Friday, November 30, 2007

China Denies McAfee's Report on Source of Attacks

The Associated Press is reporting that China's Foreign Ministry disputed the conclusions of McAfee's recent report stating there was a 'cyber cold war' between China and western countries and that '...hackers in China are believed responsible for four out of five major cyber attacks on government targets in 2007'.
"China has also been attacked by hackers of some countries, so the Chinese government attaches great importance to and participates in the international law enforcement cooperation in this area," Foreign Ministry spokesman Liu Jianchao said at a briefing Thursday."
China disputes cyber crime report

Example of Internet Use by Opposing 'Online Activists'

A classic example of the use of the Internet by supporters of opposing political ideologies, can be seen between a U.S. based group called Electronic Intifada and an Israeli website called Giyus.org. Giyus.org allows supporters to download an agent called 'Megaphone' that provides real-time information to 'online activists'.

The Electronic Intifada website describes itself as:

"The Electronic Intifada (EI) is a not-for-profit, independent publication committed to comprehensive public education on the question of Palestine, the Israeli-Palestinian conflict, and the economic, political, legal, and human dimensions of Israel's 40-year occupation of Palestinian territories."

The Israeli website's organizers describe their website as:

"Giyus.org is a coalition of Jewish and pro-Israeli organizations working together to help the Jewish community voice its opinion in an effective, active manner. It has put on its flag a goal to improve the channels of communications between the different organizations, their members, the state of Israel and the outside world.

Giyus.org was first founded by WUJS and is now supported and operated by our partners. It is a non-for-profit organization that is supported by donations. If you wish to donate please contact us here. We appreciate all help offered. Thank you.

Megaphone, Giyus.org’s software, is delivering real time alerts about key articles, videos, blogs, surveys and update messages from the coalition to community members. Members can easily voice their opinions and work together to support Israel on the public opinion front."

These are just two of many such websites but provide good examples of legal and legitimate political use of technology.

Estonia's Defense Minister Sees More Cyber Attacks in the Future

Estonian Defense Minister Jaak Aaviksoo spoke at the Center for Strategic and International Studies on the recent cyber attacks on Estonian systems. Mr. Aaviksoo gave an indication of the magnitude of those attacks and predicted there would be future attacks:

"The attacks appear to have been carried out by as many as 1 million computers in 50 countries worldwide, apparently from rented botnets, networks of compromised computers coordinated for criminal purposes. Targets were government Web sites and portals, financial institutions, and news outlets.

The aim of the attacks seemed to be psychological impact rather than damage to physical infrastructure, and Aaviksoo characterized them as cyberterrorism rather than cyberwarfare. But the possibility of full-fledged cyberwar must be faced, he said.

“It is imminent that future development will see warfare in this newly born cyberspace,” he said. “The probability of that is rising over time.”
Cyberattacks in the present tense, Estonian says

McAfee Reports Cyber 'Cold War' with China

McAfee's recent report on Internet threats declares that a 'cyber cold war' exists between western countries and China. However, some of the quotes are not completely accurate:
"The Chinese were first to use cyberattacks for political and military goals," James Mulvenon, an expert on China's military and director of the Center for Intelligence and Research in Washington, said in the McAfee report.

"Whether it is a battlefield preparation or hacking networks connected to the German chancellor they are the first state actor to jump feet first into the 21st century cyber warfare technology. This is becoming a more serious and open problem," he continued."
In fact, several governments have used cyberattacks for intelligence gathering dating back to the late 1980s when the Soviet Union used a group of German nationals to penetrate U.S. and European computer systems.

Germany was alleged to have used a separate group of 'hackers' to test the effectiveness of computer intrusions for economic espionage against the U.S. in an operation called 'Rehab' in 1989.

With this said, reports do indicate a large amount of illicit network activity originating from China. However, since the details of these intrusions are classified, it is impossible to fully analyze motives or the true origins of the attacks.


Cyber 'Cold War' Exists With China

Monday, November 19, 2007

OSCE Discusses Action against Terrorism on the Web

The Organization for Security and Cooperation in Europe (OSCE) based in Vienna held a two day conference to discuss the use of websites by terrorist supporters.

Many countries are currently debating legislation to combat terrorist websites (for example the UAE, the U.K., the U.S., and the E.U.) yet most proposals offered to-date would have little real impact. Most websites would simply move to more friendly or less regulated countries. As the press release for the OSCE meeting stated:
"...the Internet - unlike any other medium - is not linked to any physical location. People intent on abusing cyberspace for terrorist purposes can do so from virtually anywhere in the world with just a laptop and an Internet connection."
The OSCE meeting agenda included:
  1. Strengthening of and complying with the international legal framework
  2. Enhancing national legislation and regulations
  3. Improving relevant national counter-terrorism measures
  4. Promoting and adapting bilateral and multilateral co-operation
  5. Strengthening co-operation with the private and academic sectors
  6. Freedom of expression and other relevant human rights considerations

"Unfortunately, there is not a coherent strategy in Europe, especially among the 27 European Union member nations, as to what to do," said Sajjan Gohel, director for international security at the London-based Asia-Pacific Foundation.

"There's a lot of good talking, a lot of fine words, but those need to backed up with fine deeds," he said.


Combating terrorist use of the Internet

Experts urge cooperation to target terrorist misuse of Web

Saturday, November 17, 2007

U.S. Senate Passes New Cybercrime Legislation Defining Cyber Extortion

The U.S. Senate approved a new bill on cyber crime laws. The major portion of the bill applies to identity theft but a key provision also defines cyber extortion and makes it a felony crime. The bill also makes conspiracy to commit a cyber crime a felony.

It is common for some types of politically motivated computer crimes to involve forms of extortion. Examples include activity by cyber activists, or hacktivists, that threaten denial-of-service or other attacks if the target organization does not change their behavior, business or activity.

Specifically, the bill modifies section 1030 of title 18, United States Code as follows:

SEC. 6. CYBER-EXTORTION.

    Section 1030(a)(7) of title 18, United States Code, is amended to read as follows:
      `(7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any--
        `(A) threat to cause damage to a protected computer;
        `(B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
        `(C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion;'.
    For those unfamiliar with section 1030, a "protected" system is broadly defined as a computer system owned or used by the US Government, a financial institution or any computer system used in interstate or international commerce or communication. This can include a system located outside of the U.S. if it affects interstate or US international commerce or communication.

    "Damage" is defined as "any impairment to the integrity or availability of data, a program, a system, or information".

    The U.S. House of Representatives must also pass the legislation before it becomes law.

    The full bill can be read at:

    Identity Theft Enforcement and Restitution Act of 2007

    Friday, November 16, 2007

    Report Finds China "the Single Greatest Risk to the Security of American Technologies"

    The U. S.-China Economic and Security Review Commission has just published the executive summary to their 2007 report to Congress stating "Chinese espionage activities in the United States are so extensive that they comprise the single greatest risk to the security of American technologies."

    The summary covers a wide range of U. S. Chinese issues such as trade, manufacturing, jobs, China's military buildup and cyber warfare capabilities.

    Concerning China's offensive computer capabilities the summary states:
    "Chinese military strategists have embraced disruptive warfare techniques, including the use of cyber attacks, and incorporated them in China’s military doctrine. Such attacks, if carried out strategically on a large scale, could have catastrophic effects on the target country’s critical infrastructure."
    And recommends:
    "...adequate support for protecting critical American computer networks and data: The Commission recommends that Congress assess the adequacy of and, if needed, provide additional funding for military, intelligence, and homeland security programs that monitor and protect critical American computer networks and sensitive information, specifically those tasked with protecting networks from damage caused by cyber attacks."
    The report also discusses China's control over internal Internet activity:
    "Over the decades China has built one of the world’s most effective information control systems. The Chinese government controls the content of newspapers, magazines, television, radio, and the Internet. Chinese journalists have been demoted, fired, imprisoned and beaten for violating restrictions on media content. Internet users face similar restrictions and violators may be imprisoned."

    Untied States-China Economic and Security Review Commission 2007 Report to Congress Executive Summary

    Conference on Internet Hate Speech Held in Israel

    The Anti-Defamation League sponsored a conference in Israel to discuss the use of the Internet by hate groups to recruit and spread their message.

    The discussions concerned the difficulty in controlling this type of website (see United Arab Emirates Police Call for Tougher Cyber Terrorism Laws for a discussion of similar problems with terrorist websites).
    "The problem is that each country has its own standard of what constitutes hate," said Marcus, who recounted that during a recent conference in Europe, Russian representatives believed that Seventh-Day Adventists should be qualified as a hate group because of their views on the army and nationalism. "We clearly cannot adopt a universal standard that everyone agrees on."
    ADL conference explores 'cyberhate

    United Arab Emirates Police Call for Tougher Cyber Terrorism Laws

    During a recent information security conference in the UAE, police representatives discussed the need for stronger penalties for those who set up websites supporting terrorism.

    "Major Khalid Al Hamadi of the Sharjah Police Department called for the strengthening of penalties for those who build terror-related Web sites during a presentation of a study on cyberterrorism in the UAE at the fifth annual Middle East Information Technology Security Conference, the Khaleej Times reported.

    Current UAE federal law stipulates a five-year jail term for anyone found guilty of launching a terror-related Web site or of publishing information favoring a terrorist organization."

    This call for criminalizing websites supporting terrorism follows a trend in several countries including several in the EU. However, in all of these cases, there is little discussion of the difficulty in enforcement. Some of the issues that will need to be addressed include:
    1. Defining terrorism - Different countries have widely varying definitions of terrorism
    2. Delineating free speech from material terrorist support
    3. Investigating and intelligence tools to properly identify website authors
    4. Culpability of third-parties such as ISPs
    5. International jurisdictional issues
    Without good enforcement, websites that are shut down will just reappear in a different virtual location.

    Tougher penalties for cyberterrorists

    Thursday, November 15, 2007

    Internet Governance Forum Discusses Cybercrime

    Participants in the Internet Governance Forum held in Rio de Janeiro this week discussed cybercrime issues including the use of the Internet by dissident groups, terrorists, pornographers and criminals.

    Discussions included the focus on terrorist activity to the exclusion of other online problems such as the cyber attacks against Estonia and child pornography.

    Brazil Web forum takes on cybercrime

    U.K. to Require ISPs to Control Websites of Terrorist Supporters

    Prime Minister Gordon Brown announced that the U.K. Government would introduce controls on websites supporting terrorist activities as well as stricter physical controls of public places:

    "Brown said Internet and technology companies will be asked to help stop online terrorist propaganda, and he announced that a meeting would be convened with leading British Internet service providers to find ways of doing that.

    Along with possibly removing customers' sites, service providers also might be pressured to block ones hosted abroad. The government also could create a list of banned sites or try to persuade search engines like Google Inc. or Yahoo Inc. to filter out prohibited content from their search results."


    PM: British Sites Need More Security



    US Government Critisized for Ignoring Cybercrime

    The San Jose Mercury ran a series of articles on the failure of US authorities to address the threat from online fraud and other cybercrimes, instead focusing too heavily on information warfare and online espionage. The report quotes several former government advisers:
    "The U.S. government has not devoted the leadership and energy that this issue needs," said Paul Kurtz, a former administration homeland and cybersecurity adviser. "It's been neglected."
    and;
    "They're still not taking cybercrime seriously enough," said former administration cybersecurity adviser Marcus Sachs, now at Verizon Communications, reflecting the views of several former White House officials."
    The artilce lists several causes:
    • Limited resources. Current and former agents contend there are too few federal cyberinvestigators, and that too little is done to retain detectives with advanced technical training. Budget numbers appear to support the critics' complaints.
    • Fractured responsibility. A half-dozen federal agencies fight organized Internet crime with overlapping programs, and at times are barred from sharing information. One private security consultant described having to act as a go-between, linking information between two agencies unable to talk directly.
    • An unfamiliar threat. Traditional crime-fighting techniques are often useless. And there are indications that top government officials still do not appreciate the scope or danger of the Internet fraud menace.
    The article has an in-depth analysis of what the problems are and the history of US Government action (or inaction). The main point is the emphasis on terrorist threats to the exclusion of others:

    "Since a 2003 presidential commission issued the National Strategy to Secure Cyberspace, the White House has suffered from a leadership vacuum on cybersecurity.

