Friday, October 12, 2012

• US prepares first-strike cyber-forces

US prepares first-strike cyber-forces
by BBC - 12 October 2012

Cyber-attacks could inflict as much damage on the US as the physical attacks on 11 September 2001, the US defence secretary has warned.

Leon Panetta said the country was preparing to take pre-emptive action if a serious cyber-attack was imminent. He said US intelligence showed "foreign actors" were targeting control systems for utilities, industry and transport. Advanced tools were being created to subvert key computer control systems and wreak havoc, said Mr Panetta. "An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals," said Mr Panetta in a speech to business leaders held on the USS Intrepid - a former aircraft carrier that is now a museum.

"They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country. "Such a destructive cyber-terrorist attack could paralyse the nation and create a profound new sense of vulnerability," he said.

Cyber-attacks could inflict as much damage as 9/11. warned the US defense secretary

Smaller scale cyber-attacks were now commonplace, said Mr Panetta
In recent weeks, many large US firms had suffered attacks that had involved them being bombarded with huge amounts of data, he said. In addition, oil companies in Qatar and Saudi Arabia had been hit by the Shamoon attack, which had tried to replace computer data with gibberish. About 30,000 machines were hit by the Shamoon attack.

The US defence department had developed tools to trace attackers, he added, and a cyber-strike force that could conduct operations via computer networks. And it was now finalising changes to its rules of engagement that would define when it could "confront major threats quickly".

"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.

"If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation, when directed by the president."

:mrgreen: 'Wage war on cyber enemies' - MPs
:mrgreen: The cyber arms race is beginning


The report says attacks in cyberspace represent a significant threat to the UK

Britain's spy agencies and military have been urged by MPs to wage cyber warfare in the interests of national security. The Intelligence and Security Committee says defending against cyber attacks is no longer enough. It recommends covert operations to disrupt the computer networks of those targeting the UK.

It comes almost two years after the launch of a £650m national cyber security programme. It aims to transform the UK's cyber security skills and capabilities by 2015, with more than half of the money allocated to the intelligence and security agencies. Last month, the head of MI5 said the agency was battling "astonishing" levels of cyber-attacks on UK industry. Jonathan Evans warned internet "vulnerabilities" were being exploited by criminals as well as states.

'Disrupt networks'
The report says attacks in cyberspace represent a significant threat to the UK and defending against them must be a priority. "We believe that there are also significant opportunities for our intelligence and security agencies and military which should be exploited in the interests of UK national security," it says. One tactic is to employ an "active defence," interfering with the systems of those trying to hack into UK networks and accessing the data or networks of targets to obtain intelligence without being detected.

The report also suggests disrupting the networks or systems of others to hamper their activities or capabilities without detection. It highlights the Stuxnet virus, which is believed to have caused some disruption of the Iranian nuclear enrichment programme, as being the most famous example of this type of cyber activity. But it says this did not involve UK agencies.

Chairman of the ISC, Sir Malcolm Rifkind MP, said: "The committee is concerned at the lack of progress over 18 months into the National Cyber Security Programme, more needs to be done if we are to keep ahead in this fast-paced field." The government is to report back on the committee's report at the end of the year


Viewpoint: Stuxnet shifts the cyber arms race up a gear
by BBC - Mikko Hypponen
Chief research officer, F-Secure - 13 July 2012

Governments are busy developing secret weapons in preparation for any potential cyber conflict, Mikko Hypponen says

Over the last 25 years we've seen a massive change in how we think about information. In the 1980s, information was mostly still analogue. It was stored on paper, in binders, on shelves and in safes.

Today, of course, almost all information is digital. It's created and stored on computers and transmitted over computer networks. From a security viewpoint, this means that secret information can now potentially be reached from anywhere in the world; you no longer have to physically be where the information is. This means that espionage has also gone digital - and while we've seen several cases of nation-state espionage done with backdoors and trojans, we've seen only one documented case of a nation-state doing cyber sabotage with malware. That case is Stuxnet.

During my years in this industry I've seen multiple mysteries, but few of them have been as interesting as the case of Stuxnet. F-Secure Labs estimates that it took more than 10 man-years of work to develop Stuxnet. Related attacks like Duqu and Flame might have taken even more. Stuxnet had a "kill date" of 24 June 2012, which means the worm has now stopped spreading. But that has little significance, as the operation had already been active for years and reached most of its targets already by 2010.

Stuxnet is a good example of the thinking behind these new kinds of offensive attacks: If you want to disrupt the secret nuclear programme of a foreign nation, what can you do? Well, you have a couple of options. You can try international pressure and boycotts. But if that doesn't work, then what? You can try a conventional military attack and bomb their facilities. However, attribution back to you as an attacker is a problem. So is the fact that you can attack only the facilities you know about.

Using a digital attack like Stuxnet has several advantages. Especially, it provides deniability. Continue reading the main story
“Start Quote. Maybe we'll eventually see cyber disarmament programs”. Stuxnet was obviously a game changer. But what does it mean in the long term? I think we are now seeing the very first steps of a new arms race: The cyber arms race. Just like modern hi-tech research revolutionised military operations over the last 50 years, we are going to see a new revolution, focusing on information operations and cyber warfare. This revolution is underway and it's happening right now.

