Tuesday 7th of July 2020

war of the cybers...



The US military lacks the people and resources to defend the country adequately from concerted cyber attacks, the head of the Pentagon's cyber command has warned.

"We are very thin, and a crisis would quickly stress our cyber forces," Gen Keith Alexander told Congress.

The US says government systems are attacked millions of times a day.

Disputes over budgets are holding up a new cyber protection system ordered by the Department of Homeland Security.

However, some argue the threat of cyber warfare is greatly exaggerated.

'Potential adversaries'

Gen Alexander, head of the US Defence Department's Cyber Command, told a Congressional Committee that he would mark as a "C" the military's ability to protect Pentagon networks, although he acknowledged improvements in recent years.

"We are finding that we do not have the capacity to do everything we need to accomplish. To put it bluntly, we are very thin, and a crisis would quickly stress our cyber forces," he said.


a war of metaphors...

The threat of cyber warfare is greatly exaggerated, according to a leading security expert.

Bruce Schneier claims that emotive rhetoric around the term does not match the reality.

He warned that using sensational phrases such as "cyber armageddon" only inflames the situation.

Mr Schneier, who is chief security officer for BT, is due to address the RSA security conference in San Francisco this week

Speaking ahead of the event, he told BBC News that there was a power struggle going on, involving a "battle of metaphors".



sock puppets...

The US military is developing software that will let it secretly manipulate social media sites such as Facebook and Twitter by using fake online personas to influence internet conversations and spread pro-American propaganda.

A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an "online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world.

The project has been likened by web experts to China's attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

The discovery that the US military is developing false online personalities – known to users of social media as "sock puppets" – could also encourage other governments, private companies and non-government organisations to do the same.


 see toon at top...

lost in the crypter theft...

Hundreds of thousands of cryptographic tokens used by Australians who bank online, the Defence Force and other large corporations are vulnerable to a potential hack attack after a supplier revealed secret data it held had been stolen.

Customers of RSA, a security division of the data storage giant EMC, were on Friday told that the company had been the victim of “an extremely sophisticated cyber attack”.

Federal government customers of RSA’s affected SecurID service include the Department of Defence, Department of the Prime Minister and Cabinet, Australian Electoral Commission, Family Court of Australia, Department of Parliamentary Services, Department of Veterans' Affairs, Geoscience Australia, AusAid, Department of the Treasury and Crimtrac, according to closed tender documents listed on the AusTender website.

Known Australian companies that use the RSA token service include Westpac, Telstra and Virgin Blue.

A prominent security expert, Steve Gibson, said RSA customers should consider their RSA SecurID tokens "completely compromised" and insist upon their immediate replacement. Though RSA may not want to do this, Mr Gibson described it as "the responsible thing" to do, even if it was a "very expensive" exercise to undertake.


a "serious" cyber attack in the EU....

The EU has reported a "serious" cyber attack on the Commission and External Action Service on the eve of a summit in Brussels, a spokesman told the BBC.

Crucial decisions on the future structure of the EU, economic strategy and the ongoing war in Libya are to be discussed at the two-day talks.

Details were not given but other sources compared the attack to a recent assault on France's finance ministry.

"We're often hit by cyber attacks but this is a big one," one source said.

The European Commission has been assessing the scale of the current threat and, in order to prevent the "disclosure of unauthorised information", has shut down external access to e-mail and the institutions' intranet.

Staff have been asked to change their passwords.



stolen from pentagon...

A top Pentagon official has admitted that a massive amount of data related to new defence technologies were stolen earlier this year.

"It was 24,000 files, which is a lot, but I don't think it's the largest we've seen," William Lynn, the US deputy defence secretary, said on Thursday.

Lynn revealed the theft as he unveiled a new Pentagon cybersecurity strategy that designates cyberspace as an "operational domain" like sea, air and land where US forces will practice, train and prepare to defend against attacks.

However, he declined to specify the country behind the attack, what company was hit or what the files contained. He said the theft occurred in March and targeted files at a defence contractor developing weapons systems and defence equipment.

The hacking was a dramatic illustration of the rising difficulties the Pentagon faces in protecting military and defence-related networks critical to US security.

"The policy doesn't really deal with the legal justification for treating attacks on computer networks, public and private, as potential acts of war," Al Jazeera's Rossyln Jordan reported from the Pentagon.



see toon at top...

as long as you use protection...

