Friday, December 21, 2007

Recommended Reading: Cisco Threat Report Includes Increasing Threat from Military and Espionage

It has become a tradition for security companies to issue some type of "annual security report". Most focus on the continued increase in vulnerabilities or incidents and ignore the underlying risk factors that enable threats or increase their impact.

In a welcomed departure from this monotony, Cisco Systems, Inc. has created a new security report that includes not only the standard technical issues but explores seven different areas of risk to enterprises:
  1. Vulnerability
  2. Physical
  3. Legal
  4. Trust
  5. Identity
  6. Human
  7. Geopolitical
The section of geopolitical issues includes discussions on terrorism, environmental issues and a discussion on military and espionage threats in cyberspace:
Emergence of Cyberspace as a Major Theatre for War and Espionage

As industries, governments, and individuals have become more connected over the past decade, cyberspace has become an increasingly significant domain for military and espionage activities. Examples in 2007 include:
  • The creation of a “Cyber Command” by the U.S. Air Force, demonstrating the U.S. military’s recognition of cyberspace as a major area of military focus, both in terms of defense and as a potential launching point for offensive action
  • Growing evidence of international espionage as the motive behind network attacks in the United States, Australia, New Zealand, the United Kingdom, Germany, and elsewhere
  • Arrests and convictions of a large number of individuals who were caught stealing sensitive intellectual property and selling it to foreign governments
  • Accusations by political opponents of Russian president Vladimir Putin that the Kremlin had orchestrated network security attacks against them
  • Network security attacks in Estonia, which brought down many government and financial computers

The report gives high level recommendations and potential issues to address in 2008.

Cisco 2007 Annual Security Report

Wednesday, December 19, 2007

Report Discusses Limitations of Terrorists' Use of the Internet issued an analysis report on the limitations of the Internet to terrorist organizations.
"Although the Internet has been a boon for grassroots cells in spreading their ideology and recruiting new acolytes, the Web has some serious limitations as a terrorism enabler. Some things are very difficult to accomplish online -- namely, absorbing technical information and the tradecraft of terrorism and applying it to a real-world situation, particularly in a dangerous environment."
Additionally, use of the Internet for any aspect of conspiracy, planning or communication enables law enforcement and intelligence agencies to monitor activity:
"As these sites proliferate, so does the attention devoted to them. It is important to note that visiting such Web sites is an operational security hazard that can allow counterterrorism forces to identify potential militants and close in on them..."

U.S.: The Role and Limitations of the 'Dark Web' In Jihadist Training

Monday, December 17, 2007

German Federal Prosecutor Defends Online Survillance of Islamists

Deutsche Welle is reporting on a center in Germany created to monitor the online activity of Islamist groups in Germany:
"[The] Joint Internet Center (GIZ), consisting of about 30 German police and intelligence officers, had been working full time since January, monitoring Islamist activity on the Internet and analyzing Islamist Web sites. "

"The Internet has developed into the decisive means of communication within international Islamist terrorism," [Federal Prosecutor General Monika Harms] said during a press conference in Karlsruhe to review the year."

Top German Prosecutor Backs Online Terror Surveillance

Friday, December 14, 2007

Call for Companies to Block IP Addresses from Russia and China

David Utter at SecurityProNews has called for U.S. Companies to block the IP netblocks from Russia and China in response to alleged criminal and political computer intrusions.
"Unless there is an absolute business need for employees to visit sites in these countries, we are hard-pressed to see a reason to let people actively or unknowingly hit potentially malicious sites in countries that have demonstrated over and over they cannot or will not crack down on Internet criminal actions.

Or in China, where state sponsored hackers labor at the pleasure of the central government, grabbing data from corporate and government computers. Is the government going to crack down on itself?"

It's Time To Block Russia And China

More News on China Cyber Attacks and Capabilities

Several other articles have recently been published concerning Chinese capabilities:

The Heritage Foundation published a WebMemo on "Trojan Dragons: China's International Cyber Warriors" and Time Magazine has an article on "Enemies at the Firewall".

The Time article takes an interesting look at 'hacker' groups in China and western responses.

U.S. Congress Requires Report on China's Cyber Capabilities

A provision in the 2008 National Defense Authorization Act passed by the House of Representatives on December 13th, requires an annual report on Chinese military power to include a section on China's cyber capabilities including "efforts to aquire, develop and deploy cyberwarfare capabilities".

Washington Times - Inside the Ring: Cyberwarfare

Thursday, December 13, 2007

"Cyber Terror" Label Too Easily Applied to Lesser Crimes

Zeid Nasser has posted an excellent commentary concerning the overuse of the word "cyber terror".
"In the first couple of years following the events of September 11, 2001, a hysteria regarding Internet-fueled terrorism reached fever pitch.

In the midst of this atmosphere, many Islamic movements and organizations on the web were banned, blocked, censored or monitored. With time, the term “cyber terror” emerged to describe any form of Internet aided attack for political causes, yet many still disagree to this day on the use of the word ‘terror’, opposed to more accurate words like ‘vandalism’ or simply just ‘hacking’."
Sensationalizing words will often grab headlines but diminishes their impact and create ambiguity - a problem that is rampant in the IT security profession. The articles presented here often overuse this and other words such as "cyber war", "infowar" and will often be offset in quotations to identify their inappropriate application. "Cyber war" and similar words should only be used for offensive use of technology to further a political or idealogical agenda, not for simple misuse such as hacking (trespass), web defacements (vandalism) or data theft (see Hacktivism & Politically Motivated Computer Crime for a discussion on political 'use', 'misuse' and 'offensive use' of technology for political purposes).

Nomina si nescis, perit et cognitio rerum

(Who knows not the names, knows not the subject)

- Linnaeus

Zeid Nasser's Tech Blog: Cyber-terror makes a comeback in the news

Monday, December 10, 2007

Update: China Linked to U.S. Lab Attacks

The New York Times is quoting a U.S. Department of Homeland Security document alleging the attacks on U.S. research labs originated from China. The article does state that China may have only been an intermediary in the attacks:
"Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location."

China Link Suspected in Lab Hacking

First Indications that November 11th "Cyber Jihad" Was Real

Investor's Business Daily is running a story that indicates the November 11th "Cyber Jihad" attacks resulted in real attacks although they were ineffective.

The attacks were purported to have targeted 15 non-profit organizations critical of Islamist's activity and non-disclosed U.S. government systems. The attacks are reported to have failed due to limitations in the software used in the attacks.

Electronic Jihad Is Another Battlefront Vs. Terrorists

India Issues Arrest Warrents for Dutch Web Activists

An Indian court in Bangalore has issued arrest warrants and will request extradition of eight Dutch nationals who are members of several labor activist groups including Clean Clothes Campaign (CCC), the India Committee of the Netherlands (ICN) and the director a Dutch ISP "". The charges relate to an ongoing activist campaign against Dutch jeans company"G-Star" and their India based manufacturing supplier Fibres and Fabrics International (FFI) and its subsidiary Jeans Knits Pvt. Ltd.

The activist groups are protesting working conditions at the Indian factory (for example, see "Make it clear that labour rights organisations will not be silenced - Support freedom of speech and freedom of association"). This and other web postings resulted in a defamation case brought against the activists by FFI in India.

