< A Major Cyberattack will happen in next Decade!
Almost two-third of technology experts expect a "major" cyber attack somewhere in the world that will cause significant loss of life and tens of billions of dollars of property loss by 2025.
A survey recently released by the Pew Research Center found that many of analysts expect disruption of online systems like banking, energy and health care to become a pillar of warfare and terrorism. The survey asked over 1,600 technology experts whether a major attack that would cause "widespread harm to a nation's security and capacity to defend" would be launched within the next 11 years. Sixty-one percent said yes.
It's already beginning to happen, several of the researchers noted. One recent example given was an attack on Apple's iCloud data storage system earlier this month, which some security experts believe was linked to the Chinese government.
Another was the July attack on JPMorgan. Some in the White House wonder if it was orchestrated by the Putin regime in Russia in retaliation for US support of Ukraine, the New York Times reported.
As critical infrastructure moves online, cyber attacks could take out financial systems, the power grid and health systems, wreaking as much damage as bombs, the experts said.
There's already been "a Pearl Harbor event," said Jason Pontin, editor of the MIT Technology Review. He cited the 2009 Stuxnet computer worm that disabled Iranian nuclear plant centrifuges. Many in the defense world believe the attack was launched by the United States and Israel.
Futurist Jamais Cascio thinks cyber attacks will become part of military engagements. "Cyber is a force-multiplier," he said. "We'll likely see a major attack that has a cyber component, but less likely to see a major cyber-attack only.
Others aren't so convinced. Those who answered "no" to Pew's question said security fixes are steadily getting better and the "good guys" are still willing the cyber security arms race.
While credit cards might get hacked and personal information leaked, "it's less and less likely that say all pacemakers in a major city will stop at once, or that cyber attacks will cause travel fatalities," said Paul Jones, a computer technologist and professor at the University of North Carolina.
Its one reason why many security watchers were hopeful that the Obama administration’s Cybersecurity Framework, released earlier this year, would force companies that preside over infrastructure components to take these precautions, but many in the technology community were disappointed that the guidelines did not include hard mandates for major operators to fix potential security flaws.
Speaking to Pentagon reporters in June, Adm. Michael Rogers, commander of US Cyber Command and director of the NSA, offered his own projection for the future of cyberwar in the year 2025, which would look a lot like regular war with more cyber activities thrown in.
For evidence of that, look to the integrated Field Manual for Cyber Electromagnetic Activities, a first of its kind how-to guide that combined cyber operations with jamming and other electromagnetic activities associated more traditionally with combat operations.
http://cyberwar.einnews.com/article/232506231/
http://www.11alive.com/story/tech/2014/10/29/pew-survey-cyber-attack/18120023/
http://www.usatoday.com/story/tech/2014/10/29/pew-survey-cyber-attack/18114719/
Next - 3 UK Spy Stories:
1- MI6 documents allow Spying on Lawyers
Top-secret documents, released in a legal case, show the security services have permitted their operatives to intercept communications between lawyers and their clients.
Extracts of documents from MI5, MI6 and GCHQ were released as part of a legal action brought by lawyers from the campaigning charity Reprieve on behalf of two Libyan men. The papers, disclosed in a tribunal case, are controversial because, communications between lawyers and their clients are covered by “legal professional privilege”, or LPP, which means that law enforcement agencies are supposed to respect their privacy.
But the guidelines indicate the security services have been targeting such communications, by interception methods thought to include telephone taps and e-mail surveillance, since at least October 2002.
http://www.telegraph.co.uk/news/uknews/law-and-order/
2 - Open Rights Respond to GCHQ Claim that Techs Aid Terror
Open Rights Group has responded to an FT comment piece by the Director of GCHQ, Robert Hannigan, in which he calls for “greater co-operation from technology companies', who are in his words, “the command and control networks of choice” for terrorists.
Executive Director Jim Killock said: “Robert Hannigan's comments are divisive and offensive. If tech companies are becoming more resistant to GCHQ's demands for data, it is because they realise that their customers' trust has been undermined by the Snowden revelations. It should be down to judges, not GCHQ nor tech companies, to decide when our personal data is handed over to the intelligence services. If Hannigan wants a 'mature debate' about privacy, he should start by addressing GCHQ's apparent habit of gathering the entire British population's data rather than targeting their activities towards criminals.”
https://www.openrightsgroup.org/press/releases/
3 - Spies say US Techs are terrorists’ choice networks
Privacy has never been “an absolute right”, according to the new director of GCHQ, who has used his first public intervention since taking over at the helm of Britain’s surveillance agency to accuse US technology companies of becoming “the command and control networks of choice” for terrorists.
