08.09.12
Posted in Culture of Lickspittle, Cyberterrorism at 9:14 am by George Smith
Now that Cybersecurity 2012 has failed — it deserved the fate — there’s not much point in the big gun lobbyists for it to continue the sales pitch.
Which means NSA director Keith Alexander has, for a moment, disappeared. There’s no immediate need for more scamming.
Which shows you the nature of the rigging. The financial system could be attacked. The water could be made something bad. The electricity turned off! But they failed to get what they wanted so it’ll wait until next time.
Nevertheless, PBS recently covered it, painting the failure to arrive at legislation a national tragedy, putting everyone at risk.
Stolen quote:
MARGARET WARNER: Joel Brenner, welcome.
So how serious are the threats to America’s infrastructure? How easy would it be to take down one critical element, water supplies, electricity grid?
JOEL BRENNER, author, “America the Vulnerable”: We have seen a real spike in the attacks on the industrial control systems that run a lot of these — this infrastructure. When DHS began keeping…
MARGARET WARNER: Department of Homeland Security.
JOEL BRENNER: …Department of Homeland Security began keeping figures on this in 2009, there were four such attacks. Last year, there were 198. The numbers are pretty — they really tell the story.
MARGARET WARNER: And how many have actually — how many times have elements been penetrated?
JOEL BRENNER: I’m talking about attacks that really in many cases get in.
And, you know, there are different levels of penetration, and I’m — but I’m not talking just about pings on — knocks on the door. I’m talking about more significant, concerted attempts to get into infrastructure. And we have seen it in water supply stuff, as well as in electricity.
MARGARET WARNER: And who are the major — major perpetrators?
JOEL BRENNER: We — I can say what has been publicly disclosed is that a number of people in the intelligence business have seen the Iranian, the Chinese and the Russians inside of some of our critical systems, and we know the Iranians are trying …
Everything we do, including the air conditioning in this building and the switches on the subway systems in every major city, are reachable through the Internet. It’s very dangerous.
No, not the air-conditioning! It’s been triple digits in Pasadena the last three days!
Here’s Joel Brenner’s book pitch page.
Readers will note it takes some quality of sophisticated mendacity most of us lack to be the flunky on television telling viewers Iranians are attacking the US in cyberspace when the overriding news stories have been about our government-written viruses dispatched for work in Iran.
And, the classic example of an obviously planted question, alleged to be from a random member of the hoi polloi:
MARGARET WARNER: We did get some emails, email questions from viewers.
Kathryn Creedy of Melbourne, Florida, said, “Reports are that most companies are ignoring the significant threat of cyber-attacks or at least have it on the back burner, owing to costs.” She said, “I find this shocking, since it’s their fiduciary responsibility to protect the stakeholders of any organization, employees, customers and shareholders.”
Fiduciary responsibility to shareholders, huh? Yeah, that’s something a legitimate man or woman in the street would ask. For sure.
Media rigging on the cybersecurity beat is usually obvious. But the PBS piece goes just a little bit above and beyond.
Book pimpin’.
Permalink
08.06.12
Posted in Culture of Lickspittle, Cyberterrorism at 8:46 am by George Smith
The New York Times editorial:
Senate Republicans regularly promote themselves as the true custodians of national security. This claim seemed particularly hollow last week when they helped block a new measure aimed at protecting America’s vulnerable computer networks from attack by, among others, potentially hostile foreign governments …
The cost of inaction is already high. Every day, China and other foreign governments, hackers and criminals are working to break into American computer networks. They have targeted major companies and military contractors; last year there were 200 attacks on vital infrastructure — power plants, electric grids, refineries, transportation networks and water treatment systems.
Most of these facilities are owned by the private sector, whose defenses are dangerously weak. Many companies do not even insist on secure passwords for computers. Nightmare scenarios include computer attacks that shut down the stock exchange, a nuclear power plant, the nation’s rail system or all three at once.
This is not scaremongering.
Yes it is. Outside computer attacks that shut down the stock exchange. Give it a rest.
Cybersecurity 2012 deserved failure.