For those who believe that using the BitTorrent protocol for piracy is a young person's game, you might want to know about a San Francisco woman risking a potential $150,000 fine for torrenting porn.

She's 70 years old, you see.

Of course, she claims to not even know what BitTorrent is, but who can believe the word of a thief? Well, as you might expect, the case isn't exactly a slam dunk. The anonymous 70-year-old was named as part of a lawsuit against multiple users for illegally downloading adult material, but she believes that someone else was using her unsecured Wi-Fi to do so.

(More: Is It Illegal to Leave Your Wi-Fi Network Open?)

Refusing to pay the $3,400 settlement requested by the lawsuit, the woman plans to go to court and explain to the judge what's what.

"It smacks of extortion," she told SFGate.com, adding that she'd "throw herself on the mercy of the court" if necessary: "I'd say to the judge, 'I have no idea how this happened.' If Sony can get hacked, if the Pentagon can get hacked, my goodness, what chance does an individual have?"

You have to hope that this case gets thrown out in court or perhaps dismissed before it even gets there, thanks to a sudden attack of common sense. Although, admittedly, if it turns out that this old woman actually was the one torrenting porn, and her defense was all an act to play on our sympathies and stereotypes, I will kind of love that.

Read more: http://techland.time.com/2011/07/15/why-is-a-70-year-old-woman-being-sued-for-porn-piracy/#ixzz1SRYPd6gL

inflaming the diplomacy...


U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say

By  and Wednesday, June 20, 5:07 AM

The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber warfare campaign, according to the officials.

The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials who spoke on the condition of anonymity.

There has been speculation that Washington had a role in developing Flame, but the collaboration on the virus between the United States and Israel has not been previously confirmed. Commercial security researchers reported last week that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity.

Spokesmen for the CIA, the NSA and the Office of the Director of National Intelligence, as well as the Israeli Embassy in Washington, declined to comment.

See toon at top...


we're idiots...


The head of one of Australia's most secretive spy agencies has identified cyber warfare as potentially one of the most serious threats to national security over the coming decade.

Nick Warner says there have been dramatic changes in the security environment in the recent past, and the situation is likely to become more volatile and dangerous in the years ahead.

It is the first time a director-general of the Australian Secret Intelligence Service (ASIS) has spoken publicly since the agency was created 60 years ago.

Mr Warner used his speech to the Lowy Institute to point out the agency's "significant and unheralded successes" in targeting people smuggling networks and its contribution to Australia's war efforts in Afghanistan.

See toon at top...

Security might be a problem but climate change is going to be soon a far worse problem than anything else we've experienced before in the short history of modern humankind... I personally don't panic much about it since I'll be dead... but your children and their children are going to endure massive paybacks from years of human induced CO2 release in the atmosphere from burning fossil fuels... The signs are there, the science is correct despite a mad bunch of ningnongs trying to be spruiking nincampoops on this serious subject...

Even the Lowy Institute shows that it is not a leader on this issue, and is more like a goofy pimply intern taking the temperature of the issue by planting a few polls in the arse of people rather than listening to proper scientists... We need some killer blows to the Alan Jones and the Andrew Bolt disinformation campaigns... We need to revitalise the reality and the tally of what we are doing to the thin surface of this small planet... 

Otherwise we're idiots. We're idiots... Wake up!


overhyped reports?...


Despite self-interested claims from companies and governments, identity theft is extremely rare and the costs of cybercrime are significantly lower than claimed, new polling by Essential Research shows.

Crikey has previously examined overhyped reports from computer security companies aimed at generating additional sales for their products, hyping the Australian government has happily joined in. According to Attorney-General Nicola Roxon, identity fraud is one of Australia’s fastest growing crimes and one in four Australians “had been a victim or had known someone who had been a victim of identity theft”.

The key to overhyping cybercrime is to conflate a variety of different crimes under one broad description. But now Essential has disentangled commonly-conflated crimes and asked people to estimate how much they actually most. And the evidence comprehensively debunks the claims made about cybercrime.

According to Essential, just 1% of Australians report ever being the victim of identity theft. If identity theft is “Australia’s fastest growing crime” as Nicola Roxon, the AFP and many media reports insists, then it must have been coming off a positively microscopic base.


