lake. Some processing and distillation will take place in the data lake and then the high value portion of the data will likely move to an enterprise data warehouse.
The next step will then be to hive off portions of the data, most likely in combination with other data to enrich it to create models of activity that can be used for automation and analytics. It is likely that each application that is going to be informed by the IoT and each different type of analytics engine is going to need its own stream of data. Unlike the data warehouse, in which the data moved in one direction, the applications and especially the analytics engines are likely to create data that will move back to the enterprise data warehouse and perhaps to the data lake.
IoT will end up requiring a data supply chain, an architecture that builds on the data warehouse and allows for far more dynamic and complex flows of data. As anyone who builds a large-scale data warehouse knows, it can be a daunting task. Even with the help that the cloud provides, building a data supply chain for the IoT will be complicated. The companies that are able to do this will get far more out of the data coming from the IoT.
Effective use of the ability to move and model data using the technology is key to the success of the IoT. In other words, the physical parts of the IoT will be easy. The data engineering will be the harder aspect, which needs planning and tactics.
Chinese spies have read MPs’ emails for a year
Cyber-attacks on the Australian parliamentary computer network in 2011 may have given Chinese intelligence agencies access to politicians' private emails for a year, according to a report in the Australian Financial Review.
‘Both the US and the UK have ‘called out’ China publicly for its relentless cyber assaults,’ Tobias Feakin, senior analyst for national security at the Australian Strategic Policy Institute, said on Wednesday.
‘Australia needs to work out what its position is on this vital issue. Currently it doesn’t have one.’
Australian Strategic Policy Institute (ASPI) recently hired Dr Feakin from the Royal United Services Institute for Defence and Security Studies in Britain.
Since arriving in Australia, he has consulted with intelligence agencies. Dr Feakin said that Australia is subject to “a very high frequency of attacks from Chinese sources across the board”, which is equivalent to what he saw in Britain.
In comparison to Britain, cyber policy is much more “siloed”, Dr Feakin observed. ‘In the UK the Department of Prime Minister and Cabinet coordinates all cross-agency policy whereas Australia has not achieved this fusion yet.’
Dr Feakin also noted that Prime Minister David Cameron had made a direct request to all FTSE 100 companies to share data on cyber incidents with Britain’s peak intelligence bodies.
The newspaper, citing government and security sources, said new information showed the attack had been more extensive than previously thought and "effectively gave them control of" the entire system.
"It was like an open-cut mine. They had access to everything," a source told the newspaper.
Australian officials, like those in the US and other western countries, have made cyber-security a priority following a number of attacks.
The parliamentary computer network is a non-classified internal system used by federal politicians, their staff and advisers for private communications and discussions of strategy.
While inside the system, hackers would have had access to emails, contact databases and any other documents stored on the network, the report said.
The access would have allowed China to gain a sophisticated understanding of the political, professional and social links of the Australian leadership and could have included sensitive discussions between lawmakers and their staff.
Domestic media initially reported on the breach in 2011, although it was believed at the time that Chinese agents had only accessed the system for about a month.
Last year, the Australian Broadcasting Corporation reported that Chinese hackers had stolen the blueprints of a new multimillion-dollar Australian spy headquarters, as well as confidential information from the department of foreign affairs and trade.
Tony Abbott's government upheld a ban on China's Huawei Technologies from bidding for work on the country's £21bn ($38bn) national broadband network (NBN) when it came to power last year, citing cyber-security concerns.
The original media reports said the Central Intelligence Agency and the Federal Bureau of Investigation tipped off the Australia Security Intelligence Organisation about the security breach.
However, senior sources say the Australian Signals Directorate, then called the Defence Signal Directorate, was aware of the breach and had assigned a “tiger team” of 10 experts to fight off the Chinese intruders and rebuild the network’s defences, which are said to be much more secure now.
http://www.afr.com/p/technology/chinese_spies_may_have_read_all
http://www.theguardian.com/world/2014/apr/28/chinese-cyber-attack-australia-emails
http://www.afr.com/p/national/australia_should_confront_china
Cyber security is in the front line
As many of the world’s largest companies are beginning to realise, the threat to their margins, to their brands and even the business’s continued existence from cyber attacks is no longer an abstract risk that can be ignored.
The danger of cyber attack, cyber espionage and cyber crime is finally beginning to loom large in boardrooms across the developed world after a blitz of publicity around the issue – from the attack on state oil company Saudi Aramco in August 2012 to the data theft from Target, the US retailer, last year. But cyber security is still a threat ill understood and even more poorly dealt with.
As a case in point: the chief of one international defence contractor – an organisation with intimate governmental links on both sides of the Atlantic – recently discovered that his personal home laptop had been the object of a security breach. IT engineers at his company, the chief executive told the FT, had identified software on the computer that was logging his every keystroke, and surreptitiously beaming all data it gleaned about his personal life back to an unknown attacker.
The exact purpose of the breach and intent of the attack remain unknown, but its implications are clear: in a rapidly evolving, increasingly boundless digital world, the cyber security threat is pervasive, sophisticated – and deeply underestimated, even among those who should be most aware of it.
http://www.ft.com/cms/s/0/11b41ac4-c3cb-11e3-a8e0-00144feabdc0.html#axzz30YCAU3m7
State Department using social media to counter Al-Qaeda propaganda
The US State Department recently said that it is widely employing social media as a method to counter online violent extremism particularly from Al-Qaeda.
In an intelligence report, the government said that the Center for Strategic Counterterrorism Communications (CSCC), last year produced more than 10,000 online postings globally, some of which included one of 138 government-produced videos.
‘CSCC's programs draw on a full range of intelligence information and analysis for context and feedback. CSCC counters terrorist propaganda in the social media environment on a daily basis, contesting space where AQ and its supporters formerly had free rein. CSCC communications have provoked defensive responses from violent extremists on many of the 249 most popular extremist websites and forums as well as on social media,’ said the document, Country Reports on Terrorism 2013.
The State Department has a global social media presence from Afghanistan to Vietnam. The platform ranges from blogs to Facebook, Flickr, Twitter, Pinterest, YouTube, Google, Instagram, and others.
But the government also trains others, including victims of terrorism, to adopt social media, according to the report.
"By sharing their stories, victims of terrorism offer a resonant counter narrative that highlights the destruction and devastation of terrorist attacks. Workshops train victims to interact with conventional and social media, create public relations campaigns that amplify their messages, and seek out platforms that help them disseminate their message most broadly to at-risk audiences," the report said.
The paper also said that in 2013, "violent extremists increased their use of new media platforms and social media with mixed results." The report added that social media "platforms allowed violent extremist groups to circulate messages more quickly, but confusion and contradictions among the various voices within the movement are growing more common."
New leaks show GCHQ is ‘using’ Social Media
According to recently released documents GCHQ used a program called Squeaky Dolphin to monitor and collect data about users on social networks like Twitter and Facebook. The latest leaks by Snowden where obtained by NBC News and based on a 2012 GCHQ publication called Psychology A new Kind of Sigdev (signals development).
http://www.wired.co.uk/news/archive/2014-01/28/gchq-real-time-spying
http://www.truthersonly.com/2014/02/25/new-leaks-show-gchqs-espionage-on-social-media/
New Leaks show that the UK’s spying agency Government Communications Headquarters (GCHQ) has been secretly snooping on the activities of the users of social media websites
http://www.presstv.com/detail/2014/01/29/348277/leaks-show-gchqs-espionage-on-media/
Using publicly available software Splunk, it shows how that data was neatly arranged on a dashboard for easy real-time viewing of global Internet activity and trend spikes. The project is called Squeaky Dolphin and, aside from being illustrated with pictures of cats and, bizarrely, a lewd message-in-a-bottle animation, also provides us with evidence of the security agency's new levels of intrusion.
The document, made in conjunction with GCHQ's Global Telecoms Exploitation, directly points to "broad real-time monitoring activity" of YouTube video likes, URLs "liked" on Facebook and numbers of blog visits. It appears the system was used to take the emotional pulse of specific regions. However, experts NBC News reporters spoke with have said the information suggests GCHQ had the capacity to directly access specific user data, most likely because it had direct access to internet cables or had compelled a third party to gather it.
It's not the first time Snowden's leaks have pointed to GCHQ directly accessing the cables, nor is it the first time its collaboration with the NSA has come up. A document from 2008 leaked last December showed how the NSA took direct inspiration from a GCHQ project to pose undercover on massive multiplayer online games.