We haven't seen real online warfare yet, of course. This is because thankfully we haven't lately seen wars between technically advanced nations. But any future crisis is likely to have a cyber component as well.

Attack capabilities
It's important to understand that cyber warfare does not necessarily have anything to do with the internet. Many of the more devastating cyberattacks can not be launched remotely, as the most critical networks are not connected to the public network. Think along the lines of a special forces unit going deep into enemy territory with embedded geeks in the team, to dig up fibre-optic cable to be able to reach the systems that were supposed to be unreachable.

The main point of any arms race is to let your adversaries know about your capabilities so they don't even think about starting a fight. We're not yet at this stage in the cyber arms race. Almost all of the development in this area is secret and classified. However, eventually it will become as public as any other defence technology. Maybe we'll eventually see public cyberwar exercises where a country will demonstrate their attack capabilities. Maybe we'll eventually see cyber disarmament programmes.

Defending against military strength malware is a real challenge for the computer security industry. Furthermore, the security industry is not global - it's highly focused in just a handful of countries. The rest of the world relies on foreign security labs to provide their everyday digital security for them. For example, there are only around 10 virus labs in all of Europe, and the vast majority of the countries have no labs of their own.

On the internet, borders don't really matter. But in time of crisis, they do

Telecom giant opaque, even after investigation
by chinhdangvu.blogspot - JONATHAN MANTHORPE - Friday, October 12, 2012

U.S. Congress report damning for information it lacks. Huawei would not give information about its relationship and interactions with Chinese authorities, including the PLA and spy agencies

Huawei, China's world-leading telecommunications equipment and services company, only has itself to blame now that a United States Congressional committee has labelled it a security threat that should not be allowed to buy into the American market.

In February of last year, Ken Hu, then vice-chairman of Huawei Technologies Co., which is based in the southern Chinese industrial city of Shenzhen, published an open letter to the U.S. government denying security concerns about the company that have surfaced regularly since it stepped into the international market in 1997.
To address fears that the company is linked to China's intelligence agencies and the People's Liberation Army (PLA), and that its equipment may be used to feed the secrets of foreign governments and companies back to Beijing, Huawei asked Washington to mount a full investigation into the company's operations.
The U.S. Congress took Huawei up on its offer.

The House Permanent Select Committee on Intelligence started its investigation in November last year and produced its report on Monday. The report is damning, mostly because, having asked for the forum in order to make its case, Huawei then refused to give the committee the information it sought. The report says Huawei would not give detailed information about its formal relationship and interactions with Chinese authorities, including the PLA and spy agencies

The company gave no specific details about the role of the Chinese Communist Party Committee operating in its Shenzhen headquarters. 
It failed to provide thorough information about its corporate structure, history, ownership, operations, financial arrangements and management. And, said the report, the limited answers Huawei did provide were not supported by documentation or other credible evidence. Huawei and its founder, Ren Zhengfei, a former PLA engineer who started the company in 1988 with his $3,000 savings, are both cloaked in mysteries and therefore rumours. Ren is a reclusive character who in 24 years has seen his company grow to become a world leader in its field, with annual revenues of over $25 billion and profits approaching $4 billion. Ren's personal fortune is now believed to be about $450 million.

Although Huawei now operates in 140 countries, Ren's history with the PLA and his membership in the Communist party have frequently been cited by governments as reasons for blocking or limiting the company's involvement in the building or managing of national telecommunications networks.

India's done it.
So has Australia

And in 2008, objections in the U.S. to Huawei taking over 3Com led to the collapse of the deal. The company has also been dogged by allegations that its stellar rise to the top of the world telecom providers' list has been made possible by constant theft of its competitors' technologies. During the last decade in particular, Huawei has had to address lawsuits claiming intellectual property theft from such companies as Cisco Systems, Motorola, and even rival Chinese telecom company ZTE. Most mysterious of all is who actually owns Huawei.

It is a private company, and Ren is said to own just 1.42 per cent of its shares. The company claims that 98.56 per cent of shares are owned by its 140,000 employees.
Huawei Technologies is a subsidiary of Shenzhen Huawei Investment Holdings Co. Ltd., and the employee shareholder program is administered through the Union of Shenzhen Huawei Investment Holdings. Except that these are not standard equity shares, and employees can neither buy nor sell them. They are allocated by the company on the basis of an employee's position, skills and job performance.

The shares seem to be used to decide how annual dividends and bonuses are granted. When employees leave the company, they have to return the shares to Huawei, which buys them back at "current value." As the shares are not publicly traded, the current value is, presumably, whatever the company says. 

Who really owns and controls Huawei is therefore anybody's guess
Several corporate analysts in Asia suspect Ren himself holds a majority of the true equity. But in a country where the ruling Communist party still keeps control of the main spokes of the economy, it is quite likely that senior party officials or their close family members have interests in Huawei.

The management structure is equally opaque. 
Huawei's shareholders elect a management committee of 33, which in turn selects a board of 11 people. The basis of those votes is unclear. Is it "one shareholder, one vote," or block votes depending on the number of shares held? Ren is president of the company and Sun Yanfang is chairwoman of the board. Going on the current membership, which is made up exclusively of senior managers, deciding who gets to sit on the board is a tightly controlled process. There is no evidence this is a true workers' cooperative.