Photo: Oren Rozen (CC)

A cyber attack that is, and it looks like a very successful first strike. From USA Today:

A hacker network that claims to be based in Saudi Arabia paralyzed the websites of Israel’s stock exchange and national airline on Monday, escalating an international cyber war that has jolted this security-obsessed country.

Neither website contains sensitive information and trading and flights were not affected. But the ongoing salvos by hackers who use anti-Israel language in their posts has revealed how vulnerable Israel is to cyber warfare, despite its sophisticated computer security units in the military and advanced high-tech sector.

The attacks began earlier this month when hackers identifying themselves as group-xp, a known Saudi hacking group, claimed on an Israeli sports website to have gained access to 400,000 Israeli credit card accounts. The group called it a “gift to the world for the New Year” designed to “hurt the Zionist pocket.”…

[continues at USA Today]

The Defense Department plans to ratchet up cyber security over the next five years, say chatter from a conference its research arm, DARPA, held on Monday. DARPA is seeking $208 million in funding to “prepare for hostile cyber acts that threaten our military capabilities,” an increase in $83 million reports Information Week. At the “cyber colloquium” in Virginia on Monday, talking heads for the DoD waxed poetic about the issues the Pentagon faces with cyber security.

“It is the makings of novels and poetry from Dickens to Gibran that the best and the worst occupy the same time, that wisdom and foolishness appear in the same age, light and darkness in the same season,” said DARPA’s director Regina Dugan, Wired reports. Former White House Security chief Richard Clarke was more blunt, saying current networks are as “porous as a colande.” Meanwhile, Wired reports DARPA also tacitly reached out to hackers at the colloquium, looking to enlist “the efforts of technical experts at unprecedented levels, including at the development of policy and legal frameworks.”

Read the full post at Diatribe Media

Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission.

The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month.

“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” according to the draft. “Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”

Read More: Bloomberg

Photo: Mr.Bigg23 (CC)

[UPDATE: the Wikipedia page has been deleted.]

A Wikipedia article that’s been the subject of some internal argument there (based on the fact that much associated with this meme is by its nature unverifiable) was brought to my attention by one of the readers of my books. I can’t say I’m entirely enthusiastic about the possible uses that this thing might be put to in the hands of a group like Anon — though it seems to already be “their” M.O. anyway, and the dis-organization is structured along the same lines as the fictitious (?) “Mother Hive Brain” in a way that’s always amused me more than a little. In a world teetering on the brink, and in the midst of issues such as “NymWars,” this topic at the least seems finally ripe for discussion as well as action. From Wikipedia:

In practice, the 404 Attacks are a technique for disseminating disinformation through various networks. The campaign thus far seems to be organized through mIRC, various message boards, and relatively small circles of culture jammers. The project in general, much like Operation Mindfuck, leads an outsider to an immediate double bind scenario: The only safe assumption is that everything that is read or disseminated globally through various media networks, especially but not limited to the internet, is false or a part of the 404 Attacks- However, this is not really a safe assumption at all, as it lends itself to widespread paranoia and skepticism at the very least.

Motives behind each individual’s level of participation vary across the board. Typically these motives include, but are not limited to: Increasing awareness, pulling the curtain back on the art of persuasion/”mind control”, increasing chaos in systems that tend towards homeostasis, and Doing It For The Lulz.

Techniques include, but are not limited to, strategic application of art crime (graffiti campaigns, reality tunnel manipulation, guerilla theater, etc.), meme dissemination, social engineering and production of media designed to disrupt traditional thought patterns in subhuman primates.

The first cited use of the 404 attacks was in the novel Fallen Nation, an excerpt of which, explaining the 404 concept, can be found here. Briefly quoting the excerpt:

How did this snowball? You’ll have to inspect my recent entries. In the time left in this incarnation, I can say this much…The net crackled here and there with chatter, frankly predicting the complete destruction of corporate and governmental information architecture by agents unknown. No one knew how or why this would happen, or even questioned the meme’s credibility; they just passed it on, working it into their conversations without gravity.