Permalink
08.03.12
Posted in Cyberterrorism at 8:47 am by George Smith
Jared Diamond, author of Collapse: How Societies Choose to Fail or Succeed, earlier in the week in the New York Times:
Conversely, geographic advantages don’t guarantee permanent success, as the growing difficulties in Europe and America show. We Americans fail to provide superior education and economic incentives to much of our population. India, China and other countries that have not been world leaders are investing heavily in education, technology and infrastructure. They’re offering economic opportunities to more and more of their citizens. That’s part of the reason jobs are moving overseas. Our geography won’t keep us rich and powerful if we can’t get a good education, can’t afford health care and can’t count on our hard work’s being rewarded by good jobs and rising incomes …
Before the Cybersecurity 2012 went down to defeat, there was a massive lobbying effort for it, based on exaggerated scenarios of looming catastrophe.
Apparatchik Ashton Carter and someone else from DHS placed one bit of it, earlier in the week, in the Times:
OVER the last decade, the United States has built a sophisticated security system to protect the nation’s seaports against terrorists and criminals. But our nation’s critical infrastructure is not similarly secured from cyberattack. Although we have made progress in recent years, Congressional action is needed to ensure that our laws keep pace with the electronically connected world we live in. The bipartisan Cybersecurity Act of 2012, currently before the Senate, offers a way forward.
A disruption of our electric grid or other critical infrastructure could temporarily cripple the American economy. What’s less well known is that such an attack could threaten the nation’s defense as well …
This legislation is a critical step for defending America’s infrastructure against the clear and present cyberthreats we face.
Readers know how effortlessly the very important national security experts and policy makers massage newspapers, television and the Internet in the run ups to getting things they want.
There is dissent but it’s been eliminated from American discourse, relegated to “[a] handful of media stories, blog posts and academic studies,” as ProPublica put it in a piece destroying statistics on losses due to cybercrime earlier in the week.
Those pursuing expanded funding of cyberdefense, more predatory and invasive technical and legislative protocols, always add that they want to have a debate, to bring to public discourse, the issues of the matter.
This is not what they mean at all. What they really want, and what they always get, is a free ride to publicizing, with approval, whatever claims they have come up with to push their arguments. And in the past few weeks, as always, they generally got everything they wanted.
Paradoxically, Cybersecurity 2012 failed — not because of the value of any criticism — but because of the politics of our time: the Republican party’s unrelenting opposition to anything pushed by the Obama administration.
In the two bits chosen for comparison, Jared Diamond’s comes from a criticism of Mitt Romney, who misinterpreted his book Guns, Germs and Steel, thinking it taught “one factor explanations for multicausal problems.”
The opinion piece by Ashton Carter, a relatively undistinguished career government appointee who has been around since the Clinton administration, was — like every bit on Cybersecurity 2012 before it’s defeat — a one-factor riff.
The country’s cyberdefenses need strengthening because a cyberattack will turn off the power, cripple the economy, take down the national military, do something to the water, and result in ‘the greatest transfer of wealth in history.”
Readers see the difference. There are “multicausal problems” behind our national weakness and failure. Attacks on the nation through cyberspace are not the problem.
Permalink
08.02.12
Posted in Culture of Lickspittle, Cyberterrorism at 9:35 pm by George Smith
From Businessweek:
The Senate’s failure to move forward on a bill to strengthen U.S. computer defenses leaves little chance that Congress can find a compromise this year, as lawmakers turn their attention to November’s election.
The chamber’s Democratic leadership failed yesterday to get the 60 votes needed to force a final vote on the cybersecurity measure before the Senate leaves this week for an August recess. The vote was 52-46, largely along party lines, as most Republicans opposed a bill their leaders called a burden for businesses …
The Republicans’ roadblock was a setback for President Barack Obama’s administration, which tried to build support through a series of briefings for senators on potential dangers of a digital attack on the nation’s infrastructure, including a simulated assault on New York City’s power grid …
Cyber attacks on U.S. computer networks increased 17-fold from 2009 through 2011, General Keith Alexander, director of the National Security Agency and the U.S. Cyber Command, said last month, citing reports that digital adversaries have stolen $1 trillion of U.S. intellectual property.
Of course, the Republicans didn’t block this for any reason related to the issue of cybersecurity. It was blocked because, y’know, it was the socialist in the White House’s thing.