And it has now been released that Facebook received nearly 35,000 requests for user data from governments around the world during the first half of 2014, up 24 percent from roughly 28,000 requests made during 2013's second half.
The uptick indicates the value governments place on the personal information Facebook has on file for its 1.35 billion users who log in at least monthly. The majority of these requests, Facebook said Tuesday, relate to criminal cases like robberies or kidnappings, targeting data like subscriber information as well as IP address logs and actual content.
The U.S. dominated in the number of requests, with 15,433 queries targeting 23,667 people, or well less than 1 percent of Facebook's total users, according to the company's third report on such requests. India clocked in second with 4,559 requests, with France, Germany and the UK each having more than 2,000 requests.
Google, in comparison, received nearly 32,000 government data requests worldwide for the first half of the year, and over 12,000 in the US.
Robert Hannigan head of GCHQ has recently said a new generation of freely available technology has helped groups like Islamic State (Isis) to hide from the security services and accuses major tech firms of being “in denial”, going further than his predecessor in seeking to claim that the leaks of Edward Snowden have aided terror networks.
Arguing that GCHQ needed to enter into the debate about privacy, Hannigan said: “I think we have a good story to tell. We need to show how we are accountable for the data we use to protect people, just as the private sector is increasingly under pressure to show how it filters and sells its customers’ data.
“GCHQ is happy to be part of a mature debate on privacy in the digital age. But privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions.”
In the same piece, Hannigan says Isis differs from its predecessors in the security of its communications, presenting an even greater challenge to the security services. He writes: “Terrorists have always found ways of hiding their operations. But today mobile technology and smartphones have increased the options available exponentially.
“Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are ‘Snowden approved’. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.”
Hannigan’s comments come after the director of the FBI, James Comey, called for “a regulatory or legislative fix” for technology companies’ expanding use of encryption to protect user privacy. Reacting last month to the introduction of strong default encryption by Apple and Google on their latest mobile operating systems, Comey said, “the post-Snowden pendulum has swung too far in one direction - in a direction of fear and mistrust.”
http://www.computerworld.com/article/2843434/facebook
http://www.theguardian.com/uk-news/2014/nov/03/privacy-gchq-spying
ISIS has issued a manual for ‘Safe’ use of Twitter
Terrorists have long made use of the Internet. But ISIS’s approach is different in two important areas. Where al-Qaeda and its affiliates saw the Internet as a place to disseminate material anonymously or meet in “dark spaces”, Isis has embraced the web as a noisy channel in which to promote itself, intimidate people, and radicalise new recruits.
The ISIS leadership understands the power this gives them with a new generation. The grotesque videos of beheadings were remarkable not just for their merciless brutality, which we have seen before from al-Qaeda in Iraq, but for what Isis has learnt from that experience. Now the “production values” have changed to high definition propaganda and the videos stopped short of showing the actual beheading. They have realised that too much graphic violence can be counter-productive in their target audience and that by self-censoring they can stay just the right side of the rules of social media sites, capitalising on western freedom of expression.
Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are “Snowden approved”. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.
Now the ISIS has released a manual for its militants, titled “How to Tweet Safely Without Giving out Your Location to NSA”, that explain how avoid surveillance.
Security and media consider the ISIS a group with great cyber capabilities, latest news of the IS relates to a Training Guide for its members to prevent the NSA spying. The manual is titled “How to Tweet Safely Without Giving out Your Location to NSA”.
The manual explains how to avoid surveillance of the Intelligence agencies, the document highlights how to prevent exposing location and/or key data using the popular social networks like Twitter.
The document is written in Arabic language and has been distributed among ISIS fighters. The intent of the author of the manuals is to explain to the militants how to remove metadata from the tweets they post or they share online. The manual issued by members of the ISIS suggests how to disable Geo-location services on mobile devices and recommends the fighters to avoid posting information that could allow the Intelligence to identify and localize them.
http://securityaffairs.co/wordpress/29801/intelligence/isis-twitter-use-manual.html
Cyber Attacks Likely to Increase
In an interview with Wired, the world’s most famous whistleblower raised concerns around an NSA-run program called MonsterMind, a tool designed to block malicious traffic from abroad entering the country. It could also automatically return fire, though few details were given on how it worked. A separate US attempt to tamper with Syrian infrastructure resulted in downtime for the country’s Internet in 2012, Snowden claimed. In its attempts to block and ward off cyber-espionage on its infrastructure, as well as spy on others, the NSA could start a real-world war, Snowden fretted
The Internet has become so integral to economic and national life that government, business, and individual users are targets for ever-more frequent and threatening attacks.