Looking back, it was the quietly asserted inevitability of the ‘404 attacks’ in these messages that in turn made the events inevitable. Whoever spread those initial communications is a genius of memetic engineering. Anyone with the motivation and skills to bring chaos to the infrastructure, receiving the meme, would immediately conclude that they were not alone, others had the same plans, and all they had to do was help it along. Soon artists, bands, hackers, and pretty much all those disenfranchised by the present regime passed this anarchistic mantra amongst themselves. What a joke. I doubt that the original authors had anything in the oven, save prodding everyone else into action.

In the novel, it is utilized by the fictional ontological terrorist organization ”The Mother Hive Brain Syndicate.” It has since been picked up by the hacker collective Anonymous.

(Full disclosure: Following Wikipedia’s guidelines I neither created nor edited this article because I’m associated with some of the original sources. I would otherwise change several inaccuracies.)

Photo: Joy (CC)

This is quite a sweet hack. The Telegraph reports:

The cyber-warfare operation was launched by MI6 and GCHQ in an attempt to disrupt efforts by al-Qaeda in the Arabian Peninsular to recruit “lone-wolf” terrorists with a new English-language magazine, the Daily Telegraph understands.

When followers tried to download the 67-page colour magazine, instead of instructions about how to “Make a bomb in the Kitchen of your Mom” by “The AQ Chef” they were greeted with garbled computer code.

The code, which had been inserted into the original magazine by the British intelligence hackers, was actually a web page of recipes for “The Best Cupcakes in America” published by the Ellen DeGeneres chat show.

Written by Dulcy Israel and produced by Main Street Cupcakes in Hudson, Ohio, it said “the little cupcake is big again” adding: “Self-contained and satisfying, it summons memories of childhood even as it’s updated for today’s sweet-toothed hipsters.”

It included a recipe for the Mojito Cupcake – “made of white rum cake and draped in vanilla buttercream”- and the Rocky Road Cupcake – “warning: sugar rush ahead!”

[Continues at The Telegraph]

David E. Sanger and Elisabeth Bumiller write in the New York Times reports:

The Pentagon, trying to create a formal strategy to deter cyberattacks on the United States, plans to issue a new strategy soon declaring that a computer attack from a foreign nation can be considered an act of war that may result in a military response.

Several administration officials, in comments over the past two years, have suggested publicly that any American president could consider a variety of responses — economic sanctions, retaliatory cyberattacks or a military strike — if critical American computer systems were ever attacked.

The new military strategy, which emerged from several years of debate modeled on the 1950s effort in Washington to come up with a plan for deterring nuclear attacks, makes explicit that a cyberattack could be considered equivalent to a more traditional act of war. The Pentagon is declaring that any computer attack that threatens widespread civilian casualties — for example, by cutting off power supplies or bringing down hospitals and emergency-responder networks — could be treated as an act of aggression.

[Continues at The New York Times]

One of the most sophisticated pieces of malware ever detected was probably targeting “high value” infrastructure in Iran, experts have told the BBC.

Stuxnet’s complexity suggests it could only have been written by a “nation state”, some researchers have claimed.

It is believed to be the first-known worm designed to target real-world infrastructure such as power stations, water plants and industrial units. It was first detected in June and has been intensely studied ever since.

“The fact that we see so many more infections in Iran than anywhere else in the world makes us think this threat was targeted at Iran and that there was something in Iran that was of very, very high value to whomever wrote it,” Liam O’Murchu of security firm Symantec, who has tracked the worm since it was first detected, told BBC News.

Some have speculated that it could have been aimed at disrupting Iran’s delayed Bushehr nuclear power plant or the uranium enrichment plant at Natanz. However, Mr O’Murchu and others, such as security expert Bruce Schneier, have said that there was currently not enough evidence to draw conclusions about what its intended target was or who had written it.

