The New York Times, which today (Jan. 31) detailed a massive attack upon its computer systems, is certainly not the first U.S. company to be hit by hackers apparently working for Chinese interests.
Hundreds of Western companies, organizations and government agencies have been attacked by hackers from China over the past five years. But the Times is among the few companies — Google is another — willing both to disclose details of the attack and to accuse Beijing of being behind it …
George Smith, a senior fellow at the Alexandria, Va., think tank GlobalSecurity.org, believes corporations might be concerned that blaming China will make it harder to do business in China.
“The Chinese actually have been blamed for a long time,” Smith said. “However, many U.S. multi-nationals, unsurprisingly, have business in China and aims directed at exploiting markets there.
“You can see where such a business would think it’s in a bind if it needs permissions and cooperation from [the] Chinese central government and, at the same time, finds out it has been penetrated by cyber-espionage efforts that may originate from the same.”
There’s more, quote from Sophos and F-Secure on the nature of the business world in relation to such intrusions.
The New York Times is in a unique position. Its reputation and capabilities are based on the bedrock of truth and a relative transparency in the way it conducts news gathering and publishing.
Most of corporate America does is not built on any such foundation. US businesses are not at all transparent. Hacking, intrusions of any kind, exacerbate their already existing environments of paranoia and secrecy.
There’s no place safe from electronic Pearl Harbor, not even lowly Huntsville, Alabama. Or rather, there’s no place the plutocrat cutpurses and their shoeshine boys in the national cyberwar industry find too small if there are taxpayer dollars to be taken off the rubes.
The only way the U.S. will improve its defenses against cyber attacks is if there is a modern-day, Pearl Harbor-like attack or if Americans get agitated enough to ask for answers, according to the former director of the National Security Agency.
Mike McConnell, an expert in cyber security and vice chair of Booz Allen Hamilton, said both Pearl Harbor and the Sept. 11, 2001, terrorist attacks could have been prevented if the U.S agencies were were better equipped and if they worked in better cooperation with each other. All the intelligence needed was known, McConnell — who led the NSA from 1992 until 1996 and now serves as vice chairman of Booz Allen Hamilton — said. (In 2007 he was appointed as Director of National Intelligence by President George W. Bush.)
“We had all the pieces, but not the imagination” he told a Huntsville audience at the Chamber of Commerce of Huntsville-Madison County this evening. The event was sponsored by Birmingham-base law firm Sirote and Permutt PC.
The post informs Huntsville is the “No. 2 target in the U.S. for foreign intelligence efforts.”
They’re number TWO!
“With nearly 20 percent of Alabamians receiving food assistance, the state ranks above the national average,” reads a local Alabama news article from last summer. “Experts say this trend seems to be an increasing one.”
The guy who’s going to write the famous John McAfee graphic novel, Chad Essley, is still a hanger on. But the millionaire’s Alex Jones interview about Hezbollah using Belize and Nicaragua to pump ricin powder into the US did not survive the news cycle, killed by his interviewer’s now infamous appearance on CNN during the Orange Bowl.
Meet the new whores, same as the old whores.
Next up: Belize said to be buying ballistic missiles from Iran, discovered on laptops given to officials by John McAfee’s ring of sixteen and seventeen year-old Mata-Haris.
The message: Iran is behind the attacks on US banking websites. Causing them to load slowly. Sometimes.
Regular readers know it as shoeshine, the term I use to describe national security publicity efforts on pumped up problems which have no relation to what actually threatens or endangers the majority in the US. Which are things like monthly massacres perpetrated by crazy people from American WhiteManistan, rising inequality and an economy that doesn’t work for hundreds of millions.
Shoeshine news is for the benefit of political agendas (in this case add some flimsy piece to arguments that Iran needs to be attacked) and expanded employment in the cybersecurity arms of America’s weapons manufacturers. And McAfee Associates.
There’s really not much evidence that the government of Iran is behind the ongoing wave of cyberattacks on U.S. bank websites, say many security experts.
“I don’t consider any attack I can do in my spare time as ‘nation-state sponsored,'” said Robert David Graham, chief executive officer of Atlanta-based Errata Security.
“[It] could just as well be a loose group of those sympathetic to Iran and the Middle East and angry as hell at U.S. involvement there,” said George Smith, a senior fellow at the Washington, D.C.-based think tank GlobalSecurity.org.