    Richard Clarke, the former counterterrorism coordinator, retired as cybersecurity czar just as the strategy was published. His deputy took over, only to leave government two months later.

    The administration then eliminated the post entirely and shifted responsibility from the White House to the Department of Homeland Security - which treated the issue largely as a terrorism and military risk, to the exclusion of the online criminal underground that began to flourish during the next few years."


    Part III: U.S. targets terrorists as online thieves run amok
    (requires registration)


    Wednesday, November 14, 2007

    FBI Director Discusses Cyber Threats to National Security

    FBI Director Robert Mueller recently gave a speech discussing what the FBI considers the top cyber threats to national security.

    These included:
    • Cyber terrorism - Director Mueller acknowledged that terror groups have not performed cyber attacks but heavily rely on the Internet for communication, planning and recruiting.
    • The Estonia cyber attacks
    • Botnets and their potential for offensive attacks
    • Economic and counterintelligence intrusions
    Director Mueller also stressed the need for international cooperation:
    "But we cannot limit our operations to the United States. Increasingly, cyber threats originate outside of our borders. And as more people around the world gain access to computer technology, new dangers will surface. For this reason, global cooperation is vital."
    A full transcript of the speech is available at:

    http://www.fbi.gov/pressrel/speeches/mueller110607.htm

    Tuesday, November 13, 2007

    U.S. House Committee Hears Recommendations for Cyber Assaults against Terror Websites

    The U.S. House of Representatives' Homeland Security Intelligence, Information Sharing and Terrorism Risk Assessment Subcommittee recently held hearings where witnesses advised on the need to identify, understand and fight against websites supporting terror organizations.

    "Rita Katz, director of the Search For International Terrorist Entities Institute, told lawmakers that the "jihadist movement" will continue to grow if the Internet remains a "safe haven" for terrorists. She said the challenge will not just be to monitor the online activities of terrorist suspects, but also to identify and exploit the online weaknesses of terrorist groups and mine for information that can help to defuse offline terrorist efforts.

    "For as long as jihadists on the Internet can engage in terrorist activities unfettered and unmonitored," Katz said, "the U.S. will not be able to cause significant, lasting damage to the global jihadist movement."

    Experts urge assault against terrorists' Web efforts

    Monday, November 12, 2007

    Analysis of Jihadist's "Dark Web"

    Sammy Elrom has published an informative analysis (part 1 of 3 parts) of the use of the Internet by Jihadist groups. The article discusses why the Internet is attractive to terrorist organizations, how the Internet is used and argues that this particular threat is not being treated seriously:
    "The use of the Internet as part of the terrorism tools is actually the big story, much more than the new horizontal structure adopted by terror organizations. It has a much stronger impact on the war on terror than previously believed, because the West was not prepared to deal with neither the new flat structure of the reorganized terror groups, nor with the creative way of using the WWW as a tool that compensates for the lose of central command. Terrorists groups and especially Jihadists, discovered that the Internet is an excellent stealth attack weapon because:
    • It doesn’t require field training (actually the training is already built-in the website itself)
    • There are no special preparations after the site is up and running
    • Changing the content and updating is secure and done remotely
    • The technical support in minimal
    • It provides an excellent scouting, recruiting and real time Intel tool
    In other words, what terrorists need is a few IT professionals and a hosting server. The results of cyber war may not be as spectacular as detonating an IED in a busy underground parking, but the actual damage has the potential of being more disastrous and create more chaos, by far."

