Wednesday, January 28, 2009

A Cyber Iron Curtain? has published an interesting article summarizing recent cyber attacks allegedly originating from Russia and suggesting there is a new Cyber Iron Curtain:
"Hence from a ‘Cyber Iron-Curtain’ perspective there is now provided a ‘control at will’ by Russia of communication and increasing cyber influence over its former Soviet satellites, a modern parallel to Winston Churchill’s post second world war description of the Soviet sphere of influence. Separately, the blocking of these major websites in Kyrgyzstan suggests that we should probably move this country up the relative scale of importance for the monitoring cyberwar around the world."

Cyberwar – The Cyber Iron Curtain: Now Kyrgyzstan – Part 1

Denial-of-Service Attack against Kyrgzstan

The Wall Street Journal is reporting that Kyrgzstan's Internet infrastructure is under attack allegedly from Russia. There is very little detail in the report and only speculation on possible motives:
"Theories for the reason behind the current attack in Kyrgyzstan center on the U.S. use of an air base in the country to help with its military operations in Afghanistan. Another theory is that the attack was directed at the fledgling Kyrgyz opposition movement, which has used the Internet to express its discontent."
Wired Magazine offers a little more in-depth speculation:
"Using denial-of-service to clamp down opposition sounds a bit more plausible. During Kyrgyzstan's "Tulip Revolution" in 2005, demonstrators often depended on cell phones and text messages to organize. In post-Soviet states, where a smaller portion of the population is online, the authorities often allow the Internet to thrive as an outlet for dissent and free expression while clamping down on traditional media. But when the net becomes a more effective organizing tool -- or a more effective medium for investigative reporting -- the powers that be begin to take note."

Kyrgyzstan Knocked Offline (WSJ)

Russian 'Cyber Militia' Takes Kyrgyzstan Offline? (Wired)

Tuesday, January 27, 2009

Parent Support Website Attacked in China

In China, a webite was set up for parents of children affected by tainted milk. The Dark Visitor, a website that follows the computer underground in China, is reporting that the parent's website,, has been attacked by "patriotic" hackers:
"A group of patriotic Chinese hackers have joined together to attack the website and force it down. They claim the website is illegal, posting photoshopped pictures and fabricating the condition of the patients. This casts a bad light on China’s period of prosperity and therefore, has become the target of resentful patriotic youth."

Patriotic Chinese hackers attack website of melamine poisoned children

Egyptian Use of Socal Networks for Protest

Last week, I posted on how Saudis were using social networking sites to protest when physical protests were limited. The New York Times ran a lengthy report on the same phenomenon in Egypt:
"Freedom of speech and the right to assemble are limited in Egypt, which since 1981 has been ruled by Mubarak’s National Democratic Party under a permanent state-of-emergency law. An estimated 18,000 Egyptians are imprisoned under the law, which allows the police to arrest people without charges, allows the government to ban political organizations and makes it illegal for more than five people to gather without a license from the government. Newspapers are monitored by the Ministry of Information and generally refrain from directly criticizing Mubarak. And so for young people in Egypt, Facebook, which allows users to speak freely to one another and encourages them to form groups, is irresistible as a platform not only for social interaction but also for dissent."
The article discusses how social networks (Facebook in particular) and blogging was used to protest and discuss various aspects of the Gaza conflict:
"In most countries in the Arab world, Facebook is now one of the 10 most-visited Web sites, and in Egypt it ranks third, after Google and Yahoo. About one in nine Egyptians has Internet access, and around 9 percent of that group are on Facebook — a total of almost 800,000 members. This month, hundreds of Egyptian Facebook members, in private homes and at Internet cafes, have set up Gaza-related “groups.” Most expressed hatred for Israel and the United States, but each one had its own focus. Some sought to coordinate humanitarian aid to Gaza, some criticized the Egyptian government, some criticized other Arab countries for blaming Egypt for the conflict and still others railed against Hamas."
The article then looks at internal protest within Egypt, in particular, the April 6 Youth Movement that attempted to organize a national strike in Egypt. The case study not only shows how social networks can be used for protest but that they are not risk free:
"[Facebook] ...members who identified themselves as government security agents joined the April 6 group, too, posting comments under the insignia of the Egyptian police, and as April 6 approached, the government issued a strong warning against participation in the strike."
Shortly after, the Facebook organizer, Esraa Rashid was arrested.

The popularity of Egyptian and other online protests has caught the attention of the U.S. State Department:
"State Department officials ... believe that social-networking software like Facebook’s has the potential to become a powerful pro-democracy tool. They pointed to recent developments in Saudi Arabia, where in November a Facebook group helped organize a national hunger strike against the kingdom’s imprisonment of political opponents, and in Colombia, where activists last February used Facebook to organize one of the largest protests ever held in that country, a nationwide series of demonstrations against the FARC insurgency."

Revolution, Facebook-Style

Friday, January 23, 2009

China Releases a White Paper on National Defense

The Chinese government has released a white paper on their national defense strategy. The paper discusses information warfare and what the call the "informationizing" of the People's Liberation Army (PLA). The preface summarizes the cyber strategy:

"Conducting training in complex electromagnetic environments. The PLA is spreading basic knowledge of electromagnetic-spectrum and battlefield-electromagnetic environments, learning and mastering basic theories of information warfare, particularly electronic warfare. It is enhancing training on how to operate and use informationized weaponry and equipment, and command information systems. It is working on the informationizing of combined tactical training bases, and holding exercises in complex electromagnetic environments."

White paper on national defense published

Saudis Turn to the Internet for Protest

The Middle East Online discusses the increase in protest blogging in Saudi Arabia and makes the case that part of the driving force in its popularity is due to Saudi limitations on other forms of physical protest:
"Since the police’s dispersal of a demonstration in support for Palestinians in Gaza with rubber bullets and tear gas last December in the east of Saudi Arabia, hundreds of blogs and forums have flourished on the Web to carry out jihad (holy war) against Israel and the "puppet" Arab regimes."
This ability to voice anger and decent online has increased use of the Internet within the Kingdom:
"Today, the kingdom - with a population of 28.14 million, including 5.57 million expatriates - is under the influence of “Internet fever”. With over 6.2 million users in 2007, Saudi Arabia has got the 37th largest number of Internet users in the world, according to statistics compiled on December 18, 2008 by the CIA.

"By heavily showing their anger on the Web, Saudis prove they are the most faithful (Muslims) to the Palestinian cause," wrote a Saudi blogger.

"So we avoid the demagogy of rowdy street demonstrations," he added."
The article gives several examples of the use of blogs and social networks to vent anger over the Gaza conflict such as:
"We are the promoters of the Electronic Intifada. Our supporters are no less numerous than the demonstrators on the streets. We put our expertise to the resistance, to denounce the war against Gaza and the Arab silence ... without red lines to prevent us from expressing our anger," said a Saudi on YouTube."

Barrage of fire in Gaza, online ‘intifada’ in Saudi

Al Jazeera Report on Isaeli-Palistinian Online Conflict

Al Jazeera's English website has posted an analysis of the Israeli-Palestinian cyber conflict and provides a good summary of the classic pattern on online escalation:

"With the internet becoming a battleground of ideas, the average person, armed with a keyboard and an internet connection, became a participant in the conflict.

"On December 27, 2008, Israel launched 'Operation Cast Lead' against Hamas targets in the Gaza Strip. Within minutes of the first missile landing in Gaza, global reactions appeared online.

"During the first few days of the war, online discussions were restricted to war of words. Both sides engaged in heated debates and blamed each other for the fatal surge in military operations.

"As the discussions grew, attempts were then made by supporters of both sides to establish a coordinated response aimed at combatting [sic] the other side's propaganda."

Waging the web wars

Obama Adminstration Releases National Security Agenda Including Cyber Security

The new Obama Administration has posted their strategy for national security on the White House website. The document specifies a number of agenda items including terrorism, nuclear weapons and... information security.

The agenda is broad and encompasses many areas of information security that historically have been neglected, drowned in red tape and infighting or handed over to technical PhDs that can't see beyond the length of an encryption key to develop "solutions" that can't be implemented.

It remains to be seen if the new Administration can implement real change. However, if even a few of these initiatives were properly implemented it would be a major step forward.

Here is the full text of the cyber security section:

"Protect Our Information Networks

"Barack Obama and Joe Biden -- working with private industry, the research community and our citizens -- will lead an effort to build a trustworthy and accountable cyber infrastructure that is resilient, protects America's competitive advantage, and advances our national and homeland security. They will:

  • Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy.

  • Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure.

  • Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.

  • Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate.

  • Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime.

  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age."


Information Security Makes GAO High Risk Report for the 12th Year

The U.S. Government Accountability Office (GAO) has updated its list of governmental projects that are at risk "due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. GAO also identifies high-risk areas needing broad-based transformation to address major economy, efficiency, or effectiveness challenges."

Information security continues to make the list - for the 12th year. In the section titled: "Protecting the Federal Government’s Information Systems and the Nation’s Critical Infrastructures", the report makes note that the Department of Homeland Security (DHS) has made some progress but still falls short:
"Federal information security has been on GAO’s list of high-risk areas since 1997; in 2003, GAO expanded this high-risk area to include cyber CIP [Critical Infrastructure Protection]. The continued risks to information systems include escalating and emerging threats; the ease of obtaining and using hacking tools; the steady advance in the sophistication of attack technology; and the emergence of new and more destructive attacks."
Specifically, the report refers to numerous detailed past GAO reports and summarizes several areas requiring attention:
"Since 2006, GAO has made numerous recommendations in the following key areas:
  • bolstering cyber analysis and warning capabilities.
  • reducing organizational inefficiencies.
  • completing actions identified during cyber exercises.
  • developing sector-specific plans that fully address all cyber-related criteria.
  • improving cyber security of infrastructure control systems.
  • strengthening DHS’s ability to help recover from Internet disruptions.
"Until these and other key cyber security areas are effectively addressed, the nation’s cyber critical infrastructure is at risk of increasing threats posed by terrorists, nation-states, and others."

Monday, January 19, 2009

A Look at the Future of U.S. Cyberwar

Aviation week takes a look at the future (and convergence) of cyber and other electronic warfare. Some of the more notable quotes from the article include:
"In a few years, the U.S. Army, Navy and Marine Corps expect to be delivering airborne electronic fires and cyber-attacks for ground troops with a fusion of radio battalions, EA-6B Prowlers, EA-18G Growlers and a range of UAVs."

"...As cyber- and electronic attack technologies emerge, it is becoming harder to distinguish between cyberwarfare, directed energy and electronic attack, intelligence gathering and information operations. Rationalization of all these elements also is complicated by shrinking manpower and funding."

"...However, researchers are worried that pieces of the digital puzzle are still missing - in particular, projection of new threats that foes may throw at the U.S."

Cyber-Attack Operations Near

Wednesday, January 14, 2009

Social Networks Becoming an Important Method of Online Protest

The importance of social networking in online protest is becoming more apparent during the Israeli Palestinian conflict in Gaza. The use of various networks such as YouTube and Flickr allow both side to show and tell their story but it appears that Facebook is where the action is.

These social networks are used by individuals, groups and governments to convey their messages, rally support, solicit donations and organize physical protests.

"On Dec. 30, the Israeli consulate in New York conducted a news conference on the war entirely on Twitter, the social messaging site where users communicate in short, rapid-fire notes, or "tweets."

"As a chance to field questions from a world audience, the experiment succeeded, but with questions and answers limited by Twitter to 140 characters, it didn't exactly make for nuanced discussion, even when consulate staffers rewrote the abbreviations." - McClatchy

"The IDF itself has also begun an Internet effort, making use of YouTube and a blog to post official army videos and information about the situation in Gaza. ...its videos had been viewed over 750,000 times. " - The Jerusalem Post
There are even meta-protest sites that allow visitors to vote or pick which side they want to support:
"It doesn't get any simpler than, where visitors can just pick sides. With nearly 500,000 votes cast, the race is a virtual tie, while the Web site's server is overloaded." - McClatchy
This isn't limited to the current Israel-Gaza conflict. allows people to voice their opinion on the gas standoff with the EU.