Oh, hai. No can haz cyberdefense against greatest transfer of wealth in history this year.
Permalink
Posted in Culture of Lickspittle, Cyberterrorism at 12:00 pm by George Smith
Reality always trifles with it.
From the New York Times:
An automated stock trading program suddenly flooded the market with millions of trades Wednesday morning, spreading turmoil across Wall Street and drawing renewed attention to the fragility and instability of the nation’s stock markets.
While the broad stock indexes quickly recovered and ended the day slightly down, it was the latest black eye for the financial markets.
The errant trades began hitting exchanges almost as soon as the opening bell rang and came from a single New Jersey broker that specializes in computer-driven trading, the Knight Capital Group. Shares of more than 100 companies, including big names like Alcoa, Citigroup and Ford suddenly spiked up or down. The New York Stock Exchange had most of the mistaken orders, but all of the nation’s exchanges executed trades for Knight and all agreed to cancel the trading in six stocks that had especially extreme movements …
The trades placed by Knight may have left the firm with millions of shares of overpriced stocks that quickly lost their value after the chaos ended, but the company did not comment on its potential losses …
Knight later said that “a technology issue occurred??? in the division of the company that uses computer algorithms to buy and sell stocks from other market participants.
From here, a couple weeks ago:
On the other hand, if you conduct a meaningful public poll on how much average Americans really care about “the financial sector” being protected against cyberattacks, you might get an earful on how they’d like to be protected from the financial sector.
Oh, hai!
Permalink
08.01.12
Posted in Culture of Lickspittle, Cyberterrorism at 6:13 pm by George Smith
Two journalists at ProPublica blow Mr. Keith Alexander and corporate computer security firm reports on trillion dollar losses to computer crime out of the water here.
The news piece stems from the NSA chief’s recent talk at the America Enterprise Institute, critiqued here at GlobalSecurity.Org, by me.
The piece drills in on the much publicized claim that this constitutes “the greatest transfer of wealth in history” and its foundation. Or total lack of one.
The disembowelment is something to behold:
A handful of media stories, blog posts and academic studies have previously expressed skepticism about these attention-getting estimates, but this has not stopped an array of government officials and politicians from continuing to publicly cite them as authoritative. Now, an examination of their origins by ProPublica has found new grounds to question the data and methods used to generate these numbers, which McAfee and Symantec say they stand behind.
One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.
McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. “I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large,” said Eugene Spafford, a computer science professor at Purdue.
Ross Anderson, a security engineering professor at University of Cambridge [who participated in the research] … told ProPublica that he did not know about the $1 trillion estimate before it was announced. “I would have objected at the time had I known about it,” he said. “The intellectual quality of this ($1 trillion number) is below abysmal.”
The use of these estimates comes amid increased debate about cyberattacks; warnings of a digital Pearl Harbor are becoming almost routine.
Computer scientists Dinei Florencio and Cormac Herley, who work at Microsoft Research, the software giant’s computer science lab, recently wrote a paper, “Sex, Lies and Cyber-crime Surveys,” (PDF) that sharply criticized these sorts of surveys. “Our assessment of the quality of cyber-crime surveys is harsh: they are so compromised and biased that no faith whatever can be placed in their findings,” their report said. “We are not alone in this judgment. Most research teams who have looked at the survey data on cyber-crime have reached similarly negative conclusions.”
The figures from the Shoeshine Service are “scientifically worthless … but valuable from a marketing perspective,” adds another boffin.
Compromised. Biased. No faith, whatsoever. Scientifically worthless. A quality below abysmal.
The greatest transfer of wealth in history … according to the sticker on this here box of McAfee Cracker Jack.
The President’s invocation of the same questionable material, for the Wall Street Journal, dissected at GlobalSecurity.Org.
The ProPublica article briefly goes into the history of McAfee Associates. The firm’s founder, John McAfee — long gone, misled journalists and others on computer virus infections for publicity, most famously, in 1992, with the Michelangelo computer virus.
And that story is excerpted from the book, The Virus Creation Labs, here.