In the 10 years since the Pew Research Center and Elon University’s Imagining the Internet Center first asked experts about the future of cyber attacks in 2004 a lot has happened:
Some suspect the Russian government of attacking or encouraging organized crime assaults on official websites in the nation of Georgia during military struggles in 2008 that resulted in a Russian invasion of Georgia.
In 2009-2010, suspicions arose that a sophisticated government-created computer worm called “Stuxnet” was loosed in order to disable Iranian nuclear plant centrifuges that could be used for making weapons-grade enriched uranium. Unnamed sources and speculators argued that the governments of the United States and Israel might have designed and spread the worm.
The American Defense Department has created a Cyber Command structure that builds Internet-enabled defensive and offensive cyber strategies as an integral part of war planning and war making.
- In May, five Chinese military officials were indicted in Western Pennsylvania for computer hacking, espionage and other offenses that were aimed at six US victims, including nuclear power plants, metals and solar products industries.
- In October, Russian hackers were purportedly discovered to be exploiting a flaw in Microsoft Windows to spy on NATO, the Ukrainian government, and Western businesses.
- The Ponemon Institute reported in September that 43% of firms in the United States had experienced a data breach in the past year. One of the most chilling breaches was discovered in July at JPMorgan Chase & Co., where information from 76 million households and 7 million small businesses was compromised. Obama Administration officials have wondered if the breach was in retaliation by the Putin regime in Russia over events in Ukraine.
- The document, launched in March last year, accepts that “cyber-operations alone might have the potential to cross the threshold of international armed conflict” and recommends avoiding targets that would affect civilians, including dams, dykes, nuclear electrical generating stations and hospitals.
http://www.pewinternet.org/2014/10/29/cyber-attacks-likely-to-increase/
http://www.infosecurity-magazine.com/magazine-features/cyberwarfare
Britain declares cyber war on ISIS
Over the past 9 months, the UK’s Home Office, the governmental department responsible for immigration, counter-terrorism, drug policy, and related research, has authorized 30,000 “take downs” of websites and blog spots which are directly linked to ISIS. These platforms had been inspiring troubled youths to engage in home-grown jihad, glorifying terrorism, and promoting lone wolf attacks.
However, it is difficult for any government to counter the online propaganda wars waged by ISIS and other terrorist groups as they are just as likely to use social media websites such as Twitter and Facebook to disseminate their provocative messages.
Officials from Google, YouTube, Facebook, Twitter, and several social media sites were called to court in order to give information about extremists’ online actions. During the talks, these officials were asked to dedicate more resources and take more action to identify and remove sites quicker and to monitor their own sites for indirect messaging. Here, the strategy of “splash pages” was recommended, in which pop-ups emerge when users try to view extremist propaganda including videos of recent beheadings.
ISIS spokesman Sheik Mohammad al-Adnani al-Shami issued a message using ISIS’ online forums in order to spread his message, specifically calling for individual attacks on nonbelievers in Australia and other Western countries such as the US and UK ISIS has been using a free internet application that allows it to automatically send out posts and tweets with links to other content, and in a single day its members can post up to 40,000 tweets that aim to galvanize and recruit.
http://cyberwar.einnews.com/article/231505862/
US: Using Big Data Against Gun Violence
Experts explain how data from social network maps, acoustic sensors and research can be used in the fight against gun violence. The statistics on gun violence in the U.S. are staggering: One in three people know someone who has been shot, and on average, 32 Americans are murdered with guns every day. Mitch Landrieu, Mayor of New Orleans, which is ranked eighth highest in the country in 2013 for homicides, participated in a recent panel that queried how data, analytics and new technologies might combat America’s gun problem and he was joined by Andy Papachristos a researcher and sociologist from Yale University.
To illustrate data’s emergent role, Papachristos spotlighted his research on city criminal networks that analyzed 3,700-plus “high-risk” individuals. Based on five years of police record data, Papachristos said Chicago – a city ranked highest for homicides at 413 deaths in 2013 – could attribute 85% of gun deaths and injuries to less than 4 percent of the city’s entire population (the other 15% of injuries and deaths were related to domestic violence and stray bullet killings).