Most recently, the Dutch jeans maker "G-Star" has announced it will terminate its contract with the Indian manufacturer (see
"G-star ends jeans contract with Indian firm").

This case is a classic example of three important issues with technology and political issues:

  1. Where does free speech end and crime begin? What are the limits involving web postings, online communications and attempts by various interest groups in using technology to organize?
  2. The lack of any consistent international definitions of computer crime or tort and delict civil laws. What is a crime in one country may be a privileged right in another; and
  3. The power of (negative) press is often the most important aspect. In fact, one of the most attractive attribute of the Internet for activist groups is its power as a PR mechanism.

Indian court orders 'arrest without bail' of Dutch activists

US Research Labs Compromised - Again

In yet more bad security news for US research laboratories, the Director of Oak Ridge National Laboratory (ORNL) in Tennessee announced a series of computer intrusions:
"ORNL director, Thom Mason, described the attacks in an e-mail to staff earlier this week as being a "coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country."
One of the other labs is believed to be Los Alamos National Laboratory (LANL) in New Mexico.

No motive or sources has been provided but considerations should be give to the types of targets and the "coordinated" nature of the intrusions. It remains to be seen if there was any political motivation to the computer attacks.
"The possibility that the latest attacks were the work of fraudsters will be seen by some as optimistic -- less positive would be the possibility of a rival government having been involved. Given the apparently coordinated nature of events, speculation will inevitably point to this scenario, with the data theft a cover motivation for more serious incursions."
Hackers launch major attack on U.S. military labs

Thursday, December 06, 2007

Saudi Security Conference Calls for Better International Cooperation Combating Extremists Online

Saudi Arabia recently hosted a conference on Information Technology and National Security where attendees called for increased international regulations to combat the spread of extremist ideologies.

The conference generated yet another estimate of Al-Qaeda supporting websites - 17,000 and growing by 9,000 a year:

"At yesterday’s final sessions, Khaled Al-Firm, an IT specialist, called for the establishment of an international media forum to combat radicalism and terror. Al-Firm quoted Prince Abdul Aziz as saying that there were 17,000 websites on the Internet which fuel Al-Qaeda ideology, with an annual increase of 9,000 websites per year that seek to find new recruits by brainwashing people."

A very important aspect of political computer crime is the need for media coverage as discussed at the conference:

"[Khaled Al-Firm] said that media battles waged by Al-Qaeda were as deadly as the military operations themselves. He pointed out that while the December 2004 attack on the US Consulate in Jeddah was a failure, it received huge publicity providing PR boon to the militants that planned the attack.

“Terrorists do not just focus on military success. There is a third angle to the operation which is the glory of publicity, which compensates for the failure of the operation,” he said."

Experts Recommend Special Laws to Combat Terror

Wednesday, December 05, 2007

More Discussion of Alleged Chinese Activity Online

What's Brewin: Of Cyber War, Chiles and ERP

Tuesday, December 04, 2007

Saudi Intelligence Estimate 17,000 websites 'Adhere to the Takfir Ideology'

In a recent commentary, Tariq Alhomayed, the Editor-in-Chief of Asharq Al-Awsat, an Arabic daily newspaper, discussed the importance of the Internet to the spread of terrorist ideals and discusses Saudi intelligence estimates of Internet activity:
"One should never disregard the internet and the level of intellectual misguidance and the spread of terrorism that is taking place through it. It is enough to refer to the recent announcement made by Saudi intelligence authorities in which it stated that there are nearly 17,000 websites that adhere to the Takfir ideology. Fundamentalist websites in Europe have rushed to translate the Al Qaeda leader’s recent speech into English, French, German and other languages."
The complete commentary is located at:

Is London Tora Bora?

Monday, December 03, 2007

U.K. Links Computer Intrusions to China - Targets Include Rolls Royce and Royal Dutch Shell

MI5 has linked recent computer intrusions against major UK industries to economic espionage by several countries including China and Russia. The intrusions extended into Scandanavian and U.S. systems as well. Various news sources quoted a memo from Jonathan Evans, Director-General of MI5, warning companies:
“The contents of the letter highlight the following: the Director-General’s concerns about the possible damage to UK business resulting from electronic attack sponsored by Chinese state organisations, and the fact that the attacks are designed to defeat best-practice IT security systems.”
"A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense."

"They do not only use traditional methods to collect intelligence but increasingly deploy sophisticated technical attacks, using the Internet to penetrate computer networks," [Mr. Evans] said."

Secrets of Shell and Rolls-Royce come under attack from China’s spies

Shell, Rolls Royce reportedly hacked by Chinese spies

Friday, November 30, 2007

China Denies McAfee's Report on Source of Attacks

The Associated Press is reporting that China's Foreign Ministry disputed the conclusions of McAfee's recent report stating there was a 'cyber cold war' between China and western countries and that '...hackers in China are believed responsible for four out of five major cyber attacks on government targets in 2007'.
"China has also been attacked by hackers of some countries, so the Chinese government attaches great importance to and participates in the international law enforcement cooperation in this area," Foreign Ministry spokesman Liu Jianchao said at a briefing Thursday."
China disputes cyber crime report

Example of Internet Use by Opposing 'Online Activists'

A classic example of the use of the Internet by supporters of opposing political ideologies, can be seen between a U.S. based group called Electronic Intifada and an Israeli website called allows supporters to download an agent called 'Megaphone' that provides real-time information to 'online activists'.

The Electronic Intifada website describes itself as:

"The Electronic Intifada (EI) is a not-for-profit, independent publication committed to comprehensive public education on the question of Palestine, the Israeli-Palestinian conflict, and the economic, political, legal, and human dimensions of Israel's 40-year occupation of Palestinian territories."

The Israeli website's organizers describe their website as:

" is a coalition of Jewish and pro-Israeli organizations working together to help the Jewish community voice its opinion in an effective, active manner. It has put on its flag a goal to improve the channels of communications between the different organizations, their members, the state of Israel and the outside world. was first founded by WUJS and is now supported and operated by our partners. It is a non-for-profit organization that is supported by donations. If you wish to donate please contact us here. We appreciate all help offered. Thank you.

Megaphone,’s software, is delivering real time alerts about key articles, videos, blogs, surveys and update messages from the coalition to community members. Members can easily voice their opinions and work together to support Israel on the public opinion front."

These are just two of many such websites but provide good examples of legal and legitimate political use of technology.

Estonia's Defense Minister Sees More Cyber Attacks in the Future

Estonian Defense Minister Jaak Aaviksoo spoke at the Center for Strategic and International Studies on the recent cyber attacks on Estonian systems. Mr. Aaviksoo gave an indication of the magnitude of those attacks and predicted there would be future attacks:

"The attacks appear to have been carried out by as many as 1 million computers in 50 countries worldwide, apparently from rented botnets, networks of compromised computers coordinated for criminal purposes. Targets were government Web sites and portals, financial institutions, and news outlets.

The aim of the attacks seemed to be psychological impact rather than damage to physical infrastructure, and Aaviksoo characterized them as cyberterrorism rather than cyberwarfare. But the possibility of full-fledged cyberwar must be faced, he said.