Permalink
Posted in Culture of Lickspittle, Cyberterrorism at 8:45 am by George Smith
Few things are more odious than the claims issued almost daily from various politicians and our cyberwarrior national security experts on the nature of the threat. The politicians stand for the 1 percent. And the cyberwarriors are part of the Shoeshiner Service, errand fulfillment for it. They acknowledge no reality. For them, the problem is cyberattack on the economy, the water, power, because defense against calamitous unknowns is a direct way to national security spending.
Unfortunately, the problem is economic collapse, stagnation, recession, depression. It came upon us over years, accelerated in the last decade, and has nothing to do with vulnerability in cyberspace.
Make no mistake, the failure of the economy to work for every American is a security problem. The middle class, what’s left of it, and the underclass receive no tangible benefit from increased spending in cyberdefense. None. It’s kind of like that trickle-down trash you’ve heard about for twenty or thirty years but never actually seen.
I’m well-equipped to judge and over two decades of studying and covering the issues, I’ve seen little to zero accrued benefit from cyberdefense at any level although I have seen the the day to day battle of scanning for malware, reading news stories about the theft of untold treasure in cyberspace and … well, it just goes on and on. And you’re in the same boat as me.
The water will not be turned off. Most likely, neither will the power. When the electricity is meddled with we find it is insiders, with the familiar name JPMorgan Chase, who have gamed the digital power trading system for profit.
There is no motivation for any alleged enemy to do so, other than the old, cliched, and repeated ad nauseam twin cants of “since they can’t attack us head-on, they’ll attack in cyberspace” and “they hate us for [fill in the blank].”
However, what is happening, and will continue to happen, is the diminishing of general populace’s ability to pay for water and power services equal to what is proper for a First World nation.
By the same token, the financial system, when it fails, is always made whole by the government. However, nobody in the general populace is ever made whole. So what’s the big deal with the invasion of financial services? It’s crime. But “a credit-card processing center is hacked and millions of cards are canceled because the numbers are posted on internet sites!” says someone. Yeah, so, but is it an existential threat to the land of the free? And credit card information hasn’t been exposed before? Like it doesn’t happen a lot? Right.
So how do you secure an infrastructure the way it is recommended it be secured when the majority has no underlying belief in the worth of it?
It’s like trying to prop up a corrupt government. You can try to ignore the root causes, treat symptoms or put the worst consequences off for awhile with more and more invasive and predatory technological protocols but the underlying disease is not cured.
Which brings us to the primary motivator for the escalating threatening talk about digital menace.
It’s about more rake-off.
Spending priorities must be shifted. If any austerity is handed to the defense structure, contractor defense services for cyberspace are a growth opportunity. If the government, namely the taxpayer, can be legislatively pressured into paying for mandated security upgrades to the private sector, then this is a protected stimulus.
Which brings us to the quote of the day, from Democrat Dick Durbin:
Comparing today’s lack of preparation to defend against a major cyber attack to the nation’s security lapses before 9/11, U.S. Sen. Dick Durbin, D-Ill., said, “There’s an overwhelming, bipartisan consensus among officials in the intelligence, defense and national security community that America is incredibly vulnerable to a cyber attack that can be launched at any moment from anywhere in the world.???
Current and former U.S. intelligence officials, Durbin said, have jointly warned against a “catastrophic cyber attack that could cripple our nation’s economy, cause widespread loss of life, and send our economy into freefall.???
Cripple our economy [and] send our economy into a freefall.
Plus widespread loss of life. That pretty much covers it.
NSA director, Mr. Keith Alexander, encouraging young hackers to save the US from economic crippling and mass loss of life in the immediate future at a summit meeting in Las Vegas.
Cute kids at Def Con, learning to protect free speech around the world, it says. Jesus H. Christ on a pointed stick, as one of my old teacher’s used to say. What a pant load of crap.
With so many dangers, why would parents encourage their children to hack at all? Def Con Kids organizers believe in the good that can come from hacking, including making the country more secure and helping encourage freedom of speech around the world … — here
Mirrored at GlobalSecurity.Org.
Permalink
07.31.12
Posted in Cyberterrorism at 9:51 am by George Smith
“Ha-ha, I will now plunge half of America into darkness!” cackled the fiend, deep inside his cyber-bunker, somewhere in the eastern hemisphere.