Likewise, when mapped, the geographies of gun violence concentrated themselves in isolated pockets of the city, i.e. small neighborhoods with predominantly black poor populations.
Papachristos said the crime statistics were no anomaly. From Boston to Stockton, Calif., research showed Chicago was representative of a larger trend in the US. It was similarly noted that disparities in obesity, education and poverty could easily be mapped to the same impoverished areas.
http://i-hls.com/2014/10/using-data-combat-gun-violence/
German Spies Contradict US that Russia Downed MH17
Germany’s foreign intelligence agency has concluded that pro-Russian separatists shot down Malaysia Airline flight 17 using a BUK air defense missile system that the rebels stole from a Ukraine military base (Der Spiegel reports). This conclusion, if correct, would contradict statements by US Secretary of State John Kerry earlier this year.
In short, this may turn out to be another embarrassing incident of the US administration either relying on faulty intelligence or failing to represent accurately the findings of the US intelligence community in an effort to rally domestic and international support against another nation.
However Russian agents may have operated the system that downed MH17 or trained rebels to operate the system; Russia may be directly supplying and training the rebels with the same type of systems in other cases giving the rebels the incentive and capacity to capture and use a Ukrainian BUK system, and Russia’s general sponsorship of the rebel forces and fostering the conflict arguably laid the conditions that led to the MH17 tragedy and many other acts of violence.
http://justsecurity.org/16645/german-spy-agency-kerry-russia
The Future of Battlefield Robotics …
Despite the drawdown in Afghanistan and the end of the war in Iraq, the military still needs robotic systems to detect improvised explosive devices as well as provide tactical intelligence. In the up-and-coming category is a young Israeli firm called Roboteam, which markets a variety of robots, the coolest of which is the Micro Tactical Ground Robot, or MTGR. The two-year-old MTGR made some news last summer as Israeli Defense Forces deployed them to search out Hamas tunnels in Gaza.
The next step for robot manufactures is to make them easier to operate in groups. Last month, iRobot released a new Android piloting system called uPoint Multi-Robot Control. Defense One tested it on site and found it fast, intuitive and not unlike an iPad-based first-person-shooter video game.
The view is what the robot sees from one of its designated cameras. Press a button and you can steer it without a joystick simply by moving your finger on the screen. The Android tablet detects finger movement and actually plots where the user might send the machine in the form of yellow trajectory lines that show up on the screen.
At some point, the military will want robots capable of running their own missions, hunting for IEDs, looking around corners and sending visual data to the cloud for rapid—and robotic—visual analysis and all without direct piloting. A single operator would be able to control dozens of robots that weren’t just loitering but carrying out operations.
http://i-hls.com/2014/10/future-battlefield-robotics/
Fake Snowden Is Russia's Newest TV Star
Where the Motherland Begins weirdly shows Snowden character as a mole in the US since childhood.
The planned Oliver Stone film about National Security Agency leaker Edward Snowden—played by Joseph Gordon-Levitt—and his quest for asylum in Russia, is still being shopped around to Hollywood studios and won’t start shooting for another three months. In the meantime, however, a thinly fictionalized version of the Snowden story just premiered on Russian television as part of an eight-episode spy drama, Where the Motherland Begins. And it has a peculiar twist, which implies that since he was a child, Snowden was, groomed by a Russian intelligence agent.
But the story of “James Snow,” a fugitive former CIA/NSA contractor, who disclosed classified information about US surveillance of telephone and Internet communications worldwide, is the framing device that opens and concludes the main plot.
http://www.thedailybeast.com/articles/2014/10/12/fake-snowden
Qatar 1st - 2nd December 2014
The Cyber Security Summit 2014
The essential & confidential cyber security summit for Qatar and the Middle East
The Middle East has become a hotspot for cyber-attacks amid an escalation of computer-led warfare across the globe. As organisations brace for an increase in cyber crime this year, Governments have a major responsibility for protecting national security and their citizens and there is a global recognition that the Internet is part of both the national and international critical infrastructure which needs to be protected.
2 day Conference & Exhibition
The Cyber Security Summit has been developed and designed to help to meet the priority cyber threat against both state & industry interests in Qatar and the wider Middle East region.
http://tangentlink.com/event/cyber-security-middle-east-2/
The full web site is currently under development and will be available during 2014