Online and traditional media are increasingly reporting not just the use of social networking but their effectiveness:
"More than 1,000 students and ethnic minorities swarmed the streets of Hong Kong Sunday responding to a Facebook call to march against Israel’s deadliest assault yet on impoverished Gaza." - Saudi Gazette
Traditional social networks are not the only places online protest is showing up. Virtual worlds such as Second Life are developing protest movements as well:
"Virtual worlds have been left mostly to their own devices and the picture is somewhat different with no overt ‘official’ presence from the Israeli government or Hamas. Both sides of the conflict are therefore, represented in Second Life by, Second Life Israel and the Palestinian Holocaust Memorial Museum (slurl) hosted by the IslamOnline site. Second Life Israel (slurl) has been the focus of some limited protest within Second Life, while the Palestinian Holocaust Memorial Museum is much more of an information hub." - MetaSecurity
In fact, the issue of security and protest in virtual worlds now has its own blog, which states its purpose as:

"... a blog that seeks to explore ideas relating to the security implications of virtual communities. The blog will post articles and commentary relating to security events in this rapidly growing sector. Specific topics include:

  • Fraud
  • Money Laundering
  • Inworld criminal activity
  • Legal responses
  • Inworld extremist acvivity
  • Software Security"
The introduction of social networks and virtual worlds has increased the relevance of online protest but the importance of the media in furthering online political causes is not new and was seen in the 1980s and 1990s:
"Politically motivated computer crime differs from traditional “hacking” in that the target is chosen - and the attack is designed - to effect a change in the behavior or activity of the victim. Therefore, a cyber attack, in isolation, most likely will not accomplish the goal of the attacker. It is for this reason that politically motivated cyber attacks are often combined with extensive public relation campaigns." - Politically Motivated Computer Crime and Hacktivism
It is obvious that this activity will evolve quickly. As the effectiveness of these types of protests increase, I'm sure we will see an increase in attempts to censor or block them. We're not in Kansas anymore...

Some other media quotes related to social network protest movements:

"As soon as Operation Cast Lead began to take shape just over a week ago, Dan Peguine started the program QassamCount, a system that updates users' statuses on Facebook with the number of Kassams that hit Israel.

"Within the first three days, 10,000 people had donated their statuses to the cause.

"Peguine first started a program counting Kassams about a week before the operation in Gaza began. He used Twitter, which sends users' statuses to all their "followers," to help people understand how often rockets hit the South" - The Jerusalem Post

"An enormous number of people around the world are using blogs, YouTube and social networking sites such as Facebook and Twitter to register their support or opposition to the war. Thousands of images — from Palestinians under siege in Gaza to Israeli neighborhoods that have been hit by Hamas rocket attacks — have filled photo-sharing sites such as Flickr and Picasa."

"So how are young people protesting the conflict in Gaza through Facebook? Well, in many, and often time creative ways, such as through status messages, notes, and most significantly through the formation of groups. Some of the groups that have been created in response to the airstrikes include, “Stop Israeli attacks on Gaza,” “Gaza is bleeding,” “Prayers for Gaza People,” and “Let’s collect 50,000 signatures to support the Palestinians in Gaza.” - The Examiner

Gaza War's New Front: Facebook (Wired Magazine)
Social networking boost for Gazans (Saudi Gazette)
Gaza war also being waged in cyberspace (McClathy)
Twitter, Facebook users show solidarity with QassamCount (The Jerusalem Post)
Gaza, Information War and Second Life (MetaSecurity)
Increased Use of Social Networks in Protests (PoliticalHacking)
Politically Motivated Computer Crime and Hacktivism

Online Attacks against Anti-War Group

The U.K. based anti-war group, "Stop the War", claims its website, Facebook and YouTube sites are being disrupted:

"Stop the War believes pro-Israeli groups could be behind the internet campaign, although a spokesman admitted it had no proof this was the case.