I beg to differ... 

I know for a fact that banks spend a fair amount of dosh to protect your (theirs) money... I hope it's not a fallacy in my brain that most banks have complex algorithms that are modified every thirty seconds, for online security... Encryption is not a mirage. And it limits the damage that a "cyber war" would do otherwise to unprotected access...

The fact that "only" a few people (220,000) in this country have had "identity theft" shows that the encryption are working, but need to be updated all the time.

It takes someone with determination, skill and complex programs, to break the codes... BUT IT CAN BE DONE...

Sure, someone at the counter of some dodgy shop might pass on you credit card details and you loose some dosh but I know some people who have been defrauded of cash, up to A$2 million by clever schemers... Most of the fraud on credit card amounts up-to 5000 bux.

But the "cyber" war is mostly fought where it's not seen... Organisations, governments, businesses , all have security that needs to be checked and updated using complex encryption... Because eventually someone will "virtually" break in and steal information and cash...  Cyber crime is not an illusion... The bigger crimes don't go reported for many reasons, from shame of having been raided as well as having discreet investigations still going on, as often the raiders become "greedy"...

Even on this site, we are invaded by pedlars of Gucci bags and Whatever gold watches... We try hard to buzz them off but unless we close the forum down completely, we have buckley's chances. So buzz off you, annoying merchants of fake goods!... My email gets daily some unsolicited mail that should I respond to (or even open), Trojan cookies would be infiltrating the deck and steal information including key strokes. This is not a fallacy and nasty people trawl every computer till they find one in which they can get a foothold.

For example the fact that US could infiltrate the Iranian nuclear program with a Trojan virus only shows the top of the iceberg in this cyber war, in which small crooks and bigger crooks, including the CIA, will target anything that moves bits...


Meanwhile global warming is still the worse thing that is "threatening" humanity and the planet...


hackers for right...


The family of celebrated internet activist Aaron Swartz has accused prosecutors and MIT officials of being complicit in his death, blaming the apparent suicide on the pursuit of a young man over "an alleged crime that had no victims".

In a statement released late Saturday, Swartz's parents, Robert and Susan, siblings Noah and Ben and partner Taren Stinebrickner-Kauffman said the Redditt builder's demise was not just a "personal tragedy" but "the product of a criminal justice system rife with intimidation and prosecutorial overreach".

They also attacked the Massachusetts Institute of Technology (MIT) for not supporting the internet activist in his legal battles and refusing to stand up for "its own community's most cherished principles".

The comments came a day after the 26-year-old killed himself in his Brooklyn apartment on Friday night.

A committed advocate for the freedom of information over the internet, Swartz had been facing a trial over allegations of hacking related to the downloading of millions of documents from the online research group JSTOR. Swartz pleaded not guilty last year; if convicted, he could have faced a lengthy prison term.

News of his death resulted in an outpouring of tributes over the internet. Tim Berners-Lee, the man credited with inventing the world wide web, tweeted: "Aaron dead. World wanderers, we have lost a wise elder. Hackers for right, we are one down. Parents all, we have lost a child. Let us weep."

Swartz dedicated much of his time to fighting online censorship and his court case had become a cause célèbre for many similar-minded figures.

read more : http://www.guardian.co.uk/technology/2013/jan/13/aaron-swartz-family-mit-government


dotcom can do...

Back then, Dotcom "thought of myself as more American than Americans", he says. "I always had this attitude of can-do, and if you're successful you can show it, which is a very un-German thing, you know. And now, in hindsight, looking at this, the US has lost a lot of its flair for me. It's becoming such an aggressive state."

After a year in which the Megaupload dispute has become one of the most prominent and colourful talking points in the debate over "internet freedom", Dotcom himself has, he says, had his eyes opened. "When you live in your happy bubble and you have everything you desire and you live a great life, you don't think about all the nasty shit that is happening. I have a much better understanding now of how the US government operates and how much spying is actually going on, how much privacy intrusion is the reality today … we are very close to George Orwell's vision becoming a reality."

In Dotcom's telling of the story, his travails began when the Motion Picture Association of America hired the veteran former senator Chris Dodd, who used his sway over his longtime ally the vice-president, Joe Biden, to encourage a move on Megaupload. "If you connect all the dots, and you see who the operators are behind all of this, you understand the political scope," he says.