“It is imminent that future development will see warfare in this newly born cyberspace,” he said. “The probability of that is rising over time.”
Cyberattacks in the present tense, Estonian says

McAfee Reports Cyber 'Cold War' with China

McAfee's recent report on Internet threats declares that a 'cyber cold war' exists between western countries and China. However, some of the quotes are not completely accurate:
"The Chinese were first to use cyberattacks for political and military goals," James Mulvenon, an expert on China's military and director of the Center for Intelligence and Research in Washington, said in the McAfee report.

"Whether it is a battlefield preparation or hacking networks connected to the German chancellor they are the first state actor to jump feet first into the 21st century cyber warfare technology. This is becoming a more serious and open problem," he continued."
In fact, several governments have used cyberattacks for intelligence gathering dating back to the late 1980s when the Soviet Union used a group of German nationals to penetrate U.S. and European computer systems.

Germany was alleged to have used a separate group of 'hackers' to test the effectiveness of computer intrusions for economic espionage against the U.S. in an operation called 'Rehab' in 1989.

With this said, reports do indicate a large amount of illicit network activity originating from China. However, since the details of these intrusions are classified, it is impossible to fully analyze motives or the true origins of the attacks.

Cyber 'Cold War' Exists With China

Monday, November 19, 2007

OSCE Discusses Action against Terrorism on the Web

The Organization for Security and Cooperation in Europe (OSCE) based in Vienna held a two day conference to discuss the use of websites by terrorist supporters.

Many countries are currently debating legislation to combat terrorist websites (for example the UAE, the U.K., the U.S., and the E.U.) yet most proposals offered to-date would have little real impact. Most websites would simply move to more friendly or less regulated countries. As the press release for the OSCE meeting stated:
"...the Internet - unlike any other medium - is not linked to any physical location. People intent on abusing cyberspace for terrorist purposes can do so from virtually anywhere in the world with just a laptop and an Internet connection."
The OSCE meeting agenda included:
  1. Strengthening of and complying with the international legal framework
  2. Enhancing national legislation and regulations
  3. Improving relevant national counter-terrorism measures
  4. Promoting and adapting bilateral and multilateral co-operation
  5. Strengthening co-operation with the private and academic sectors
  6. Freedom of expression and other relevant human rights considerations

"Unfortunately, there is not a coherent strategy in Europe, especially among the 27 European Union member nations, as to what to do," said Sajjan Gohel, director for international security at the London-based Asia-Pacific Foundation.

"There's a lot of good talking, a lot of fine words, but those need to backed up with fine deeds," he said.

Combating terrorist use of the Internet

Experts urge cooperation to target terrorist misuse of Web

Saturday, November 17, 2007

U.S. Senate Passes New Cybercrime Legislation Defining Cyber Extortion

The U.S. Senate approved a new bill on cyber crime laws. The major portion of the bill applies to identity theft but a key provision also defines cyber extortion and makes it a felony crime. The bill also makes conspiracy to commit a cyber crime a felony.

It is common for some types of politically motivated computer crimes to involve forms of extortion. Examples include activity by cyber activists, or hacktivists, that threaten denial-of-service or other attacks if the target organization does not change their behavior, business or activity.

Specifically, the bill modifies section 1030 of title 18, United States Code as follows:


    Section 1030(a)(7) of title 18, United States Code, is amended to read as follows:
      `(7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any--
        `(A) threat to cause damage to a protected computer;
        `(B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
        `(C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion;'.
    For those unfamiliar with section 1030, a "protected" system is broadly defined as a computer system owned or used by the US Government, a financial institution or any computer system used in interstate or international commerce or communication. This can include a system located outside of the U.S. if it affects interstate or US international commerce or communication.

    "Damage" is defined as "any impairment to the integrity or availability of data, a program, a system, or information".

    The U.S. House of Representatives must also pass the legislation before it becomes law.

    The full bill can be read at:

    Identity Theft Enforcement and Restitution Act of 2007

    Friday, November 16, 2007

    Report Finds China "the Single Greatest Risk to the Security of American Technologies"

    The U. S.-China Economic and Security Review Commission has just published the executive summary to their 2007 report to Congress stating "Chinese espionage activities in the United States are so extensive that they comprise the single greatest risk to the security of American technologies."

    The summary covers a wide range of U. S. Chinese issues such as trade, manufacturing, jobs, China's military buildup and cyber warfare capabilities.

    Concerning China's offensive computer capabilities the summary states:
    "Chinese military strategists have embraced disruptive warfare techniques, including the use of cyber attacks, and incorporated them in China’s military doctrine. Such attacks, if carried out strategically on a large scale, could have catastrophic effects on the target country’s critical infrastructure."
    And recommends:
    "...adequate support for protecting critical American computer networks and data: The Commission recommends that Congress assess the adequacy of and, if needed, provide additional funding for military, intelligence, and homeland security programs that monitor and protect critical American computer networks and sensitive information, specifically those tasked with protecting networks from damage caused by cyber attacks."
    The report also discusses China's control over internal Internet activity:
    "Over the decades China has built one of the world’s most effective information control systems. The Chinese government controls the content of newspapers, magazines, television, radio, and the Internet. Chinese journalists have been demoted, fired, imprisoned and beaten for violating restrictions on media content. Internet users face similar restrictions and violators may be imprisoned."

    Untied States-China Economic and Security Review Commission 2007 Report to Congress Executive Summary

    Conference on Internet Hate Speech Held in Israel

    The Anti-Defamation League sponsored a conference in Israel to discuss the use of the Internet by hate groups to recruit and spread their message.

    The discussions concerned the difficulty in controlling this type of website (see United Arab Emirates Police Call for Tougher Cyber Terrorism Laws for a discussion of similar problems with terrorist websites).
    "The problem is that each country has its own standard of what constitutes hate," said Marcus, who recounted that during a recent conference in Europe, Russian representatives believed that Seventh-Day Adventists should be qualified as a hate group because of their views on the army and nationalism. "We clearly cannot adopt a universal standard that everyone agrees on."
    ADL conference explores 'cyberhate

    United Arab Emirates Police Call for Tougher Cyber Terrorism Laws

    During a recent information security conference in the UAE, police representatives discussed the need for stronger penalties for those who set up websites supporting terrorism.

    "Major Khalid Al Hamadi of the Sharjah Police Department called for the strengthening of penalties for those who build terror-related Web sites during a presentation of a study on cyberterrorism in the UAE at the fifth annual Middle East Information Technology Security Conference, the Khaleej Times reported.

    Current UAE federal law stipulates a five-year jail term for anyone found guilty of launching a terror-related Web site or of publishing information favoring a terrorist organization."

    This call for criminalizing websites supporting terrorism follows a trend in several countries including several in the EU. However, in all of these cases, there is little discussion of the difficulty in enforcement. Some of the issues that will need to be addressed include:
    1. Defining terrorism - Different countries have widely varying definitions of terrorism
    2. Delineating free speech from material terrorist support
    3. Investigating and intelligence tools to properly identify website authors
    4. Culpability of third-parties such as ISPs
    5. International jurisdictional issues
    Without good enforcement, websites that are shut down will just reappear in a different virtual location.

    Tougher penalties for cyberterrorists

    Thursday, November 15, 2007

    Internet Governance Forum Discusses Cybercrime

    Participants in the Internet Governance Forum held in Rio de Janeiro this week discussed cybercrime issues including the use of the Internet by dissident groups, terrorists, pornographers and criminals.