“ItsOKNoProblemBro [the hacker instrument used to launch the denial-of-service website attacks in question] is far from sophisticated malware. It’s really rather simple,” said Roel Schouwenberg, a Kaspersky anti-virus researcher to TechNews. “Going strictly by the publicly known technical details, I don’t see enough evidence to categorize this operation as something only a nation-state sponsored actor could pull off.”
One way of telling cyberwar is a function of shoeshine and job programs for the top rung of US society and the national security drivers is that it regularly goes on holiday.
Computer malware and insecurity never takes a holiday. But cyberwar does and that’s because it’s driven by press campaigns. And the people who push it, the indispensable tellers of its stories, were off from the end of December until now.
The [Iranian] attackers said last week that they had no intention of halting their campaign [of attacking US bank websites]. “Officials of American banks must expect our massive attacks,??? they wrote. “From now on, none of the U.S. banks will be safe.???
And we have so noticed the attacks. Iranian cyberstrikes so affected the US financial transaction system that the Christmas holidays were marked by a surge in dispensations of cash for assault rifle sales and runs on ammunition. And in newspaper interviews the only thing gun owners said they hated more than Barack Obama and his gun grabbing moves were the cybersoldiers and hackers messing with their bank websites.
Ahem.
The US government now attributes the cyberwar to retaliation over Stuxnut and other computer viruses that US has turned on the Iranian nuclear program.
But American intelligence officials say the group is actually a cover for Iran. They claim Iran is waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems. In the last three years, three sophisticated computer viruses — called Flame, Duqu and Stuxnet — have hit computers in Iran. The New York Times reported last year that the United States, together with Israel, was responsible for Stuxnet, the virus used to destroy centrifuges in an Iranian nuclear facility in 2010.
“It’s a bit of a grudge match,??? said Mr. Lewis of the Center for Strategic and International Studies.
“The attackers hit one American bank after the next,” reads the Times lede. “As in so many previous attacks, dozens of online banking sites slowed, hiccupped or ground to a halt before recovering several minutes later.”
Great copy! What could be next, we wonder? Perhaps we will have to close a couple browser windows, clear the cache, and try again.
Get the bombers and cruise missiles ready. Everyone needs to know that our retaliations won’t necessarily be symmetrical or in kind.
The tycoon in a men’s adventure setting each week. The famous raconteur will call a lucky viewer or journalist in each episode to tell a fantastic story and extend an invite to his jungle home
Resurrecting some bits I added in comments yesterday:
While Mr. McAfee seems determined to drag out his drama as long as he can, some of the journalists who have covered him say they have had enough. “People try to behave ethically,??? said Mr. Johnson. “And he milks that out of them until they get to the point where they’re like, ‘You know what, you’re just nuts.’ ??? “I know as a journalist I can’t say that, so I’ve got to get out of this story.???
Not half an hour after this hit the net the Hollywood Reporter ran a bit informing McAfee had sold movie rights while in jail, although one is dubious whether that meant any immediate windfall:
“U.S. anti-virus pioneer John McAfee, arrested by Guatemalan police and facing deportation to Belize, has apparently entrusted his life story to Montreal-based TV producer Impact Future Media.The TV producer is currently looking for investors and production partners which is tentatively titled Running in the Background: The True Story of John McAfee.???
However, it’s obvious John McAfee is in trouble it will be hard to worm out from under. The publicity and his blog haven’t accomplished whatever it is he actually wanted.
Dispensing with the nonsense in which he dubbed himself a “human rights advocate” on Sunday, McAfee’s in a cell for a straightforward problem — he crossed the border into Guatemala illegally.
It’s humorous. The wealthy white gringo, holding a press conference in Guatemala City, then eventually taken to jail after returning to his hotel.
Not quite like Border Patrol snapping up the poor illegals for detention cells here but …
And McAfee’s blog has made things worse, a chaotic mess with embarrassing photos, shady but trivial characters and weird semi-perverted stories he now probably wishes he’d held back on.
There’s no transparency with McAfee, just what he wants others to think.
It’s difficult to view him as any kind of genius. Indeed, with antivirus McAfee may have just been lucky. He was at the right place at the right time with a tool that worked good enough. And, of course, he had enough knowledge about computer viruses — which were a total mystery to the media — to write the story to his ends.
The viruses of 1992 did not come at you every day. Their only reliable way of travel was through the sharing of infected floppies and diskettes. It was a strength and weakness, the latter because the programs had to be written small to fit into the master boot record, plus occasionally, a few extra sectors. Removing them was, relatively speaking, a lot easier than disinfections are now.