"A spokesman said of the cyber-war it was facing: "It's a well-known tactic. The same thing happened to us before our anti-Iraq war protests in 2003. We obviously can't prove any connection but the timing would suggest that it's a supporter of Israel."

"The spokesman told The Independent: "At the same time that our website was under attack, a number of videos went up on YouTube which claimed the demonstration had been cancelled. Someone posted notices on our Facebook groups saying the same thing."

Stop the War's website 'disabled by pro-Israeli hackers'

Tuesday, January 13, 2009

Timing Chinese Attacks?

With all the news, speculation and hysteria concerning cyber attacks from China, it would be great if we could predict when the "next big attack" will occur. Well, the Dark Visitor has provided just such an analysis and a 2009 calender to help get ready!

The conclusion:
"That’s right! [Chinese] Off days, holidays and late at night are the perfect time to cyber mobilize a massive number of people for a “Cyber People’s War”."

The perfect time for a massive Chinese cyber attack

Online Propaganda Explodes during Gaza Strip Conflict

Propaganda has always been a part of any conflict and the Israeli-Palestinian war is no exception. The Internet just makes dissemination faster, easier and to a wider audience than ever before.

The manipulation of video and other media is easier as well:

"As the Israeli military spokesman Major Avital Leibovich said, explaining why Israel had set up a YouTube page: "The Blogosphere and the new media are basically a war zone [in a battle for world opinion]."

"It is fitting, then, that the famous first casualty of war - truth - should have been so swiftly slain and laid to rest online.

"This month, both sides have posted hoax stories and misleading videos in order to demonise their opponents."

The article provides several examples.

Gaza propaganda war escalates on the internet

Monday, January 12, 2009

Radio Station Attacked by Jihadist Supporters

A U.K. radio station's website was defaced by Jihadist sympathizers in apparent support for Ahmed Al-Qahtani (who is suspected of involvement in the 9/11 attacks). The radio station also believes the attack may have been in retaliation for some of the Christmas music they had recently played.
"The site was compromised on Monday morning and again on Wednesday. The hijacker used the name ‘Soldier of Allah’ and ‘M03sl3m H4ck3rs’ - or Muslim Hackers written with numbers.

"The message warned: ‘Whoever thinks of insulting Islam or Muslims will suffer the same fate.
‘We are the nightmare of western websites in the cyber war.’

"The hackers claim they are defending Islam from harassment by America, Israel and Denmark."

Radio hijacked by Muslims as they are offended Cliff Richards halleluiah

NATO and US Army Systems Targeted by Palistinian Supports

Supports of Palestine have defaced several US Army, NATO and UN websites in the continuing escalation of cyber attacks related to the current situation in the Gaza Strip:
"Four websites belonging to the United States Army's Military District of Washington... have been defaced by a Turkish hacker affiliated with a group called “Peace Crew.” The attacker, who identified himself as Agd_Scorp, has posted threatening messages in English. “Stop attacks u Israel and USA! You cursed nations! One day Muslims will clean the world from you!,” the pages displayed.
"The website of the Joint Force Headquarters, National Capital Region... of the Northern Command has also been defaced by Agd_Scorp, and the same message has been posted along with the image of a Palestinian throwing a rock at a tank. In addition, the same attacker also hacked the websites of the NATO Parliamentary Assembly... and UNICEF Italy, in order to express his support for Palestine."

Palestinian Supporters Hack NATO and U.S. Army Sites

Botnet Set Up to Support Israel in Conflict

A group of Israeli supporters have set up a web site to download code to create a botnet allowing denial-of-service attacks against Palestinian targets. It appears to be modeled after a similar system used by Russian sympathizers during the Georgian conflict.
"Installing this program onto a computer will turn it into a drone, and will place it at the disposal of the hacktivists. What differentiates this tool from regular malware is that the installation is performed voluntarily by individuals who sympathize with Israel's efforts.
“Our goal is to use this power in order to disrupt our enemy's efforts to destroy the state of Israel. The more support we get, the more efficient we are,” the website set up by the group reads. The hackers included an uninstaller for the application and vowed to dismantle the botnet, once the conflict in Gaza Strip is over."