"They had a political agenda, plus they had an upcoming election, and they needed an alternative for Sopa," says Dotcom, in a reference to the ill-fated and draconian Stop Online Piracy Act.

"It would probably have looked very bleak for [Obama] to go to Hollywood and ask them to help him get re-elected when he couldn't make Sopa happen for them. So Megaupload became a plan B."

Meanwhile, says Dotcom, an aggressive and outdated approach in Hollywood blinkers them from the potential to build a new business model around the internet. "There's so much money to be made, and those fools don't get it. They just don't get it."

read more: http://www.guardian.co.uk/technology/2013/jan/18/kim-dotcom-fight-internet-freedom/print
See toon at top...



U.S. said to be target of massive cyber-espionage campaign

By Monday, February 11, 12:45 PM

A new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness, according to individuals familiar with the report.

The National Intelligence Estimate identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain.

The report, which represents the consensus view of the U.S. intelligence community, describes a wide range of sectors that have been the focus of hacking over the past five years, including energy, finance, information technology, aerospace and automotives, according to the individuals familiar with the report, who spoke on the condition of anonymity about the classified document. The assessment does not quantify the financial impact of the espionage, but outside experts have estimated it in the tens of billions of dollars.

Cyber-espionage, which was once viewed as a concern mainly by U.S. intelligence and the military, is increasingly seen as a direct threat to the nation’s economic interests.

In a sign of such concerns, the Obama administration is seeking ways to counter the online theft of trade secrets, according to officials. Analysts have said that the administration’s options include formal protests, the expulsion of diplomatic personnel, the imposition of travel and visa restrictions, and complaints to the World Trade Organization.

Cyber-espionage is “just so widespread that it’s known to be a national issue at this point,” said one administration official, who like other current and former officials interviewed spoke on the condition of anonymity to discuss internal deliberations.

The National Intelligence Estimate names three other countries — Russia, Israel and France — as having engaged in hacking for economic intelligence but makes clear that cyber-espionage by those countries pales in comparison with China’s effort.

China has staunchly rejected such allegations, saying the Beijing government neither condones nor carries out computer hacking.



What is lacking in this report is that the US are cyber spying on most (all) the countries in the rest of the world... Not only they are spying, the US are also sending powerful cyber viruses to some of the countries it does not like — like Iran. The cyber war between the US and Europe is vexed by the ambiguous UK that has been playing a double game (it's not "official", but if you don't know this, just have a look at the way the US and the UK are playing counterpoint like lovers in a tiff)... But it is my "guess" (knowledge?) that the European countries know this, but are playing along... while keeping a keen eye on the English Poms...

China would know too that some freedom allowed to some companies like google can allow inflitration of their own secrets... Say if google can create algorythms that find 12 million entries for a particular subject in 0.12 seconds, developing algorythms that can penetrate anything online — even protected by super encryption — becomes children shit. See toon at top...

a bit of rot on the shiny apple...


Le Monde

Jonathan Zdziarski, an expert from the Apple Product Security, accused the company of having introduced and maintained a discreet functionality to access data - theoretically protected - contained in iPhones and iPads. 

As explained by the specialized website Threatpost, a feature present in iOS can be used to circumvent devices protecting data contained in appliances (that team up and operate devices from Apple software). "Accessible remotely or via a USB connection" makes "all data protected available either to a hacker or to the police if the unit has not been restarted since the last time the user entered his PIN code". With this, SMS, iMessages, photos, videos and calendars can be recovered ...

Translation by google... improved by Gus. Meanwhile German industries are thinking of going back to the old typewriter for sensitive documents to avoid cyberleaks... See toon at top...


not allowed to flash...


For Flash, the writing may finally be on the wall.

Mozilla has blocked Flash on its popular Firefox browser. A message now appears saying that Flash — the plug-in that enables animation, browser games, and other graphics online — is vulnerable, along with a message that Mozilla reserves the right to block software that "seriously compromises Firefox security."


The ban is temporary — it will stay in place as long as there's a version of Flash with publicly known security problems, Mozilla said. (Adobe is working on a fix.)

If users really want to run Flash to view videos or use other Flash-based web tools, they can do so — as long as they read a security warning from Mozilla first. But Mozilla is also advocating for a general end to using Flash as a web standard.