And after McAfee’s SCAN was in the corporate workplace nationwide his fortune was assured. There was only one other real competitor in the US — Symantec. And conservative business behavior guaranteed McAfee Associates would remain a dominant force in the industry.
So rather than being a genius, McAfee was — perhaps — more lucky. Because after antivirus there’s been nothing except spectacle.
And finally, his disaster of a show in Belize. Which is most definitely not evidence of a shrewd operator, just the intrigues of a strange publicity hound with a lot of money.
John McAfee was the same in 1992. A sleazy manipulative salesman with, sometimes, a bit of offbeat smiling charm who never really changed. His fortune turned and, along with bad judgment, got the better of him. Most people don’t get nearly as much string in a lifetime.
Anti-virus software guru John McAfee was arrested by Guatemalan police on Wednesday, for illegally entering the country, interior minister Mauricio Lopez Bonilla said.
Earlier today:
“Thank God I am in a place where there is some sanity,??? McAfee said. “I chose Guatemala carefully??? …
[Now], all the misdirection may be coming to any end. Asked if he feels safe, McAfee told ABC News, “Oh, absolutely. I feel like I’ve come home.???
Fun time’s over. Lonely war against Belize cut short.
Cyberattacks come first. Hurricane Sandy gets second billing.
Excerpted:
Proclamation 8910 of November 30, 2012
Critical Infrastructure Protection and Resilience
Month, 2012
By the President of the United States of America
A Proclamation
Every day, Americans across our country–from
entrepreneurs and college students to families and
community leaders–rely on critical infrastructure to
travel and communicate, work and play. The assets and
systems we depend on are essential to our way of life,
and during Critical Infrastructure Protection and
Resilience Month, we maintain our commitment to keeping
our critical infrastructure and our communities safe
and resilient.
Our Nation’s critical infrastructure is complex and
interconnected, and we must understand not only its
strengths, but also its vulnerabilities to emerging
threats. Cyber incidents can have devastating
consequences on both physical and virtual
infrastructure, which is why my Administration
continues to make cybersecurity a national security
priority. As we continue to work within existing
authorities to fortify our country against cyber risks,
comprehensive legislation remains essential to
improving infrastructure security, enhancing cyber
information sharing between government and the private
sector, and protecting the privacy and civil liberties
of the American people.
Physical threats also put our Nation’s most important
assets at risk. Destruction caused by devastating
storms and other natural disasters this year
underscored our reliance on our critical
infrastructure. Yet, these tragic events also
demonstrated once again the strength and resolve of the
American people when we work together to recover and
rebuild …
NOW, THEREFORE, I, BARACK OBAMA, President of the
United States of America, by virtue of the authority
vested in me by the Constitution and the laws of the
United States, do hereby proclaim December 2012 as
Critical Infrastructure Protection and Resilience
Month. I call upon the people of the United States to
recognize the importance of protecting our Nation’s
resources and to observe this month with appropriate
events and training to enhance our national security
and resilience.
Anything else that happens will have to be taken care by the government and other top officials around the world. I can’t really say how bad it will get, but if you think it’s going to be catastrophic, save up supplies like food and water and be prepared for looters, just like you would for a zombie apocalypse, and make sure to get in bunkers, in case an all out nuclear war happens.
The looming threats of cyber attack are real and growing. Have your individual, personal Internet Disaster Recovery Plan ready and make it a priority — and prepare for the worst possible outcome—human annihilation.
Software tycoon John McAfee, wanted for questioning in the shooting death of his neighbor, has made his escape from Belize to Guatemala, where he told ABC News he will be seeking asylum.
“Thank God I am in a place where there is some sanity,” McAfee said. “I chose Guatemala carefully” …
[Now], all the misdirection may be coming to any end. Asked if he feels safe, McAfee told ABC News, “Oh, absolutely. I feel like I’ve come home.”
Go now to Guatemala for the holidays, journalist suckers.
Now, it’s important to underline that John McAfee, a pioneer in the anti-virus industry, has had nothing to do with the business since the 1990s.
One thing John McAfee remains, however, is a character …
But it would be ironic indeed if John McAfee, a man who was a leading light in the anti-virus industry 20-25 years ago, was located by the authorities because of sloppy IT security. [Cluley describes an iPhone snapped picture of McAfee that made news because it contained the ex-anti-virus king’s coordinates] The lesson that all of us should learn is to be very careful about what information a photograph might be secretly carrying within it regarding the when and where a picture was taken.
This wasn’t an easy article to write, as it involves someone who – although I never met him – I feel was an important element in the early years of my career in computer security.