    Discussions included the focus on terrorist activity to the exclusion of other online problems such as the cyber attacks against Estonia and child pornography.

    Brazil Web forum takes on cybercrime

    U.K. to Require ISPs to Control Websites of Terrorist Supporters

    Prime Minister Gordon Brown announced that the U.K. Government would introduce controls on websites supporting terrorist activities as well as stricter physical controls of public places:

    "Brown said Internet and technology companies will be asked to help stop online terrorist propaganda, and he announced that a meeting would be convened with leading British Internet service providers to find ways of doing that.

    Along with possibly removing customers' sites, service providers also might be pressured to block ones hosted abroad. The government also could create a list of banned sites or try to persuade search engines like Google Inc. or Yahoo Inc. to filter out prohibited content from their search results."

    PM: British Sites Need More Security

    US Government Critisized for Ignoring Cybercrime

    The San Jose Mercury ran a series of articles on the failure of US authorities to address the threat from online fraud and other cybercrimes, instead focusing too heavily on information warfare and online espionage. The report quotes several former government advisers:
    "The U.S. government has not devoted the leadership and energy that this issue needs," said Paul Kurtz, a former administration homeland and cybersecurity adviser. "It's been neglected."
    "They're still not taking cybercrime seriously enough," said former administration cybersecurity adviser Marcus Sachs, now at Verizon Communications, reflecting the views of several former White House officials."
    The artilce lists several causes:
    • Limited resources. Current and former agents contend there are too few federal cyberinvestigators, and that too little is done to retain detectives with advanced technical training. Budget numbers appear to support the critics' complaints.
    • Fractured responsibility. A half-dozen federal agencies fight organized Internet crime with overlapping programs, and at times are barred from sharing information. One private security consultant described having to act as a go-between, linking information between two agencies unable to talk directly.
    • An unfamiliar threat. Traditional crime-fighting techniques are often useless. And there are indications that top government officials still do not appreciate the scope or danger of the Internet fraud menace.
    The article has an in-depth analysis of what the problems are and the history of US Government action (or inaction). The main point is the emphasis on terrorist threats to the exclusion of others:

    "Since a 2003 presidential commission issued the National Strategy to Secure Cyberspace, the White House has suffered from a leadership vacuum on cybersecurity.

    Richard Clarke, the former counterterrorism coordinator, retired as cybersecurity czar just as the strategy was published. His deputy took over, only to leave government two months later.

    The administration then eliminated the post entirely and shifted responsibility from the White House to the Department of Homeland Security - which treated the issue largely as a terrorism and military risk, to the exclusion of the online criminal underground that began to flourish during the next few years."

    Part III: U.S. targets terrorists as online thieves run amok
    (requires registration)

    Wednesday, November 14, 2007

    FBI Director Discusses Cyber Threats to National Security

    FBI Director Robert Mueller recently gave a speech discussing what the FBI considers the top cyber threats to national security.

    These included:
    • Cyber terrorism - Director Mueller acknowledged that terror groups have not performed cyber attacks but heavily rely on the Internet for communication, planning and recruiting.
    • The Estonia cyber attacks
    • Botnets and their potential for offensive attacks
    • Economic and counterintelligence intrusions
    Director Mueller also stressed the need for international cooperation:
    "But we cannot limit our operations to the United States. Increasingly, cyber threats originate outside of our borders. And as more people around the world gain access to computer technology, new dangers will surface. For this reason, global cooperation is vital."
    A full transcript of the speech is available at:

    Tuesday, November 13, 2007

    U.S. House Committee Hears Recommendations for Cyber Assaults against Terror Websites

    The U.S. House of Representatives' Homeland Security Intelligence, Information Sharing and Terrorism Risk Assessment Subcommittee recently held hearings where witnesses advised on the need to identify, understand and fight against websites supporting terror organizations.

    "Rita Katz, director of the Search For International Terrorist Entities Institute, told lawmakers that the "jihadist movement" will continue to grow if the Internet remains a "safe haven" for terrorists. She said the challenge will not just be to monitor the online activities of terrorist suspects, but also to identify and exploit the online weaknesses of terrorist groups and mine for information that can help to defuse offline terrorist efforts.

    "For as long as jihadists on the Internet can engage in terrorist activities unfettered and unmonitored," Katz said, "the U.S. will not be able to cause significant, lasting damage to the global jihadist movement."

    Experts urge assault against terrorists' Web efforts

    Monday, November 12, 2007

    Analysis of Jihadist's "Dark Web"

    Sammy Elrom has published an informative analysis (part 1 of 3 parts) of the use of the Internet by Jihadist groups. The article discusses why the Internet is attractive to terrorist organizations, how the Internet is used and argues that this particular threat is not being treated seriously:
    "The use of the Internet as part of the terrorism tools is actually the big story, much more than the new horizontal structure adopted by terror organizations. It has a much stronger impact on the war on terror than previously believed, because the West was not prepared to deal with neither the new flat structure of the reorganized terror groups, nor with the creative way of using the WWW as a tool that compensates for the lose of central command. Terrorists groups and especially Jihadists, discovered that the Internet is an excellent stealth attack weapon because:
    • It doesn’t require field training (actually the training is already built-in the website itself)
    • There are no special preparations after the site is up and running
    • Changing the content and updating is secure and done remotely
    • The technical support in minimal
    • It provides an excellent scouting, recruiting and real time Intel tool
    In other words, what terrorists need is a few IT professionals and a hosting server. The results of cyber war may not be as spectacular as detonating an IED in a busy underground parking, but the actual damage has the potential of being more disastrous and create more chaos, by far."

    The Dark Web Of Cyber Terror – An Inescapable Reality

    November 12 and All Is Well

    November 11th has come and gone and there have been to reports of "Cyber Jihad" yet. The original threat was reported October 31st in response to an "announcement" that Al-Qada supporters would launch a Cyber Jihad against the West on November 11th.

    Analysis of the warning showed discrepancies, probable exaggerations and did not include the source material for complete analysis, leading most security professionals to treat the threat with some skepticism.

    Sunday, November 11, 2007

    "Dark Web" Researchers Scan Internet Terrorist Sites

    The University of Arizona has created an research group to collect information on and study terrorist websites called Dark Web.

    "The Dark Web project aims to scour Web sites, forums and chat rooms to find the Internet's most prolific and influential jihadists and learn how they reel in adherents."

    The article discusses the mission of the project and also some skepticism by tradition terrorism researchers in attempting to automate analysis.

    Project seeks to track terror Web posts

    Dark Web Terrorism Research web site is located at:

    UN Committee Adopts Cyber Security Resolution

    The United Nations Disarmament and International Security Committee passed a resolution related to IT security concerns related to organized crime, terrorism and politically motivated cyber attacks.

    The resolution was inspired, in part, by the cyber attacks on Estonia originating from Russia.

    One suggestion is to create a international legal framework to combat malicious or illegal use of information technology.

    UN Approves Resolution Related to Cyber Attacks

    Wednesday, November 07, 2007

    NYPD Published Report on the Process of Radicalization and the Role of the Internet

    A report by the New York Police Department studies the process in which individuals become radicalized. The study was based on analysis of the development and recruitment of five terror cells in the U.S. and compared with a similar study of the Hamburg group in Europe.

    The study identified four stages of radicalization:
    • Stage 1: Pre-Radicalization
    • Stage 2: Self-Identification
    • Stage 3: Indoctrination
    • Stage 4: Jihadization
    and looked at the drivers and processes behind each step. Of particular interest was the conclusion that use of the Internet plays a major role in these processes:
    "The Internet is a driver and enabler for the process of radicalization
    • In the Self-Identification phase, the Internet provides the wandering mind of the conflicted young Muslim or potential convert with direct access to unfiltered radical and extremist ideology.
    • It also serves as an anonymous virtual meeting place—a place where virtual groups of like-minded and conflicted individuals can meet, form virtual relationships and discuss and share the jihadi-Salafi message they have encountered.
    • During the Indoctrination phase, when individuals adopt this virulent ideology, they begin interpreting the world from this newly-formed context. Cloaked with a veil of objectivity, the Internet allows the aspiring jihadist to view the world and global conflicts through this extremist lens, further reinforcing the objectives and political arguments of the jihadi-Salafi agenda.
    • In the Jihadization phase, when an individual commits to jihad, the Internet serves as an enabler—providing broad access to an array of information on targets, their vulnerabilities and the design of weapons."
    The full report can be read at:

    Radicalization in the West: The Homegrown Threat

    Tuesday, November 06, 2007

    EU Announces Plans to Criminalize Promotion of Terrorism on the Internet

    As expected, the EU announced very broad plans to criminalize promotion of terrorist communication on the Internet.

    "EU Justice Commissioner Franco Frattini wants a new EU offence of“public provocation to commit a terrorist offence”, which would include “the distribution, or otherwise making available, of a message to the public, with the intent to incite” acts of terrorism.

    The offence would carry an agreed minimum jail term in all EU countries, and charges under the new law could be brought even if no act of terrorism resulted from the “public provocation”.
    The proposal states: “For an act to be punishable, it shall not be necessary that a terrorist offence be actually committed”.

    Although the internet is the prime target, the new law would apply to all communication deemed to provoke terrorism.

    Commission officials insisted the law would not curb the use of the internet to express political, academic or analytical views on terrorism."
    As with any legislation limiting speech and communication the issue will be the definition of "terrorist". Critics have voiced their concern that such broad legislation could criminalize any speech unpopular to a government.

    Internet next target in "anti-terror battle"

    U.S. Creating a 20,000 Strong Cyberspace Command

    The U.S. Air Force is creating a "Cyberspace Command" to "recruit, equip, and train a new corps of cyber-warriors perpetually ready to protect military networks from whatever threats emerge."

    The planned implementation shows the level of concern the U.S. military has for potential cyber attacks:
    Its headquarters will likely consist of several hundred staff overseeing perhaps 20,000 Air Force personnel. They will include software experts, lawyers, electronic-warfare and satellite specialists, and behavioral scientists..."
    The cause of concern is partially centered around attacks against U.S. and other western systems.
    "In recent months, U.S. officials said they have seen a sharp increase in efforts by hackers, backed by foreign governments, to infiltrate or damage U.S. and other allied information networks."
    The full story with more details of the Command and its planned structure and operation are available at

    Cyber Warriors

    Friday, November 02, 2007

    More Discussion of November 11th "Electronic Jihad"

    TechNewsWorld published an article concerning the November 11th "electronic jihad" discussing the skepticism of most security professionals.

    As stated in the article, terrorist organizations are sophisticated in their use of technology but, so far, have not resorted to offensive use. This may indicate an inclination to do damage in the physical world where the impact is more severe and receives more attention.

    Having said this, we should not dismiss outright the possibility of future attacks. There are numerous cases of individuals who ideologically support terrorist causes and act independently with web defacements and other attacks. We should expect these types of attacks to increase in both number and sophistication.

    Therefore, while skepticism is warranted with this particular announcement organizations should continue to secure and monitor their networks against this type of activity (see Network Risk Management, LLC Recommends Caution in Evaluating Website Claims of "Al Qaeda Cyber Jihad" on November 11th)

    Electronic Jihad: Winds of Cyber War or False Alarm?

    The Register ran a similar story:

    Scepticism over cyber-jihad rumours

    Japanese Concerns with Chinese "Hackers"

    The East-Asia-Intel has a story concerning possible Chinese cyber attacks against Japanese computer systems.

    The report is somewhat contradictory saying:
    "The report said that during the first six months of 2007, Japan's National Police Agency detected as many as 2,112 hacker attacks from China on a single day."
    and then says:
    "Japanese agencies have not detected attacks by Chinese on their networks but some experts say the Chinese conducted clandestine break-ins that left no traces."
    The report also discusses Japanese concerns that a large number on Chinese IT technicians working in Japan increase the risk of cyber attacks both by the Chinese government and individuals.

    China Military Hackers Strike Again, This Time in Japan (requires sign-in)

    U.S. Militiary Continues to Worry about Chinese Capabilities

    The Washington Post carried an article on the increasing capabilities and alleged probing of U.S. military and commercial systems by China and the concerns of U.S. military leaders:

    "Air Force Gen. Paul Hester, commander of U.S. air forces in the Pacific, said in a separate interview that China's anti-satellite weapons and computer hacking are being watched closely.

    "Cyber is a place where we are growing to learn where the dangers are," he said in his office at Hickam Air Force Base in Hawaii."

    The report also discusses concerns over China's anti-satellite tests.

    Chinese Military Boosts Hacking

    Thursday, November 01, 2007

    EU Considers Criminalizing Use of Internet by Terror Groups

    The EU is considering recommendations to criminalize the use of the Internet by terrorist organizations to "inciting, recruiting and training for terrorism".
    "In a memorandum on his proposals [EU Commissioner for Freedom, Security and Justice Franco] Frattini said the Internet served as one of the principal boosters of the process of radicalization and recruitment of militants, as well as "a source of information on terrorist means and methods, thus functioning as a 'virtual training camp'."
    EU Commissioner Frattini wants to make online terrorism incitement a crime

    Continued Skepticism of November 11 "Cyber Jihad"

    PC World reported today on further skepticism of the DEBKAfile report of a November 11th "Cyber Jihad".

    Yesterday, Network Risk Management, LLC issued a notice to treat the claim with caution. Further analysis indicates that government and international businesses should use normal security procedures and monitoring.

    Report: Cyber Jihad Set for Nov. 11

    Wednesday, October 31, 2007

    Encurve, LLC Recommends Caution in Evaluating Website Claims of "Al Qaeda Cyber Jihad" on November 11th

    An Israeli website is reporting that Al Qaeda supporters are planning an electronic Jihad against "Western, Jewish, Israeli, Muslim apostate and Shiite Web sites" beginning November 11, 2007.

    The website did not disclosure the actual source of this threat and, as there have been numerous previous claims of similar attacks, Encurve, LLC recommends this report should be analyzed with skepticism.