    The Dark Web Of Cyber Terror – An Inescapable Reality

    November 12 and All Is Well

    November 11th has come and gone and there have been to reports of "Cyber Jihad" yet. The original threat was reported October 31st in response to an "announcement" that Al-Qada supporters would launch a Cyber Jihad against the West on November 11th.

    Analysis of the warning showed discrepancies, probable exaggerations and did not include the source material for complete analysis, leading most security professionals to treat the threat with some skepticism.

    Sunday, November 11, 2007

    "Dark Web" Researchers Scan Internet Terrorist Sites

    The University of Arizona has created an research group to collect information on and study terrorist websites called Dark Web.

    "The Dark Web project aims to scour Web sites, forums and chat rooms to find the Internet's most prolific and influential jihadists and learn how they reel in adherents."

    The article discusses the mission of the project and also some skepticism by tradition terrorism researchers in attempting to automate analysis.

    Project seeks to track terror Web posts

    Dark Web Terrorism Research web site is located at:
    http://ai.arizona.edu/research/terror/index.htm

    UN Committee Adopts Cyber Security Resolution

    The United Nations Disarmament and International Security Committee passed a resolution related to IT security concerns related to organized crime, terrorism and politically motivated cyber attacks.

    The resolution was inspired, in part, by the cyber attacks on Estonia originating from Russia.

    One suggestion is to create a international legal framework to combat malicious or illegal use of information technology.

    UN Approves Resolution Related to Cyber Attacks

    Wednesday, November 07, 2007

    NYPD Published Report on the Process of Radicalization and the Role of the Internet

    A report by the New York Police Department studies the process in which individuals become radicalized. The study was based on analysis of the development and recruitment of five terror cells in the U.S. and compared with a similar study of the Hamburg group in Europe.

    The study identified four stages of radicalization:
    • Stage 1: Pre-Radicalization
    • Stage 2: Self-Identification
    • Stage 3: Indoctrination
    • Stage 4: Jihadization
    and looked at the drivers and processes behind each step. Of particular interest was the conclusion that use of the Internet plays a major role in these processes:
    "The Internet is a driver and enabler for the process of radicalization
    • In the Self-Identification phase, the Internet provides the wandering mind of the conflicted young Muslim or potential convert with direct access to unfiltered radical and extremist ideology.
    • It also serves as an anonymous virtual meeting place—a place where virtual groups of like-minded and conflicted individuals can meet, form virtual relationships and discuss and share the jihadi-Salafi message they have encountered.
    • During the Indoctrination phase, when individuals adopt this virulent ideology, they begin interpreting the world from this newly-formed context. Cloaked with a veil of objectivity, the Internet allows the aspiring jihadist to view the world and global conflicts through this extremist lens, further reinforcing the objectives and political arguments of the jihadi-Salafi agenda.
    • In the Jihadization phase, when an individual commits to jihad, the Internet serves as an enabler—providing broad access to an array of information on targets, their vulnerabilities and the design of weapons."
    The full report can be read at:

    Radicalization in the West: The Homegrown Threat

    Tuesday, November 06, 2007

    EU Announces Plans to Criminalize Promotion of Terrorism on the Internet

    As expected, the EU announced very broad plans to criminalize promotion of terrorist communication on the Internet.

    "EU Justice Commissioner Franco Frattini wants a new EU offence of“public provocation to commit a terrorist offence”, which would include “the distribution, or otherwise making available, of a message to the public, with the intent to incite” acts of terrorism.

    The offence would carry an agreed minimum jail term in all EU countries, and charges under the new law could be brought even if no act of terrorism resulted from the “public provocation”.
    The proposal states: “For an act to be punishable, it shall not be necessary that a terrorist offence be actually committed”.

    Although the internet is the prime target, the new law would apply to all communication deemed to provoke terrorism.

    Commission officials insisted the law would not curb the use of the internet to express political, academic or analytical views on terrorism."
    As with any legislation limiting speech and communication the issue will be the definition of "terrorist". Critics have voiced their concern that such broad legislation could criminalize any speech unpopular to a government.

