Friday, September 28, 2007

German Trail Opens for "Cyber Jihadist"

This may be one of the first prosecutions in the Western World for posting al Qaeda messages on the Internet. Germany, like most countries, has been slowly tightening and expanding anti-terrorism laws. This case will test the ability of German authorities to limit Islamist activity online.
"The case, experts say, underscores the increasing significance of the role of the Internet in global terrorism. Known to offer everything from sources of terror financing, the sale of chemicals and fertilizers, recruitment of members, to a complete terrorist attack how-to guide, monitoring the Web has long been high on counter-terrorism experts' list."
The article has a good discussion of free speech vs. anti-terrorism efforts.

"Cyber Jihadist" Trial Opens New Front in Anti-Terror Fight

Vitural Sit-In Protest in Michigan Gets Late Press

In May of 2007, the Electronic Disturbance Theater (EDT) called for a "virtual sit-in" of Michigan State's main website to protest cuts in health care benefits.

For some reason it made very little press until just recently when InfoWorld picked up the story. Not sure what caused it to appear on the radar screen at such a late date. The attack had very little impact on Michigan's systems.

EDT was one of the first online protest groups to make available simple DoS attack applets called "FloodNet" to support the Zapatista movement in Mexico during the late 1990s. EDT has not been as active the last few years.

New activist tool: Cyber sit-ins

Thursday, September 27, 2007

Mobile Devices Help Bypass Burmese Censors

Der Spiegel reports on the use of mobile devices to circumvent Burmese censors - just like mobile devices bypass corporate security controls.

THE CYBER REBELLION: Burmese Bloggers By-Pass Censors

Changes to German Computer Misuse Laws in Wake of Alleged Chinese Computer Attacks has an analysis and commentary on the recent changes to German computer misuse laws after complaints that German government systems had been attacked from China.

The full analysis can be read at: Secure Germany

Unisys Denies Washinton Post Allegations Concerning Mishandling of DHS Computer Intrustions

Unisys released a press statement denying (some) of the allegations in a Washington Post article alleging that Unisys employees hide the extent of over 150 intrusions into DHS systems believed to have originated from China.

“Unisys vigorously disputes the allegations made in today’s article. Facts and documentation contradict the claims described in the article, but federal security regulations preclude public comment on specific incidents.

“We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."

Unisys had no comment on the alleged coverup of the incidents.

Unisys Says Facts, Documentation Contradict Allegations in News Story on DHS

Israeli Report on Internet Use by Arabic Groups

The Intelligence and Terrorism Information Center at the Israel Intelligence Heritage & Commemoration Center (IICC) maintains a website with analysis of Internet use by various Arabic groups such as Hezbollah and Palestinian groups. The site details specific websites, a brief synopsis of content and technical information such as the IP addresses and ISPs hosting the sites which are summarized in the following quote:
"Technically, the PIJ's Internet network is supported by ISPs located in Iran (which hosts Qudsway , the PIJ's main site), Malaysia (one site), Canada (one site) and the United States (three sites). The pattern of having the main site Iranian and most of the others American has not changed since our previous examination, carried out in May 2006. That is true although the PIJ is clearly a terrorist organization and appears on the United States list of designated terrorist organizations. That provides an additional illustration that the Internet is the main medium through which the global jihad can spread its propaganda encouraging hatred and terrorism, and the radical Islamic ideology of the Palestinian terrorist organizations."
The Internet in the service of terrorist organizations: the Palestinian Islamic Jihad’s Internet network and the service providers by which the organization is supported (updated to September 18, 2007)

Simulated Power Grid Attack Shown to Top US Officials

AP is reporting that a video was created simulating a cyber attack on a power generator that showed "an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down". This video was later shown to top US officials.

While the threats and vulnerabilities of the power grid are well documented, it is a little troubling that a simplified video simulation is being used to educate top government officials. Threat assessments and communications should never be over- or understated.

As with most infrastructure attacks, it takes more than a few simple keystrokes to cause lasting and significant disruptions. Not only does an adversary need to understand SCADA controls and customized configurations (insider knowledge), they will need to understand and overcome backup, monitoring and redundancy systems.

The article's author's do point this out:

"Industry experts cautioned that intruders would need specialized knowledge to carry out such attacks, including the ability to turn off warning systems.

"The video is not a realistic representation of how the power system would operate," said Stan Johnson, a manager at the North American Electric Reliability Corp., the Princeton, N.J.-based organization charged with overseeing the power grid."

This begs the question: Why would something that "is not a realistic representation" be used to communicate threat potential to key decision makers? Too often, in both government and commercial organizations, security professionals miscommunicate threats and risks - is it any wonder that executives are wary of IT security personnel?

US video shows hacker hit on power grid

Wednesday, September 26, 2007

Estonia Cyberattack Lessons

An analysis of last month's attack on Estonia's information infrastructure and how it might affect US systems is provided in ComputerWorld.

Of particular interest is the discussion on how difficult it is to identify the true source of attacks and how attacks on government systems can easily spill over to civilian systems. This is a not-to-subtle point that many security talking-heads miss when they promote the idea of "cyber counter-attacks".

Could U.S. be at risk for cyberwarfare?

Al-Qaida Continues to Gain Ground on the Internet

UPI International's Arnaud DE BORCHGRAVE has an interesting commentary on the growing success of Al-Quaida's (unimpeded) use of the Internet.

The following quote tells just how extensively and successfully the Internet is being used:

"Cyberpower has emerged as a complex ether power in which digital grassroots are truly global. Al-Qaida’s 6,000-plus Web sites supply the ability to liberate and dominate at the same time. Al-Qaida now operates in virtual space with impunity in recruiting, proselytizing, plotting and planning. In the ether (not the anesthetic), thought is a reality."
The full commentary is available at the UPI website:
Commentary: Al-Qaida on the run?

Saudi Arabia Considering Cybercrime Laws

Gulf News reported that Saudi Arabia is considering new cybercrime laws due to the increased growth of intrusions originating from the Kingdom.

The proposed law would distinguish between basic computer crimes (punishable up to 1 year in prison and a fine) and terrorism related computer crimes punishable up to 10 years in prison.

Cyber Crime Takes Toll in Saudi Arabia

Vendor Downplayed Attacks on DHS Systems

In a case study of how outsourcing incident response goes wrong, The U.S. Government is looking into allegations that the IT vendor for the Department of Homeland Security may have minimized or underreported the extent of intrusions into 150 DHS systems.

Organizations need to remember that outsourcing vendors are almost always motived to not divulge the extent of outages or incidents and it is critical that contractual terms require vendors to provide immediate and full notice of any serious incident. Further, organizations must have the investigative and recovery processes and policies in place to effectively manage the incident.

These intrusions are believed to have originated from China (or at least passed through systems located there).

The full story is located available from Yahoo: Unisys Accused of DHS Breach Cover-up

Turkish Nationalists Deface US Vietnam Memorial Website

Users of the Vietnam Veteran's Memorial website search function were greeted with a list of denouncements against the U.S., Israel, Kurds and Armenia last week. The protest carried video and text in both English and Turkish and made references to the 1915 Battle of Gallipoli during WWI.

The original story was reported by the Washington Times.