    This need for suspicion is further bolstered by rather broad claims such as:
    "...counter-terror sources report that, shortly after the first announcement, some of al Qaeda’s own Web sites went blank, apparently crashed by the American intelligence computer experts tracking them."
    and (emphasis added);
    "On Day One, they will test their skills against 15 targeted sites expand the operation from day to day thereafter until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites."
    The report did give a motive for the cyber attacks:
    "They offer would-be martyrs, who for one reason or another are unable to fight in the field, to fulfill their jihad obligations on the Net. These virtual martyrs are assured of the same thrill and sense of elation as a jihadi on the “battlefield.”
    The full text can be read at:

    DEBKAfile Exclusive: Al Qaeda declares Cyber Jihad on the West

    Friday, October 26, 2007

    Debate Continues in Germany around Governement Searches of Systems

    Heise Online reports on the continuing debate in Germany concerning legislation to make online searches of computers by the government legal.

    Currently, the German state of North-Rhine-Westphalia (NRW) has passed legislation to allow state investigators to perform online searches of suspected terrorist systems. The issue is being debated at both state and federal levels of the German government.
    "We are pioneers", said leader of the CDU parliamentary group in the NRW government, Peter Biesenbach. "It isn't disgraceful to have the Act investigated by the Constitutional Court". The intelligence agency's means should match those of criminals on the internet. Online searches are also considered indispensable by the Federal German Ministry of the Interior. "
    NRW Minister of the Interior: State intelligence agents did not spy on private computers

    US Congress Investigates DHS Cyberattacks

    The U.S. Congress continues to investigate cyberattacks against DHS and other government systems in which information was transfered to websites in China. As with most government related incidents, there is insufficient unclassified information to properly analyze the attack or its impact.

    Much of the Congressional hearings is focused on Unisys Corp. as DHS outsourced much of its security management to Unisys.

    "The results of our [committee] investigation suggest that the department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks," Democratic Reps. Bennie Thompson of Mississippi and James Langevin of Rhode Island said in a written statement."
    Investigators: Homeland Security computers hacked

    Thursday, October 25, 2007

    Cyberattacks against U.S. Systems Not Just from China

    The U.S. national counterintelligence executive, Joel Brenner, recently said in a CNN interview that the foreign intelligence organizations from 140 countries are actively attempting to penetrate U.S. government and corporate computer systems.

    "Joel Brenner, the national counterintelligence executive, told CNN it is not accurate to blame only the Chinese government for recent penetrations of government computer systems.

    "We get intrusions from all point of the compass. It is really misleading to focus on one country," he said. "They are coming from everywhere now. It is a pervasive problem."

    Official: International hackers going after U.S. networks

    Wednesday, October 24, 2007

    Internet Islamist Group Arrested in Spain

    The Spanish Civil Guard has arrested 6 suspected Islamists for use of the Internet to promote terrorist activities based in a rural area of Northwest Spain. This appears to be part of a much larger investigation involving Swiss, Danish and US authorities as well.
    "The Civil Guard said the arrests marked the first time Spanish authorities have broken up a network principally dedicated to promoting jihad on the internet. The group was using private chat rooms and forums, disseminating Islamist propaganda on the Web and collecting money for imprisoned Islamists, officials said."
    Spain arrests 6 suspected Islamists

    Tuesday, October 23, 2007

    Germany and Austria Move Forward to Legalize Government Searches of Online Systems

    Heisse Online is reporting on both German and Austrian plans to legalize the use of Trojan horses to search the computers of suspected terrorists.

    Schäuble renews calls for surreptitious online searches of PCs

    Austria plans to start conducting secret online searches in 2008

    New Allegations of Chinese Attacks on German Systems

    Hans Elmar Remberg, vice president of the German Office for the Protection of the Constitution, the country's domestic intelligence agency, recently reiterated Germany's concerns that Chinese "hackers" backed by the Chinese government were attacking German computers according to Deutsche Welle.
    "Remberg told a conference on industrial espionage in Berlin on Monday that the nature and frequency of the attacks on German companies pointed to a concerted targeting by Chinese hackers backed by the state.

    "In our view, state Chinese interests stand behind these digital attacks," said Remberg. "Supporting this view is the intensity, structure and scope of the attacks, and above all the targets, which include [German] authorities and companies."

    China Rejects Renewed Accusations of Cyber Spying on Germany

    Monday, October 22, 2007

    Internet and Other Technologies Make Surveillance of Radical French Mosques Difficult

    The Jamestown Foundation recently released a report on French intelligence agencies efforts to monitor the activity of radical mosques in France. While most of the article concerns the relative success of physical surveillance, an interesting note is made that technology, specifically Internet and satellite communications, are being used by radicals to bypass the physical surveillance and controls placed on French mosques:

    "Mosques do not constitute the only channel of religious radicalization in France. Radical discourses are now conveyed through satellite televisions, which are increasingly available to French Muslims. The internet, with numerous jihadi-friendly websites available in both Arabic and French, allows the dissemination of a radical Salafi discourse that preaches hatred of the West, rabid anti-Semitism and anti-French racism. Finally, libraries and publishing companies specializing in Islamic studies also participate in the dissemination of radical Salafi material. On these three fronts, French law enforcement authorities are ill-equipped to monitor and curb the expansion of radical Salafi ideology disseminated via these channels. Actions against satellite channels or websites located outside of France are difficult or impossible."

    An Inside Look at France's Mosque Surveillance Program

    Improved Control of Chinese Internet Content

    An anonymous Internet blogger purported to be a technician in a Chinese ISP details the growing success of Chinese Government censorship on the Internet by implementing a layered approach to control content.

    "The government monitors the internet by means of a skillful mix of filtering technologies, cyber-police surveillance and propaganda, in all of which China invests massively," writes the technician, referred to only as "Mr Tao". "Draconian censorship hunts down anything to do with human rights, democracy and freedom of belief. It nips free expression in the bud."

    According to the report, censorship of the web has grown along with the increasing power of the Beijing Internet Information Administrative Bureau, the organisation that monitors internet content in China. Its hold over is particularly strong for companies based in or near the Chinese capital, warns the study"
    The original article appeared in The Guardian: China Tightens Control of Net

    Thursday, October 11, 2007

    Online Anit-Jihadist Activity

    The Washington Post ran an article concerning what they call "counter-cyberjihadist". These individuals monitor websites for Jihadist activity and then bring pressure on the ISPs to remove the site. The article discusses the motives as well as some of the potential implications of this activity.

    Blogs target jihadis online

    Monday, October 08, 2007

    Swedish Websites Attacked

    AP is reporting that Swedish ISPs estimate at least 5,000 websites have been attacked in the last week, apparently from Turkey. The motive is believed to be anger over the recent publication of caricatures of the Prophet Muhammad in Swedish newspapers.

    The attacks reported so far seem to be limited to web page defacements.

    Turkish Hackers Target Swedish Sites

    Israeli Concerns about Google Earth

    Israel, like many countries, worries about the availability of satellite information via Google Earth. The ease with which military, terrorist or other radical groups could use such information for targeting and intelligence is real.

    The opinion piece from does conclude with the only viable solution: Adapt.
    "All that is left for us to do is internalize the fact that we are transparent and take it into consideration when we undertake any kind of military activity. Just like we got used to the fact that cellular phones are one of the major means for leaking information, we must get used to the notion that the most secret facilities are no longer that secret – and conduct ourselves accordingly."
    Like many disruptive technologies, adaptation is the only effective answer.

    The Secret Is Out

    Sunday, October 07, 2007

    Cyber War Issues

    Bob Brewin at Government Executive reports on Pentagon attempts to deal with recent intrusions into DoD systems allegedly originating from China.