Well, not quite:
Half of India’s 1.2 billion people were without power Tuesday as the grids covering 19 states broke down, the second major blackout in as many days.
Stretching from Assam, near China, to the Himalayas and the northwestern deserts of Rajasthan, the outage was the worst to hit India in more than a decade and embarrassed the government, which has failed to build up enough power capacity to meet soaring demand.
The power loss includes grid failures in northern, eastern and northeastern India.
How much off-shored American business was impeded? What, you couldn’t get any help from the call center? Oh, wait … you never could before, either.
Permalink
07.30.12
Posted in Culture of Lickspittle, Cyberterrorism at 8:21 am by George Smith
One of the favorite memes of our cyberwar theoreticians is the one in which hackers, or some nation in the eastern hemisphere, hit the American electrical grid.
In reality, the only time the electrical grid was manipulated was by Enron.
Power traders in the employ of that company games the California independent operator one summer a decade ago. Their tricks, aimed at raking in more profit caused brown-outs as the company persuaded various suppliers to idle plants at times of peak usage, or switch power out of the state.. The political fallout brought the recall of governor Gray Davis and the installment of Arnold Schwarzenegger in Sacramento.
This weekend we learn that the masters of the universe have again gamed the electrical system in California, for the purpose of rake-off.
From the Sacramento Bee:
It’s been a decade since companies like Enron Corp. manipulated California’s electricity market to generate billions in excess profits.
Enron went out of business long ago, and California’s energy market has been a place of relative calm. Now, however, another big power trader is being investigated for allegedly gaming the state’s electricity system.
State officials believe a subsidiary of JPMorgan Chase & Co., the New York investment bank, pulled down an extra $73 million by exploiting a small wrinkle in California’s electricity market over several months in 2010 and 2011 ..
While the Federal Energy Regulatory Commission is investigating on the state’s behalf, a prominent energy consultant warns that the ISO’s automated market system remains vulnerable to abuse.
“These things are hidden eight levels down in the computer programming,” said Robert McCullough of McCullough Research in Portland. “If a computer doesn’t catch you, you’re not caught.”
He said JPMorgan’s trading strategy appears to be similar to “Get Shorty,” one of the infamous schemes cooked up by Enron to ramp up profits at California’s expense during the energy crisis of 2000 and 2001.
ISO officials insist this wasn’t a rerun of the energy crisis. They said they’ve made huge strides in protecting the system and are quick to sniff out problems.
The only good news? The magnitude of malfeasance is much less than during the Enron-caused crisis.
Permalink
07.27.12
Posted in Culture of Lickspittle, Cyberterrorism, Imminent Catastrophe at 4:34 pm by George Smith
Earlier this week, I was asked if I was going to hear Keith Alexander’s speech at Def Con, a first. Nope.
What could he possibly say new? Nothing. Nice p.r., though.
Most of the publicity was reserved for Alexander’s appearance at the Aspen Institute, where he apparently delivered a speech much like he has in the past.
Everything’s at risk — power, water, money. (Even the air is now at risk when the poison gases are released.)
“I’m worried most about power … I’m worried about water,” he said.
“Alexander repeated his view that computer-based espionage against the industrialized world amounted to ‘the biggest transfer of wealth in history’ because ‘adversaries have gone into our companies and taken intellectual property,’??? reads the LA Times, posted a few minutes ago.
If you collect Mr. Keith Alexander’s remarks then he must be the most important man in the country, ultimately responsible for securing the US in cyberspace against the ton of trouble coming against everything.
If we had better reporters, rather than just compilers and tape-recorders, someone would be pointing this out. But the current state of journalism cannot deal with repeated claims that a host of catastrophes are imminent.
Therefore, well meaning or not, Mr. Alexander abuses the publicity afforded him at these functions. It’s flagrant and too many people give it a pass.
“All ur H20 belong to us,” cackled the fiend from inside the cyber-bunker, somewhere in the eastern hemisphere. “Does Mr. Alexander know haxorz can haz make H20 to bleach?”
Get off the cyber-corruption of water meme already, sir.
Related:
The greatest transfer of wealth in history …
All ur water does not belong to the cybermen.
Permalink
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »