Friday, December 21, 2007

Recommended Reading: Cisco Threat Report Includes Increasing Threat from Military and Espionage

It has become a tradition for security companies to issue some type of "annual security report". Most focus on the continued increase in vulnerabilities or incidents and ignore the underlying risk factors that enable threats or increase their impact.

In a welcomed departure from this monotony, Cisco Systems, Inc. has created a new security report that includes not only the standard technical issues but explores seven different areas of risk to enterprises:
  1. Vulnerability
  2. Physical
  3. Legal
  4. Trust
  5. Identity
  6. Human
  7. Geopolitical
The section of geopolitical issues includes discussions on terrorism, environmental issues and a discussion on military and espionage threats in cyberspace:
Emergence of Cyberspace as a Major Theatre for War and Espionage

As industries, governments, and individuals have become more connected over the past decade, cyberspace has become an increasingly significant domain for military and espionage activities. Examples in 2007 include:
  • The creation of a “Cyber Command” by the U.S. Air Force, demonstrating the U.S. military’s recognition of cyberspace as a major area of military focus, both in terms of defense and as a potential launching point for offensive action
  • Growing evidence of international espionage as the motive behind network attacks in the United States, Australia, New Zealand, the United Kingdom, Germany, and elsewhere
  • Arrests and convictions of a large number of individuals who were caught stealing sensitive intellectual property and selling it to foreign governments
  • Accusations by political opponents of Russian president Vladimir Putin that the Kremlin had orchestrated network security attacks against them
  • Network security attacks in Estonia, which brought down many government and financial computers

The report gives high level recommendations and potential issues to address in 2008.

Cisco 2007 Annual Security Report

Wednesday, December 19, 2007

Report Discusses Limitations of Terrorists' Use of the Internet issued an analysis report on the limitations of the Internet to terrorist organizations.
"Although the Internet has been a boon for grassroots cells in spreading their ideology and recruiting new acolytes, the Web has some serious limitations as a terrorism enabler. Some things are very difficult to accomplish online -- namely, absorbing technical information and the tradecraft of terrorism and applying it to a real-world situation, particularly in a dangerous environment."
Additionally, use of the Internet for any aspect of conspiracy, planning or communication enables law enforcement and intelligence agencies to monitor activity:
"As these sites proliferate, so does the attention devoted to them. It is important to note that visiting such Web sites is an operational security hazard that can allow counterterrorism forces to identify potential militants and close in on them..."

U.S.: The Role and Limitations of the 'Dark Web' In Jihadist Training

Monday, December 17, 2007

German Federal Prosecutor Defends Online Survillance of Islamists

Deutsche Welle is reporting on a center in Germany created to monitor the online activity of Islamist groups in Germany:
"[The] Joint Internet Center (GIZ), consisting of about 30 German police and intelligence officers, had been working full time since January, monitoring Islamist activity on the Internet and analyzing Islamist Web sites. "

"The Internet has developed into the decisive means of communication within international Islamist terrorism," [Federal Prosecutor General Monika Harms] said during a press conference in Karlsruhe to review the year."

Top German Prosecutor Backs Online Terror Surveillance

Friday, December 14, 2007

Call for Companies to Block IP Addresses from Russia and China

David Utter at SecurityProNews has called for U.S. Companies to block the IP netblocks from Russia and China in response to alleged criminal and political computer intrusions.
"Unless there is an absolute business need for employees to visit sites in these countries, we are hard-pressed to see a reason to let people actively or unknowingly hit potentially malicious sites in countries that have demonstrated over and over they cannot or will not crack down on Internet criminal actions.

Or in China, where state sponsored hackers labor at the pleasure of the central government, grabbing data from corporate and government computers. Is the government going to crack down on itself?"

It's Time To Block Russia And China

More News on China Cyber Attacks and Capabilities

Several other articles have recently been published concerning Chinese capabilities:

The Heritage Foundation published a WebMemo on "Trojan Dragons: China's International Cyber Warriors" and Time Magazine has an article on "Enemies at the Firewall".

The Time article takes an interesting look at 'hacker' groups in China and western responses.

U.S. Congress Requires Report on China's Cyber Capabilities

A provision in the 2008 National Defense Authorization Act passed by the House of Representatives on December 13th, requires an annual report on Chinese military power to include a section on China's cyber capabilities including "efforts to aquire, develop and deploy cyberwarfare capabilities".

Washington Times - Inside the Ring: Cyberwarfare

Thursday, December 13, 2007

"Cyber Terror" Label Too Easily Applied to Lesser Crimes

Zeid Nasser has posted an excellent commentary concerning the overuse of the word "cyber terror".
"In the first couple of years following the events of September 11, 2001, a hysteria regarding Internet-fueled terrorism reached fever pitch.

In the midst of this atmosphere, many Islamic movements and organizations on the web were banned, blocked, censored or monitored. With time, the term “cyber terror” emerged to describe any form of Internet aided attack for political causes, yet many still disagree to this day on the use of the word ‘terror’, opposed to more accurate words like ‘vandalism’ or simply just ‘hacking’."
Sensationalizing words will often grab headlines but diminishes their impact and create ambiguity - a problem that is rampant in the IT security profession. The articles presented here often overuse this and other words such as "cyber war", "infowar" and will often be offset in quotations to identify their inappropriate application. "Cyber war" and similar words should only be used for offensive use of technology to further a political or idealogical agenda, not for simple misuse such as hacking (trespass), web defacements (vandalism) or data theft (see Hacktivism & Politically Motivated Computer Crime for a discussion on political 'use', 'misuse' and 'offensive use' of technology for political purposes).

Nomina si nescis, perit et cognitio rerum

(Who knows not the names, knows not the subject)

- Linnaeus

Zeid Nasser's Tech Blog: Cyber-terror makes a comeback in the news

Monday, December 10, 2007

Update: China Linked to U.S. Lab Attacks

The New York Times is quoting a U.S. Department of Homeland Security document alleging the attacks on U.S. research labs originated from China. The article does state that China may have only been an intermediary in the attacks:
"Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location."

China Link Suspected in Lab Hacking

First Indications that November 11th "Cyber Jihad" Was Real

Investor's Business Daily is running a story that indicates the November 11th "Cyber Jihad" attacks resulted in real attacks although they were ineffective.

The attacks were purported to have targeted 15 non-profit organizations critical of Islamist's activity and non-disclosed U.S. government systems. The attacks are reported to have failed due to limitations in the software used in the attacks.

Electronic Jihad Is Another Battlefront Vs. Terrorists

India Issues Arrest Warrents for Dutch Web Activists

An Indian court in Bangalore has issued arrest warrants and will request extradition of eight Dutch nationals who are members of several labor activist groups including Clean Clothes Campaign (CCC), the India Committee of the Netherlands (ICN) and the director a Dutch ISP "". The charges relate to an ongoing activist campaign against Dutch jeans company"G-Star" and their India based manufacturing supplier Fibres and Fabrics International (FFI) and its subsidiary Jeans Knits Pvt. Ltd.

The activist groups are protesting working conditions at the Indian factory (for example, see "Make it clear that labour rights organisations will not be silenced - Support freedom of speech and freedom of association"). This and other web postings resulted in a defamation case brought against the activists by FFI in India.

Most recently, the Dutch jeans maker "G-Star" has announced it will terminate its contract with the Indian manufacturer (see
"G-star ends jeans contract with Indian firm").

This case is a classic example of three important issues with technology and political issues:

  1. Where does free speech end and crime begin? What are the limits involving web postings, online communications and attempts by various interest groups in using technology to organize?
  2. The lack of any consistent international definitions of computer crime or tort and delict civil laws. What is a crime in one country may be a privileged right in another; and
  3. The power of (negative) press is often the most important aspect. In fact, one of the most attractive attribute of the Internet for activist groups is its power as a PR mechanism.