That comes on the heels of another prominent call to bury Flash once and for all. Facebook's chief information security officer, Alex Stamos, said on Twitter that he wants Adobe to set a deadline to kill Flash once and for all, so that developers will move quickly off the old standard.

Why all the Flash hate? A recent rash of vulnerabilities in Flash — including some exploited by Hacking Team — has drawn new criticism of the Adobe software, which for years has been used across the web in videos, interactive graphics, advertisements. But online security experts have raised alarms for years about Flash, because hackers often exploit problems within the nearly ubiquitous software to gain control of others' computers.

One of the most prominent Flash-haters, of course, was Steve Jobs. The Apple co-founder wrote an impassioned, extended critique of the technology way back in April of 2010. In that essay, Jobs said — among other things — that Flash was insecure, inefficient and not going to come anywhere near his mobile devices.

Read more: http://www.smh.com.au/digital-life/digital-life-news/flash-now-too-dangerous-to-run-on-firefox-mozilla-says-20150714-gicfct.html#ixzz3fv9QK6eN

Still working on an old computer, I cannot use Flash. Some of the Adobe products I had bought 10 years ago in the belief they were good were full of bugs and Adobe soon canned them to replace with something else — at COST to the buyer. I believe Adobe tried to do too much with a variety of product badly joined at the hip. Adobe has released some amazing products, especially when in collaboration with Apple, such as Photoshop and others. Because I have worked in all computing systems, I noticed that Adobe Illustrator programme was not as powerful as CorelDraw which was developed for the Windows platform. Both had their own idiosyncrasies. 

I believe, one of the major problems with all this programmable technology is the patent system which prevents the best programs to adopt the best of everything. Thus some menus will be cumbersome and some new platform will piggyback on older versions, adding time for processing of information. As well because of loose bits, a lot of bugs come into the various platforms, and of course offer entries for hackers. 

Steve Jobs knew what he was talking about...


loosing the cyber war...

In a seeming moment of candor, Department of Homeland Security Secretary Jeh Johnson said in July that the two separate hacks of the Office of Personnel management first discovered in June were a “wake up call” for the federal government regarding the urgency of the cybersecurity threat, and that “we need to improve out mission” to secure the nation’s networks from further harm.

“To be frank,” he said before an audience at the Center for Strategic and International Studies, the preeminent national security think tank, “our federal cybersecurity is not where it needs to be.”

The sound heard shortly thereafter was of 22 million simultaneous face palms across the bureaucratic universe.

After spending two decades and untold billions in taxpayer dollars on federal cyber priorities, not to mention the dedication of new agencies, programs, departments, task forces, a czar, and a cyber command under the U.S. military, the idea that the DHS needed an “a-ha” moment to put the threat into perspective is absurd, even bordering on cheap sentiment considering the circumstances. Perhaps Johnson, on the job for a year and a half while playing defense all the way, was just happy that it was OPM director Katherine Archuleta on the chopping block. She resigned under broad congressional pressure on July 10, just a day after Johnson declared his epiphany.

Federal workers are not buying it. The American Federation of Government Employees and National Treasury Employees Union announced they were suing OPM on behalf of its combined 450,000 members, alleging that that the agency knew for years that its network security was weak and vulnerable, but failed to do anything about it.

read more: http://www.theamericanconservative.com/articles/americas-already-failed-cyber-war/

put up your dukes...

WASHINGTON — When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

read more:



See toon at top... and "grow up" as Steven Colbert said in a reverse inference... And note that MOST of the information that is contrary to the Big Brother propaganda comes from INSIDE — people who don't like say for example that the Clinton mob shafted Bernie... And with his racist, sexist, silly stupid comments, Trump was expressing himself far more truthfully than madam Clinton.

cyber wars

Speaking to Sputnik France, Antoine Lefebure, a French communications expert and author of a book titled 'The Snowden Case: How the CIA Spies on the World', specifically drew attention to the huge trove of top-secret information exposed by WikiLeaks.

"What we did not know was the scale [of all this], and in this respect it turned out that it was a kind of Wikipedia of hacking for 5,000 users from the US intelligence agencies — not only from the CIA — who exchange information and techniques pertaining to  interception programs," Lefebure said.

The expert tried to calm down all those who could be targets of CIA surveillance, recalling that it is irrelevant to draw parallels between the CIA and the US National Security Agency (NSA) in terms of activity.

"They are working on different things. The NSA carries out general surveillance, while the CIA is engaged, as we see, in tapping personal computers and personal telephones. They need to have access to these devices in order to track them, that is, they need to hold a device in their hand for several minutes. This is the work that the CIA can do," Lefebure said.

He added that in particular, the leaks contained information related to the CIA's monitoring of the upcoming presidential elections in France, something that he said "is done by [the intelligence agencies of] other large countries, but on a smaller scale."


Thomas Watanabe-Vermorel, press secretary of the French Pirate Party, for his part, told Sputnik France that "we must understand that all this inevitably goes hand in hand with massive espionage in general, carried out in line with a certain algorithm."

"This allows you to 'spot' what can be seen as suspicious behavior while automatically determining the profile of a person, which also raises other problems: deontological, ethical, political and, of course, problems related to democracy," he said.

The CIA's technical capabilities are not limited to surveillance through computers, telephones, televisions or cars equipped with network capabilities.

In this vein, Antoine Lefebure specifically pointed to one of the CIA's spy programs, which he said is of special significance on the eve of the French presidential elections and against the backdrop of the paranoia concerning Russian hackers which came after last year's elections in the US.

"The CIA has a program through which they intercept the spyware of all other countries, including Russia, China, France and Ukraine. It allows them to install a kind of identity card in these programs in order to pretend that its own espionage program is being conducted by some other country," he concluded.

Meanwhile, Wikileaks said that since 2001, the CIA "has gained political and budgetary preeminence" over the NSA.

According to the whistleblowing site, the CIA built a "globe-spanning force — its own substantial fleet of hackers." Moreover, the agency's hacking division is not allowed to disclose its operations to the NSA.


"The CIA had created, in effect, its 'own NSA' with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified," WikiLeaks said.

read more:



MOSCOW (Sputnik) — On Wednesday, WikiLeaks published over 8,700 classified files, the first part of Vault 7 release of purportedly CIA secret files, with the revelations so far including the agency hoarding hacking technologies and lists of major operating systems vulnerabilities. On Thursday, Assange proposed assistance to technology manufacturers in sharing information to help them fix the vulnerabilities mentioned in the leak.


The Financial Times reported Thursday that several tech companies questioned by the outlet had not expressed desire to cooperate with the whistleblower on the ground of moral or legal barriers of dealing with classified information.

According to the news outlet, its interlocutors from the Silicon Valley have assumed that Assange tried to improve his own reputation through cooperation with tech giants.

read more:


see toon at top...

lazarus wanna cry...


WannaCry ransomware has links to North Korea, cybersecurity experts say


Similarities spotted between details of last week’s massive cyber-attack and code used by a prolific cybergang with links to North Korean government


Kaspersky and Symantec both said on Monday that technical details within an early version of the WannaCry code are similar to code used in a 2015 backdoor created by the government-linked North Korean hackers, who were implicated in the 2014 attack on Sony Pictures and an $81m heist on a Bangladeshi bank in 2016Lazarus Group has also been known to use and target Bitcoin in its hacking operations. The similarities were first spotted by Google security researcher Neal Mehta and echoed by other researchers including Matthieu Suiche from UAE-based Comae Technologies.

Read more:



We're in lalalalalaland if we believe any of this ... but then have we got any choice?... Trust the experts? Most likely the suite of algorithms came from either the NSA or the CIA with a touch of disguise... See toon at top...

someone stole the cyber weapon...


When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history.

read more:



How can someone steal this stuff from the NSA? What else has been stolen from the NSA that we don't know about... ?????


de-privately encoding blah blah blah defence: $200 million...

The Defence Department will terminate its relationship with a Sydney data centre in 2020 and move its secret files back into a government-owned hub, because a Chinese consortium bought half of the centre's parent company.

Key points:
  • Chinese consortium bought 49pc stake in data hub's parent company
  • Defence will shift data back into government hands once contract expires
  • Moving data could cost up to $200 million


The department is preparing to spend up to $200 million on the move, despite assurances from the company, Global Switch, that its files are secure.

