CloudFlare Speaks Out About Their Experience Hosting LulzSec

My colleague Kit Dotson writes:

In every statement about allowing LulzSec to use their free service, CloudFlare has been pointed about mentioning that while they had received queries from law enforcement—they had never been asked by any authority to terminate service. Of course, the company had very little information to provide about their free client because all that’s needed to sign up is an e-mail address, a username, and a password.

Prince describes the experience as causing several existential crises for his colleagues, after all, who wants to be described as the person who provided anonymity to a group of hackers? Still, in the end, they decided that it was not their job to act as censors when housing information on hacking subjects itself is not illegal.

SiliconAngle: CloudFlare Speaks Out About Their Experience Hosting LulzSec

Prince also said ““You can’t pay for pen testing like this.” No kidding!

NSA and Raytheon Team-Up for Cybersnooping Project

Nuclear Power Plant in  Limerick, Pa.

A piece I wrote for RWW today:

The Wall Street Journal reports, citing unnamed sources, that the NSA is launching a program to help protect critical infrastructure – including private enterprises – from cyber attacks. According to the paper, defense contractor Raytheon has received the contract for the project, which would rely on a series of sensors to detect “unusual activity suggesting an impending cyber attack.” This follows the Lieberman-Collins bill passing committee in the Senate.

The Orwellian nature of the name was alledgedly not lost on Raytheon: The Wall Street Journal claims to have seen an internal Raytheon e-mail saying “Perfect Citizen is Big Brother.”

ReadWriteEnterprise: Do Private Enterprises Need the NSA to Protect Them From Cyber Attacks?

White House Cyber Czar: ‘There Is No Cyberwar’

White House Cyber Czar Howard Schmidt

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it.

Threat Level: White House Cyber Czar: ‘There Is No Cyberwar’

See also:

Cyberwar Hype Intended to Destroy the Open Internet

Cyber warfare: don’t inflate it, don’t underestimate it

Comprehensive National Cybersecurity Initiative

Cyber warfare: don’t inflate it, don’t underestimate it

inside cyber warfare

Interview with Inside Cyber Warfare author Jeffrey Carr:

MS: For China in particular: what are the things to consider and what are the things to look out for?

JC: China clearly has a lot of problems internally. Their economy is growing, but it’s still relatively fragile and highly dependent on the U.S. The difference in economic conditions varies radically from the countryside to the cities. On the other hand, they own over a trillion dollars of U.S. debt. That gives them incredible leverage. So that’s a balancing act that’s going to be very interesting to watch, especially over this Google issue. But they’ll never concede to eliminating censorship on their Internet. They’ll walk away from Google if that’s what it takes.

People inflate fear about China, but China has no interest in attacking the U.S. They want the same things that any country would want. And they’re going about it the same way that we would go about it. We’re doing espionage. We’re looking after our interests. We’re exerting our will as a nation. It’s silly to try to take the moral high ground here. It doesn’t serve any useful purpose.

MS: One of the interesting points that came out of the Google-China analysis is the idea that Google has its own foreign policy now. Do you think that’s the case?

JC: Honestly, I don’t see it as anything new. The idea of a new, more sophisticated attack against Google that we’ve never seen before, I think that’s overblown. The idea that you have hackers who gain entrance to a network and then exploit data from that network, that’s not new. This is all just espionage. Google is just another company that has something of value.

But Google does represent a turning point because it’s getting so much press. It’s raising the issue to the point where the U.S State Department got involved. That’s all good.

Read More – O’Reilly Radar: Cyber warfare: don’t inflate it, don’t underestimate it

(via Chris Arkenberg)

See also:

US oil industry hit by cyberattacks: Was China involved?

Bruce Sterling on cyberwar and cyberpeace treaties.

‘Cyber Genome Project’ kicked off by DARPA


Applecart-bothering Pentagon boffinry bureau DARPA is at it again. This time, the military scientists want to establish a “Cyber Genome” project which will allow any digital artifact – a document, a piece of malware – to be probed to its very origins. […]

Or in other words, any code you write, perhaps even any document you create, might one day be traceable back to you – just as your DNA could be if found at a crime scene, and just as it used to be possible to identify radio operators even on encrypted channels by the distinctive “fist” with which they operated their Morse keys. Or something like that, anyway.

The Register: ‘Cyber Genome Project’ kicked off by DARPA

(via William Gibson)

Hard to see this working out well.

Is tech taking us to a world more medieval than modern?


For most people over most of man’s time, however, history is more like a mob movie than a courtroom drama: The Vikings burn the village, the Huns or Mongols ride through with swords, child soldiers arrive in pickup trucks. Violence is the only argument. That is history, too chaotic and reactive for any organized telling.