Indian court orders 'arrest without bail' of Dutch activists

US Research Labs Compromised - Again

In yet more bad security news for US research laboratories, the Director of Oak Ridge National Laboratory (ORNL) in Tennessee announced a series of computer intrusions:
"ORNL director, Thom Mason, described the attacks in an e-mail to staff earlier this week as being a "coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country."
One of the other labs is believed to be Los Alamos National Laboratory (LANL) in New Mexico.

No motive or sources has been provided but considerations should be give to the types of targets and the "coordinated" nature of the intrusions. It remains to be seen if there was any political motivation to the computer attacks.
"The possibility that the latest attacks were the work of fraudsters will be seen by some as optimistic -- less positive would be the possibility of a rival government having been involved. Given the apparently coordinated nature of events, speculation will inevitably point to this scenario, with the data theft a cover motivation for more serious incursions."
Hackers launch major attack on U.S. military labs

Thursday, December 06, 2007

Saudi Security Conference Calls for Better International Cooperation Combating Extremists Online

Saudi Arabia recently hosted a conference on Information Technology and National Security where attendees called for increased international regulations to combat the spread of extremist ideologies.

The conference generated yet another estimate of Al-Qaeda supporting websites - 17,000 and growing by 9,000 a year:

"At yesterday’s final sessions, Khaled Al-Firm, an IT specialist, called for the establishment of an international media forum to combat radicalism and terror. Al-Firm quoted Prince Abdul Aziz as saying that there were 17,000 websites on the Internet which fuel Al-Qaeda ideology, with an annual increase of 9,000 websites per year that seek to find new recruits by brainwashing people."

A very important aspect of political computer crime is the need for media coverage as discussed at the conference:

"[Khaled Al-Firm] said that media battles waged by Al-Qaeda were as deadly as the military operations themselves. He pointed out that while the December 2004 attack on the US Consulate in Jeddah was a failure, it received huge publicity providing PR boon to the militants that planned the attack.

“Terrorists do not just focus on military success. There is a third angle to the operation which is the glory of publicity, which compensates for the failure of the operation,” he said."

Experts Recommend Special Laws to Combat Terror

Wednesday, December 05, 2007

More Discussion of Alleged Chinese Activity Online

What's Brewin: Of Cyber War, Chiles and ERP

Tuesday, December 04, 2007

Saudi Intelligence Estimate 17,000 websites 'Adhere to the Takfir Ideology'

In a recent commentary, Tariq Alhomayed, the Editor-in-Chief of Asharq Al-Awsat, an Arabic daily newspaper, discussed the importance of the Internet to the spread of terrorist ideals and discusses Saudi intelligence estimates of Internet activity:
"One should never disregard the internet and the level of intellectual misguidance and the spread of terrorism that is taking place through it. It is enough to refer to the recent announcement made by Saudi intelligence authorities in which it stated that there are nearly 17,000 websites that adhere to the Takfir ideology. Fundamentalist websites in Europe have rushed to translate the Al Qaeda leader’s recent speech into English, French, German and other languages."
The complete commentary is located at:

Is London Tora Bora?

Monday, December 03, 2007

U.K. Links Computer Intrusions to China - Targets Include Rolls Royce and Royal Dutch Shell

MI5 has linked recent computer intrusions against major UK industries to economic espionage by several countries including China and Russia. The intrusions extended into Scandanavian and U.S. systems as well. Various news sources quoted a memo from Jonathan Evans, Director-General of MI5, warning companies:
“The contents of the letter highlight the following: the Director-General’s concerns about the possible damage to UK business resulting from electronic attack sponsored by Chinese state organisations, and the fact that the attacks are designed to defeat best-practice IT security systems.”
"A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense."

"They do not only use traditional methods to collect intelligence but increasingly deploy sophisticated technical attacks, using the Internet to penetrate computer networks," [Mr. Evans] said."

Secrets of Shell and Rolls-Royce come under attack from China’s spies

Shell, Rolls Royce reportedly hacked by Chinese spies