Here, however, the document provides a direct window into how GCHQ breaks down the massive amounts of data it collects. The dashboard is there to give an overview of trending topics. Although this seems to include "cricket-related activities in England" during a particular time frame, it also cites YouTube trend information gathered from 13 February, just before anti-government protests erupted in Bahrain. Another graph reveals how many people looked at certain job vacancies in Lagos, and another how many people on Facebook "liked" links related to former Defence Secretary Liam Fox
The presentation looks as though it's revealing how GCHQ turns data into a thermometer for public sentiment. The slides do not reveal too much by way of an explanation, but one seems to imply that people employ "mirroring, mimicry and accommodation" behaviors when using social media, which could potentially be collected to categories group psychology in a particular region. A graph also details how the Big Five personality traits relate to web browser usage. It's unclear whether this is from an existing study, the result of surveys, or from GCHQ's own work. It suggests that those using Internet Explorer are more agreeable than other web browser users, and less neurotic. They're also apparently more conscientious than other users, while Firefox fans are less likely to be extroverts.
Pages from another GCHQ document from 2010 also reveal how GCHQ used unencrypted data on Twitter to identify members of the public and target them with messages. It reads: "crafting messaging campaigns to go 'viral'."
Although both the NSA and GCHQ have said their respective activities are all legal, and internet companies have come forward about warrants issued that have compelled them to share data, all the activities depicted in these documents were carried out without the knowledge of the named companies.
A spokesperson from Google UK told Wired.co.uk: "We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links. We do not provide any government, including the UK government, with access to our systems. These allegations underscore the urgent need for reform of government surveillance practices."
A representative from Facebook, which has also denied any knowledge of the aforementioned GCHQ activities, said: "Network security is an important part of the way we protect user information, which is why we moved our site traffic to HTTPS by default last year, implemented Perfect Forward Secrecy, and continue to strengthen all aspects of our network."
GCHQ has forced the world's largest Internet companies to up their security measures. However, considering both GCHQ and NSA describe all activities publicised so far by Snowden as legal, it's likely both would simply seek warrants to that effect down the line if security measures prevent them getting the data they want without explicit permission.
For the public, however, the damage is done. Knowing that the spy agency has circumvented all traditional routes for accessing the information means it is impossible to trust in the anonymity and privacy of online activities.
"All of GCHQ's work is carried out in accordance with a strict legal and policy framework," the agency told NBC in a statement. "Which ensure[s] that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position."
http://www.wired.co.uk/news/archive/2014-01/28/gchq-real-time-spying
Global Study Finds 63% of Organisations believe they can’t stop Data Theft
New Ponemon Institute survey suggests key CyberSecurity deficits, disconnects and low attack visibility
Websense, Inc. released the first report of the Ponemon Institute survey, “Exposing the Cybersecurity Cracks: A Global Perspective,” uncovering the deficient, disconnected and in-the-dark realities that challenge IT security professionals. The new survey of nearly 5,000 global IT security professionals reveals a deficit in enterprise security systems. There is a real disconnect in how confidential data is valued and limited visibility into cybercriminal activity. The report gives new insight into why cybercriminals have a foothold in the broader enterprise.
“This global security report shows that the CyberSecurity industry still has more work to do when it comes to addressing cyber-attacks,” said John McCormack, Websense CEO. “Security professionals need effective security measures and heightened security intelligence to keep organisations safe from advanced attacks and data loss. This need is what drives the Websense commitment to continued security innovation and significant Websense TRITON solution development.”
Findings reveal that security professionals have systems that fall short in terms of protection from cyber attacks and data leakage. They need access to heightened threat intelligence and defences. Because the security threat landscape is more challenging and dynamic than ever, having the intelligence to anticipate, identify and reduce the threats is critical.
Fifty-seven percent of respondents do not think their organization is protected from advanced cyber attacks and 63 percent doubt they can stop the exfiltration of confidential information.
Most respondents (69 percent) believe CyberSecurity threats sometimes fall through the cracks of their companies’ existing security systems.
Forty-four percent of companies represented in this research experienced one or more substantial cyber attacks in the past year. (We define a substantial attack as one that infiltrated networks or enterprise systems.)
Fifty-nine percent of companies do not have adequate intelligence or are unsure about attempted attacks and their impact.
Further, 51 percent say their security solutions do not inform them or they are unsure if their solution can inform them about the root causes of an attack.
The full web site is currently under development and will be available soon!