    The debate centers around the development of U.S. offensive capabilities on the Internet:
    "The Defense Department has redundant systems in place to defend its network against cyberattacks, but in the past year it has started to push development of offensive information warfare capabilities. If "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests," Marine Gen. James Cartwright, commander of the Strategic Command, told the House Armed Services Committee in March."
    While the potential disruption from online attacks requires both defensive and offensive capabilities, there is a critical component missing in the debate - intelligence capabilities. It will be vital to build better intelligence and investigative capabilities in order to properly identify intrusion sources and motives. It is too easy to mask the source of an attack and any mis-directed counter-attack could have significant political and technical repercussions.

    Government Executive News and Analysis: Cyber Wars

    Friday, October 05, 2007

    Western Goverments Look to Counter Online Terrorist Activities

    It should come as no surprise that Western governments are looking for ways to counter the use of technologies by terrorist and other politically motivated groups. The International Herald Tribune has a report on these efforts and the potential impacts.

    It is clear that governments must take action to counter online threats but the fear is that these actions are not always well thought out or the unintended consequences of countermeasures are understood. The article states this very clearly:

    "One way of viewing these trends is that the terrorists have won," said Richard Clayton, a computer security researcher at the University of Cambridge who is part of the OpenNet Initiative, which tracks Internet surveillance and filtering practices. "They're making us change our society to counteract, not what terrorists are doing, but what they're threatening to do," he said.

    "And what's being proposed doesn't really make any difference for a terrorist, who will find a way around it."

    It is critical that the effect of countermeasures, whether defensive or offensive, must be understood. This is just as applicable in cyberspace as in the physical world.

    West Is Taking Fight Against Terrorism Online

    Thursday, October 04, 2007

    Paper on Cyber PSYOPS Published

    The Foreign Military Studies Office in Ft. Leavenworth has published a paper by Retired LTC Tim Thomas on the use of psychological operations employing online technologies to influence the attitudes and behaviors of both solders and civilian populations - referred to as CYOP (Cyber Psychological Operations).

    These technologies include the use of mobile phones for "citizen journalism", the Internet (webpages, text messaging, digital newspapers, email, blogs, etc.) and other more esoteric ideas such as technologies that would affect the thoughts/brains of targets.

    Another interesting component of CYOP is the use of deception. While it has always been used in traditional psychological operations, the immediacy of digital communication adds a new dimension. LTC Thomas states:
    "Gray or fake news can be inserted quite easily in the cyber age. For example, mobile phones can be the medium through which to send regular messages—in the form of news updates— to discredit leaders or offer a different point of view on the fighting. Some mobile phone messages in Lebanon were headlined with the title “news.” But recipients did not find customary news: instead they found news from the Israeli viewpoint. In addition, the Israelis resurrected a Voice of Lebanon radio station on frequency 103.7 Mhz. While not mentioned in the article, Voice of Lebanon’s reporting could easily be inserted into mobile phone messages, if the former is ever blocked."
    The author uses the recent Hezballah/Israeli conflict as a case study of these techniques and their effectiveness.

    The full paper can be downloaded:

    Hezballah, Israel, and Cyber PSYOP

    Syrian Radar "Hacked"?

    Speculation grows over how Israeli bombers were able to evade Syrian air defenses in a recent attack on an unknown target in Syria.

    The Register is quoting an Aviation Week report that the Israelis may have used a technology called "Suter" to "hack" a radar installation.

    "Aviation Week reckons the success of the attack might be down to use of the "Suter" airborne network attack system. The technology, was developed by BAE Systems and integrated into US unmanned aircraft by L-3 Communications, according to unnamed US aerospace industry and retired military officials questioned by Aviation Week.

    Instead of jamming radar signals, Suter uses a more sophisticated approach of "hacking" into enemy defences.

    "The technology allows users to invade communications networks, see what enemy sensors see, and even take over as systems administrator so sensors can be manipulated into positions so that approaching aircraft can't be seen," Aviation Week explains. "The process involves locating enemy emitters with great precision and then directing data streams into them that can include false targets and misleading message algorithms.""

    Israel suspected of 'hacking' Syrian air defences

    Wednesday, October 03, 2007 to Hold "Hacking" Forum in Arabic has announced the creation of an Arabic language seminar on network intrusion techniques. This follows a speech in Syria by Zone-H founder Roberto Preatoni on future IT security threats.

    The organization's website described the perceived need for an Arabic "hacking" course:
    "We understand the importance of the Arabic community in IT security area and know that more and more countries are rushing to establish strong and secure infrastructures and legal ground. Also our participation on HITB conference in Kuala Lumpur showed us how is [sic] important to share the knowledge without any restriction. Therefore Zone -H is proud to announce Hands-on Hacking seminars in the Middle East area."
    The first 6-day seminar will be held in Dubai in December and present topics on:
    1. "Attaching [sic] techniques at the infrastructure level";
    2. "Hacking Web Applications targeted on nowadays most used techniquest [sic] of web application hacking"; and,
    3. "Wireless hacking which is bringing in-depth knowledge of wireless security topics and attacking techniques."
    The full announcement is available at the website.
    Hands-on Hacking Seminars in Arabic Countries

    A brochure with a detailed seminar agenda is available at: Hands on Hacking.

    Tuesday, October 02, 2007

    Israeli Traffic Webcams May Be Used by Terrorist Groups

    UPI reported on potential terrorist use of Israeli traffic webcams to plan attacks.

    Jihadis using Web-based traffic cameras

    Monday, October 01, 2007

    Fake Dalai Lama Email on Burma Protests Contains Malicious Code

    A fake email stating the Dalai Lama's support for protests in Burma actually carries an attachment which can infect systems with a copy of the Agent-CGU trojan horse.

    As always, care should be used in opening email attachments from untrusted sources.

    Hackers Exploit Crisis in Burma

    South Korean Government Cracks Down on Anti-Draft Websites

    AFP reports on efforts by the South Korean Government to block websites that advise citizens how to avoid the draft in the ROK.

    Letters were sent to major Internet providers requesting the sites be taken down.

    SKorea cracks down on Internet draft-dodgers

    Internet Access to Burma/Myanmar Remain Down

    The government in Burma/Myanmar continue to block Internet access to prevent coverage of the supression of anti-government protests.

    Internet link remains shut amid Myanmar crackdown

    EU Ministers Consider Anti-Terrorism Internet Controls

    EU Ministers meet in Lisbon today to discuss increased Internet surveillance and controls to combat the use of websites in planning terrorist activity. This is partially in response to independent efforts on the part of individual EU countries:

    "In response to a recent series of arrests and the unfolding of terror plots and planned strikes in Sweden, Germany and Austria, individual countries in Europe are already moving ahead to step up surveillance of the Internet.

    In Germany, Interior Minister Wolfgang Schäuble is seeking powers allowing investigators to send software that secretly installs itself on specific computers, relaying data to police computers as users operate online."

    While increased intelligence and surveillance may be effective, attempts to regulate Internet content are generally ineffective and are mostly cosmetic. Suppression of publicly available information will only drive it underground where it is more difficult to monitor. It will have little or no impact on the ability of terrorists or criminals to communicate as they will just find other, more covert, methods.