    Internet next target in "anti-terror battle"


    U.S. Creating a 20,000 Strong Cyberspace Command

    The U.S. Air Force is creating a "Cyberspace Command" to "recruit, equip, and train a new corps of cyber-warriors perpetually ready to protect military networks from whatever threats emerge."

    The planned implementation shows the level of concern the U.S. military has for potential cyber attacks:
    Its headquarters will likely consist of several hundred staff overseeing perhaps 20,000 Air Force personnel. They will include software experts, lawyers, electronic-warfare and satellite specialists, and behavioral scientists..."
    The cause of concern is partially centered around attacks against U.S. and other western systems.
    "In recent months, U.S. officials said they have seen a sharp increase in efforts by hackers, backed by foreign governments, to infiltrate or damage U.S. and other allied information networks."
    The full story with more details of the Command and its planned structure and operation are available at GovermentExecutive.com:

    Cyber Warriors

    Friday, November 02, 2007

    More Discussion of November 11th "Electronic Jihad"

    TechNewsWorld published an article concerning the November 11th "electronic jihad" discussing the skepticism of most security professionals.

    As stated in the article, terrorist organizations are sophisticated in their use of technology but, so far, have not resorted to offensive use. This may indicate an inclination to do damage in the physical world where the impact is more severe and receives more attention.

    Having said this, we should not dismiss outright the possibility of future attacks. There are numerous cases of individuals who ideologically support terrorist causes and act independently with web defacements and other attacks. We should expect these types of attacks to increase in both number and sophistication.

    Therefore, while skepticism is warranted with this particular announcement organizations should continue to secure and monitor their networks against this type of activity (see Network Risk Management, LLC Recommends Caution in Evaluating Website Claims of "Al Qaeda Cyber Jihad" on November 11th)

    Electronic Jihad: Winds of Cyber War or False Alarm?

    The Register ran a similar story:

    Scepticism over cyber-jihad rumours

    Japanese Concerns with Chinese "Hackers"

    The East-Asia-Intel has a story concerning possible Chinese cyber attacks against Japanese computer systems.

    The report is somewhat contradictory saying:
    "The report said that during the first six months of 2007, Japan's National Police Agency detected as many as 2,112 hacker attacks from China on a single day."
    and then says:
    "Japanese agencies have not detected attacks by Chinese on their networks but some experts say the Chinese conducted clandestine break-ins that left no traces."
    The report also discusses Japanese concerns that a large number on Chinese IT technicians working in Japan increase the risk of cyber attacks both by the Chinese government and individuals.

    China Military Hackers Strike Again, This Time in Japan (requires sign-in)

    U.S. Militiary Continues to Worry about Chinese Capabilities

    The Washington Post carried an article on the increasing capabilities and alleged probing of U.S. military and commercial systems by China and the concerns of U.S. military leaders:

    "Air Force Gen. Paul Hester, commander of U.S. air forces in the Pacific, said in a separate interview that China's anti-satellite weapons and computer hacking are being watched closely.

    "Cyber is a place where we are growing to learn where the dangers are," he said in his office at Hickam Air Force Base in Hawaii."

    The report also discusses concerns over China's anti-satellite tests.

    Chinese Military Boosts Hacking

    Thursday, November 01, 2007

    EU Considers Criminalizing Use of Internet by Terror Groups

    The EU is considering recommendations to criminalize the use of the Internet by terrorist organizations to "inciting, recruiting and training for terrorism".
    "In a memorandum on his proposals [EU Commissioner for Freedom, Security and Justice Franco] Frattini said the Internet served as one of the principal boosters of the process of radicalization and recruitment of militants, as well as "a source of information on terrorist means and methods, thus functioning as a 'virtual training camp'."
    EU Commissioner Frattini wants to make online terrorism incitement a crime

    Continued Skepticism of November 11 "Cyber Jihad"

    PC World reported today on further skepticism of the DEBKAfile report of a November 11th "Cyber Jihad".

    Yesterday, Network Risk Management, LLC issued a notice to treat the claim with caution. Further analysis indicates that government and international businesses should use normal security procedures and monitoring.

    Report: Cyber Jihad Set for Nov. 11