Global Switch owns two high-security data centres in Ultimo where the company holds classified government information, including sensitive Defence and intelligence files.

The centres have massive storage capacity, multiple power sources, high-bandwidth internet connections and an Australian Signals Directorate-accredited gateway which allows secure access by public sector agencies.

The ownership of Global Switch changed in December when the London-based parent company, Aldersgate Investments, accepted $4 billion in cash for a 49 per cent stake from Chinese consortium Elegant Jubilee.

The investors were assembled by Li Qiang, who owns shares in one of China's leading data centre companies, Daily Tech.

The lead investor is the Jiangsu Sha Steel Group, described as the largest private steel enterprise in China.

Former British defence secretary, Sir Malcolm Rifkind, was among senior politicians and experts in the United Kingdom who raised security concerns when the deal was being forged.

The ABC has confirmed that the ownership change triggered a Foreign Investment Review Board investigation.

The Government then imposed strict new conditions on the company, including seeking an assurance that its Australian arm would continue to be 100 per cent owned and operated by Aldersgate Investments.

Treasurer Scott Morrison said the Government "acted to ensure the integrity of our foreign investment process when it came to that data centre".

"They got a very clear message from the Government about how the Government would feel about [the Sydney data centre] being incorporated into that global deal," Mr Morrison said.

But in a sign that Defence now questions the wisdom of outsourcing sensitive data, the ABC has been told it will shift it all back into government hands once the contract with Global Switch expires in 2020.

Planning for that is already underway and could cost up to $200 million.

Mr Morrison said Defence had made "an entirely appropriate decision" to remove its data from the centre by the end of the decade.

read more:



origin of the Stuxnet malicious computer worm...


The campaign to discredit Kaspersky Lab dates back to 2010, when the Russian-based cybersecurity firm uncovered the origin of the Stuxnet malicious computer worm which ruined Iran's nuclear centrifuges, experts in the field told RT.

Kaspersky Lab, founded in Moscow in 1997, has been a world leader in cybersecurity for decades, taking pride in working outside of any government’s sphere of influence. US intelligence agencies, however, seem to consider the Russian firm a competitive challenge, cybersecurity experts say.

read more:




Read from top...


the NSA has been breached...



Checking Twitter, Mr Williams, a cybersecurity expert, was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence.

Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

America’s largest and most secretive intelligence agency had been deeply infiltrated.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.


Read more:



leaking like a pentagon...

Over the past decade, massive cybersecurity hacks have become yet another thing for America to worry about, especially if the IRS has information on you (read: everyone) or if you have a Social Security number (again read: everyone). Now we’ve learned that the problem starts right at the top. The Department of Defense (DoD) reportedly relied on compromised technology to undergird data centers and relay drone information—and Americans don’t even know how much of their data was exposed.

Despite this major breach, however, top brass at the DoD are suggesting that the Pentagon take on an even more prominent role in America’s cybersecurity. Defense Secretary Mattis recently suggested that, in the future, the DoD may provide cyber services to businesses and individuals. Currently, the Pentagon offers protections for “critical infrastructure” (under a pilot program in the fiscal year 2019 NDAA), which includes election verification and could extend to institutions such as hospitals. But the Pentagon clearly isn’t ready to take on more cyber protection, and any move to do so could jeopardize private-sector efforts. Instead of becoming a business, the Pentagon needs to focus on national defense.

One could be forgiven for thinking that, after the Pentagon relied on compromised technology for years, leadership would eat its humble pie and work to improve situational awareness. This recent episode is not an isolated incident. The Office of the Inspector General (IG), for instance, found that the wireless access points used by the Pentagon to process and transmit sensitive information were not properly accounted for because of miscommunication and a lack of compliance with existing guidance. Without continuous monitoring of access points, a rogue employee could easily wreak havoc with vital Pentagon communications. An additional report citedby the IG noted that the Composite Health Care System and Defense Medical Logistics Standard Support management personnel failed to set up local standards for network security monitoring, assess system risks, and set up appropriate controls. 

It is, of course, all too easy to nitpick governmental failures while overlooking private companies’ shortfalls. But according to SecurityScorecard, governments tend to be “bottom performers” in overall cybersecurity, and collectively rank second-to-last in endpoint security. 