The mayhem Menn portrays is not that stark, but it seems closer to that than to a world of rules and order. Cybergangs rise and fall in varying degrees of anonymity and alliances with Russian, Chinese and other governments that are more ad hoc than understood. Norms of behavior among individuals and governments are a moving target. Crimes are not solved as much as controlled, through informal alliances of small agencies within and outside the state, or when there is publicity of the crimes that embarrasses higher ups in government. It is crime and crime fighting within a massive, illicit social network, fueled on greed, speed and reputation.

Forbes: The Web’s Return To Chaos

(via Bruce Sterling)

This sounds partially right, except that it overlooks the amount of thuggish violence governments have continued to be involved in – wars, strikes, proxy wars, assassinations, etc. If we’re moving into a world of cyberwarfare instead of physical warfare: great. I’d rather people get their “identities stolen” than end up dead. I’d like to think that’s happening, rather than a mere expansion of aggression. Whatever the case, there’s never been a time when governments didn’t act like gangs.

Future of Cyber Security: What Are the Rules of Engagement?

The fireworks weren’t only in the sky this past Fourth of July but were seemingly in the Intertubes, too, when U.S. and South Korean government websites were struck by a series of cyber sorties that knocked a few sites off line and left some people seeing red — as in the crimson Communist hue.

Anonymous South Korean intelligence agents blamed North Korea for the attacks — despite presenting no evidence to back the claim. U.S. Rep. Peter Hoekstra (R-Michigan) even called on the administration to retaliate with a “show of force” against the Communist regime.

The congressman’s extreme reaction to a minor web attack is a stark reminder that we’ve entered the age of the cyber wars. It’s also a reminder that there are numerous questions — ethical, legal and even bureaucratic — that need to be sorted out about the rules of engagement before the U.S. launches any cyber volleys in retaliation for an attack or otherwise. The most basic being, what constitutes an attack, how do we identify its source and what’s an acceptable response?

Wired: Future of Cyber Security: What Are the Rules of Engagement?

The Improbable Rise and Fall of E-Gold – plus: Head of Asheville Liberty Dollar operation arrested

Jackson et al. very clearly made some serious mistakes in how they ran (or didn’t run) their business. But compare the history of PayPal with that of E-Gold. Did E-Gold deserve to fall so hard?

Timberlake, the economics professor, is convinced that Jackson’s radical dream, his goal of upsetting the economic status quo and overturning the government’s monopoly on money, is what really got E-Gold targeted.

“No matter how innocent a person is you can always find a law that government agents can use to convict him of something,” Timberlake says, “And this is a perfect example of it. Any time anybody tries to produce money, the federal government is going to be on their tail.”

Threat Level: Bullion and Bandits

Meanwhile: Head of Asheville Liberty Dollar operation arrested.

Wendy McElroy notes “The Dollars do not resemble fed-issued coins except for in being round and flat;moreover the website made it very clear that the Dollars were a means of exchange among like-minded individuals who rejected Federal Reserve Notes as monopoly money” and suggests that the indictment is worded in such a way that the government could conceivably be planning on seizing all Liberty Dollars in circulation: “They seem to be giving themselves the legal muscle to steal caches of precious metal from individuals/businesses.”

See The New Currency War for more background.

Britney, Obama Twitter Feeds Hijacked Following Phishing Attack

Official Twitter feeds belonging to Barack Obama’s campaign, Fox News and Britney Spears were hijacked to send out fake messages on Monday, two days after a password-stealing phishing attack targeted the microblogging service.

“A number of high-profile Twitter accounts were compromised this morning, and fake/spam updates were sent on their behalf,” the company acknowledged on its website Monday. “We have identified the cause and blocked it. We are working to restore compromised accounts.”

A fake message sent to followers of the Fox News Twitter feed announced that Fox host Bill O’Reilly “is gay,” while a message from Britney Spears’ feed made lewd comments about the singer. A tweet sent out from the Barack Obama account asked users to click on a link to take a survey about Obama and be eligible to win $500 in gasoline.

Full Story: Threat Level

Downturn may turn techies to crime, say reports

Desperate IT workers who have been laid off will go rogue in 2009, selling corporate data and using crimeware, reports have predicted.

The credit crunch will drive some IT workers to use their skills to steal credit-card data using phishing attacks, and abuse their privileged corporate computer access to sell off valuable financial and intellectual information, forensic experts have warned.

Both PricewaterhouseCoopers (PwC) and security vendor Finjan are forecasting that the recession will fuel a significant rise in insider fraud and cybercrime in 2009.

A PwC forensic expert claimed the financial-services sector is already investigating a rising number of staff frauds, while Finjan cited evidence of a trend in 2008 for unemployed IT staff in Eastern Europe and Asia to use crimeware toolkits to launch phishing attacks and seed malware to steal financial details.

Full Story: ZDnet

(via Tomorrow Museum)

© 2024 Technoccult

Theme by Anders NorénUp ↑