    EU Takes Battle against Terrorism Online

    Friday, September 28, 2007

    German Trail Opens for "Cyber Jihadist"

    This may be one of the first prosecutions in the Western World for posting al Qaeda messages on the Internet. Germany, like most countries, has been slowly tightening and expanding anti-terrorism laws. This case will test the ability of German authorities to limit Islamist activity online.
    "The case, experts say, underscores the increasing significance of the role of the Internet in global terrorism. Known to offer everything from sources of terror financing, the sale of chemicals and fertilizers, recruitment of members, to a complete terrorist attack how-to guide, monitoring the Web has long been high on counter-terrorism experts' list."
    The article has a good discussion of free speech vs. anti-terrorism efforts.

    "Cyber Jihadist" Trial Opens New Front in Anti-Terror Fight

    Vitural Sit-In Protest in Michigan Gets Late Press

    In May of 2007, the Electronic Disturbance Theater (EDT) called for a "virtual sit-in" of Michigan State's main website to protest cuts in health care benefits.

    For some reason it made very little press until just recently when InfoWorld picked up the story. Not sure what caused it to appear on the radar screen at such a late date. The attack had very little impact on Michigan's systems.

    EDT was one of the first online protest groups to make available simple DoS attack applets called "FloodNet" to support the Zapatista movement in Mexico during the late 1990s. EDT has not been as active the last few years.

    New activist tool: Cyber sit-ins

    Thursday, September 27, 2007

    Mobile Devices Help Bypass Burmese Censors

    Der Spiegel reports on the use of mobile devices to circumvent Burmese censors - just like mobile devices bypass corporate security controls.

    THE CYBER REBELLION: Burmese Bloggers By-Pass Censors

    Changes to German Computer Misuse Laws in Wake of Alleged Chinese Computer Attacks has an analysis and commentary on the recent changes to German computer misuse laws after complaints that German government systems had been attacked from China.

    The full analysis can be read at: Secure Germany

    Unisys Denies Washinton Post Allegations Concerning Mishandling of DHS Computer Intrustions

    Unisys released a press statement denying (some) of the allegations in a Washington Post article alleging that Unisys employees hide the extent of over 150 intrusions into DHS systems believed to have originated from China.

    “Unisys vigorously disputes the allegations made in today’s article. Facts and documentation contradict the claims described in the article, but federal security regulations preclude public comment on specific incidents.

    “We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."

    Unisys had no comment on the alleged coverup of the incidents.

    Unisys Says Facts, Documentation Contradict Allegations in News Story on DHS

    Israeli Report on Internet Use by Arabic Groups

    The Intelligence and Terrorism Information Center at the Israel Intelligence Heritage & Commemoration Center (IICC) maintains a website with analysis of Internet use by various Arabic groups such as Hezbollah and Palestinian groups. The site details specific websites, a brief synopsis of content and technical information such as the IP addresses and ISPs hosting the sites which are summarized in the following quote:
    "Technically, the PIJ's Internet network is supported by ISPs located in Iran (which hosts Qudsway , the PIJ's main site), Malaysia (one site), Canada (one site) and the United States (three sites). The pattern of having the main site Iranian and most of the others American has not changed since our previous examination, carried out in May 2006. That is true although the PIJ is clearly a terrorist organization and appears on the United States list of designated terrorist organizations. That provides an additional illustration that the Internet is the main medium through which the global jihad can spread its propaganda encouraging hatred and terrorism, and the radical Islamic ideology of the Palestinian terrorist organizations."
    The Internet in the service of terrorist organizations: the Palestinian Islamic Jihad’s Internet network and the service providers by which the organization is supported (updated to September 18, 2007)

    Simulated Power Grid Attack Shown to Top US Officials

    AP is reporting that a video was created simulating a cyber attack on a power generator that showed "an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down". This video was later shown to top US officials.

    While the threats and vulnerabilities of the power grid are well documented, it is a little troubling that a simplified video simulation is being used to educate top government officials. Threat assessments and communications should never be over- or understated.

    As with most infrastructure attacks, it takes more than a few simple keystrokes to cause lasting and significant disruptions. Not only does an adversary need to understand SCADA controls and customized configurations (insider knowledge), they will need to understand and overcome backup, monitoring and redundancy systems.

    The article's author's do point this out:

    "Industry experts cautioned that intruders would need specialized knowledge to carry out such attacks, including the ability to turn off warning systems.

    "The video is not a realistic representation of how the power system would operate," said Stan Johnson, a manager at the North American Electric Reliability Corp., the Princeton, N.J.-based organization charged with overseeing the power grid."

    This begs the question: Why would something that "is not a realistic representation" be used to communicate threat potential to key decision makers? Too often, in both government and commercial organizations, security professionals miscommunicate threats and risks - is it any wonder that executives are wary of IT security personnel?

    US video shows hacker hit on power grid

    Wednesday, September 26, 2007

    Estonia Cyberattack Lessons

    An analysis of last month's attack on Estonia's information infrastructure and how it might affect US systems is provided in ComputerWorld.

    Of particular interest is the discussion on how difficult it is to identify the true source of attacks and how attacks on government systems can easily spill over to civilian systems. This is a not-to-subtle point that many security talking-heads miss when they promote the idea of "cyber counter-attacks".

    Could U.S. be at risk for cyberwarfare?

    Al-Qaida Continues to Gain Ground on the Internet

    UPI International's Arnaud DE BORCHGRAVE has an interesting commentary on the growing success of Al-Quaida's (unimpeded) use of the Internet.

    The following quote tells just how extensively and successfully the Internet is being used:

    "Cyberpower has emerged as a complex ether power in which digital grassroots are truly global. Al-Qaida’s 6,000-plus Web sites supply the ability to liberate and dominate at the same time. Al-Qaida now operates in virtual space with impunity in recruiting, proselytizing, plotting and planning. In the ether (not the anesthetic), thought is a reality."
    The full commentary is available at the UPI website:
    Commentary: Al-Qaida on the run?

    Saudi Arabia Considering Cybercrime Laws

    Gulf News reported that Saudi Arabia is considering new cybercrime laws due to the increased growth of intrusions originating from the Kingdom.

    The proposed law would distinguish between basic computer crimes (punishable up to 1 year in prison and a fine) and terrorism related computer crimes punishable up to 10 years in prison.

    Cyber Crime Takes Toll in Saudi Arabia

    Vendor Downplayed Attacks on DHS Systems

    In a case study of how outsourcing incident response goes wrong, The U.S. Government is looking into allegations that the IT vendor for the Department of Homeland Security may have minimized or underreported the extent of intrusions into 150 DHS systems.

    Organizations need to remember that outsourcing vendors are almost always motived to not divulge the extent of outages or incidents and it is critical that contractual terms require vendors to provide immediate and full notice of any serious incident. Further, organizations must have the investigative and recovery processes and policies in place to effectively manage the incident.

    These intrusions are believed to have originated from China (or at least passed through systems located there).

    The full story is located available from Yahoo: Unisys Accused of DHS Breach Cover-up

    Turkish Nationalists Deface US Vietnam Memorial Website

    Users of the Vietnam Veteran's Memorial website search function were greeted with a list of denouncements against the U.S., Israel, Kurds and Armenia last week. The protest carried video and text in both English and Turkish and made references to the 1915 Battle of Gallipoli during WWI.

    The original story was reported by the Washington Times.