In fact, the Pentagon scores dead last in federal information technology management rankings. This reveals woeful risk management and technology modernization. It’s all the more inexcusable when the DoD’s budgetary leeway is taken into account. The Pentagon easily has the loosest federal budgetary oversight, readily funneling money in and out of earmarksslush funds, and classified accounts

Because of the DoD’s wide reach and treasure trove of resources, it is deeply unsettling to imagine them involved in the private cybersecurity business. Governments determined to compete with private companies may not offer the best resources, but they can easily price competitors out of the market by subsidizing prices with taxpayer money. Consider the nationalized oil companies of many OPEC nations, government-run banks, and subsidized package delivery from the U.S. Postal Service. Expertise and timeliness often suffer from these government forays, but who can argue with dirt-cheap gas and loans? In the case of cybersecurity, however, playing dangerous games with the economy runs the additional risk of undercutting crucial and capable expertise in the private sector.


Read more:



Read from top.

bolton is a dangerous idiot...

The US and its allies have repeatedly accused Russia of carrying out aggressive cyber operations against other states. Moscow has denied the claims, and called for international cooperation in the field of cybersecurity.

Trump National Security Adviser John Bolton has confirmed that the US is engaged in offensive cyber operations abroad to show Russia and other nations that they "will pay a price" for their interference in US affairs.

Speaking at an event in Washington on Tuesday, Bolton said that last year's decision to eliminate restrictions on offensive US cyber operations was a message to US adversaries.

"The purpose of which is to say to Russia or anybody else that's engaged in cyber operations against us, 'You will pay a price if we find that you are doing this. And we will impose costs on you until you get the point that it's not worth your while to use cyber against us,'" Bolton said.

US officials have repeatedly accused Russia of engaging in malicious "cyber intrusions," with special council Robert Meuller's Russiagate report charging Russian military intelligence with hacking into the email accounts of Clinton campaign employees and the Democratic National Committee's servers during the 2016 election to disseminate their contents to try to damage the Clinton campaign. WikiLeaks and its founder Julian Assange have consistently denied Russian state involvement in the the DNC email dump, telling US media in late 2016 that while they could not reveal their source, "it wasn't a state party."

Russia has regularly rejected claims that it interfered in 2016 election, and has proposedinternational cooperation to fight common threats including hacking and fake news. Last year, Kremlin spokesman Dmitry Peskov lamented that Russian proposals in this direction had been rejected, adding that some countries seem to prefer "demonizing" Russia and Russians to cooperation.


Read more:




Read from top.

meanwhile at "ouaouei"...

The Chinese smartphone maker only recently acknowledged the existence of a homegrown, Android compatible operating system, promising that it would be ready for a market rollout as soon as later this year.

Huawei began taking steps to counter a potential US blacklisting of its products in 2012, starting the development of an operating system to rival Google's Android when it was still a relatively unknown company with less than five percent market share among smartphone makers, the South China Morning Post has reported, citing people familiar with the matter.

According to the newspaper, seven years ago, a group of Huawei Technologies executives led by company founder Ren Zhengfei met in a villa on a lake in Shenzhen, with the secret meetings, later referred to as the "lakeside talks," lasting several days and leading to a consensus on the need to build a proprietary OS.

The meeting reportedly led to the creation of a team of OS specialists, led by executive Eric Xu Zhijun, with a separate area set up inside the company's Huawei 2012 Laboratories R&D division, complete with guards, staff cards, and other security measures, including a requirement that personal phones be kept out of the office in a locker to prevent leaks.


Huawei's OS, which remains Android-compatible, is reportedly based on a lightweight microkernel which "can react quickly to adjustments and batches," with engineers creating the system after closely studying both Android and Apple's iOS, its nearest competitor. Presently, the pair of operating systems account for nearly 100 percent of current smartphone operating systems.


Last week, a company source told Global Times that the new OS, named 'HongMeng' OS in China and 'Oak OS' for the overseas clients, would likely launch by the third quarter of 2019, and definitely no later than next spring.


read more:



Read from top.

nasa bugged by a rasberry...

The Raspberry Pi, priced at about $36 for the basic board, is one of the most versatile and understated computing platforms available in the market. The credit card-sized computer is perfect for projects such as a retro gaming station or a smart home gadgets base station, but a hacker has apparently found a twisted use for it.


read more:




Read from top.