Botnet Tool to Support Israel's Offensive: End-users willingly turn their computers into zombies

Tuesday, January 06, 2009

U.K. Police Can Compromise Computer Systems without a Warrant

The U.K. Home Office has adopted plans to allow investigators to remotely search computers without a court order. The reports to date do not discuss the legal issues of using these techniques outside of the U.K.:
"Even though remote searching has existed in Britain since the '90s, when it was introduced as an amendment to the Computer Misuse Act, it has rarely been used until now and has been strictly controlled under the Regulation of Investigatory Powers Act. According to the new proposal, police forces or MI5 agents will be able to conduct such intrusive surveillance based merely on the decision of a senior officer that it is “proportionate” and necessary to the investigation of an offense that is punishable with a minimum sentence of three years in jail.

"In order to conduct the remote searching, the police will be able to act much like the cyber-criminals do, by developing malicious code, distributing the spyware via e-mail attachments, installing keylogging software or intercepting WLAN traffic. "

British Police Can Hack Computers Without Requiring Court-Issued Warrants

Monday, January 05, 2009

More Attacks on Israeli Websites

As expected, more reports of web defacements related to the Israeli-Palestinian conflict are coming in. Current estimate is around 10,000 websites have been attacked worldwide.

"The defacements have primarily affected small businesses and vanity Web pages hosted on Israel's .il Internet domain space. One such site was that of Israel's Galoz Electronics Ltd. On Wednesday, the hacked Web site read "RitualistaS GrouP Hacked your System!!! The world isn't insurance!!! For a better world."

"Other attackers have placed more incendiary messages condemning the U.S. and Israel and adding graphic photographs of the violence."
We should expect this trend to escalate as events on the ground continue.

With Gaza Conflict, Cyberattacks Come Too

Tunisia Bloggers Protest Government Censorship

Bloggers in Tunisia are debating an online protest against government censorship. The campaign known in English as Action Post Blank called for bloggers to only post a protest graphic on their website.

The article also discusses online action by the Tunisian government to censor websites:
"Numerous bloggers complained in 2008 of intrusions and blockages of websites by the Tunisian Internet Agency (ATI). Many Tunisians also accuse ATI of supporting bans on a number of popular websites. It was this issue that prompted journalist Ziad El Heni to file a lawsuit against the agency, accusing it of blocking the social networking website Facebook before it was re-opened last August based on an order from the President."

Online censorship protest turns into debate among Tunisian bloggers

Attacks on Israeli News Sites

Debkafile has reported a denial of service attack on its servers which they believe was in retaliation for Israel's military action in Gaza.
"DEBKAfile's two sites in English and Hebrew came under a massive cyber attack on our servers at the moment Israeli ground forces crossed into the Gaza Strip Saturday night, Jan. 3."

Important Notice

Sunday, January 04, 2009

Increased Use of Social Networks in Protests

MetaSecurity has posted a discussion and analysis of the use of social network sites by protest groups around the world.
"Networked inchoate anarchic protest is in itself a significant potential trend over the medium-term. The global economic crash will create new systems and ideas or at least new ways of using old ideas. As the Economist [magazine] notes the traditional mass staged rally aimed at G8 gatherings seems particularly quaint when put against the practice and potential of networked spontaneous protest. The key element these new technologies provide is the ability to amplify the protest message to a wider networked audience – this trend will only increase."

Globally Networked Anarchism (#Griot)

Indian and Pakistani Cyber Conflicts

UAE based The National ran an article on the ongoing and escalating cyber attacks between India and Pakistan with the following analysis:
"One New Delhi-based IT specialist, who works on government websites and did not want to be named for security reasons, said in the cyber war Pakistanis have an upper hand because Pakistani hackers are organised in groups whereas most of the Indian ones are working alone. Also, hackers based in Pakistan were motivated by religious reasons, experts said."

After Mumbai, Pakistan and India wage war in cyberspace