Initial research by Symantec showed that nearly 60% of all infections were in Iran. That figure still stands, said Mr O’Murchu, although India and Indonesia have also seen relatively high infection rates…

[continues at the BBC]

Map of WikiLeaks insurance seeders

On Thursday, WikiLeaks founder Julian Assange told a gathering in London that the secret-spilling website is moving ahead with plans to publish the remaining 15,000 records from the Afghan war logs, despite a demand from the Pentagon that WikiLeaks “return” its entire cache of published and unpublished classified U.S. documents.

Last month, WikiLeaks released 77,000 documents out of 92,000, temporarily holding back 15,000 records at the urging of newspapers that had been provided an advance copy of the entire database. On Thursday, Assange said his organization has now gone through about half of the remaining records, redacting the names of Afghan informants. That suggests the final release could still be weeks away.

Pundits, though, are clamoring for preemptive action. “The United States has the cyber capabilities to prevent WikiLeaks from disseminating those materials,” wrote Washington Post columnist Marc Thiessen on Friday. “Will President Obama order the military to deploy those capabilities? … If Assange remains free and the documents he possesses are released, Obama will have no one to blame but himself.”

Read More: Kevin Poulsen article on WIRED’s Threat Level

An increasing clamour to restrict and control the internet on behalf of the government, the Pentagon, the intelligence community and their private corporate arms, could result in a staged cyber attack being used as justification.

Over recent months we have seen a great increase in media coverage of inflated fears over a possible “electronic Pearl Harbor” event, with reports claiming that the U.S. could be “felled within 15 minutes”.

Vastly over-hyped (and in some cases completely asinine) claims that the power grids and other key infrastructure such as rail networks and water sources are wired up to the public internet have permeated such coverage.

Is the United States government or outside forces the real threat to cyber security? Alex Jones says that the government is trying to silence free speech in America by expanding their reach on the internet. He also says his own personal sites have been censored, even deleted.

Threats against computer networks in the United States are grossly exaggerated. Dire reports issued by the Defense Science Board and the Center for Strategic and International Studies “are usually richer in vivid metaphor — with fears of ‘digital Pearl Harbors’ and ‘cyber-Katrinas’ — than in factual foundation,” writes Evgeny Morozov, a respected researcher and blogger who writes on the political effects of the internet.

Morozov notes that much of the data on the supposed cyber threat “are gathered by ultra-secretive government agencies — which need to justify their own existence — and cyber-security companies — which derive commercial benefits from popular anxiety.”

When the Cybersecurity Act was introduced by Senator John Rockefeller last year, he made similar claims about the threat of cyber attacks, adding “Would it have been better if we’d have never invented the Internet?”…

[continues at InfoWars]

Groups opposing the government’s internet censorship plans have condemned attacks on government websites, saying it will do little to help their cause, while Communications Minister Stephen Conroy called them “totally irresponsible”.

Hackers connected with the group Anonymous, known for its war against Scientology, this morning launched a broad attack on government websites.

They are protesting against forthcoming internet filtering legislation and the perceived censorship in pornography of small-breasted women (who are thought to be under age) and female ejaculation.

Several government sites were down and the hackers have promised to follow up by spamming government offices with pornographic emails, faxes and prank phone calls.

Read More: Sydney Morning Herald

Ever wonder how exactly the U.S. military would fight a cyber war? In August 2009, the U.S. Air Force activated its new cyberspace combat unit, the 24th Air Force, to “provide combat-ready forces trained and equipped to conduct sustained cyber operations.”

It’s commanded by former Minuteman missile and satellite-jamming specialist Major General Richard Webber. (And under his command are two wings, the 688th Information Operations Wing and the 67th Network Warfare Wing, plus a combat communications units.)

Meanwhile, to counter the threat of cyber warfare, DARPA is still deploying the National Cyber Range, a test bed of networked computers to test countermeasures against “cyberwar”. (According to one report, it provides “a virtual network world . to be populated by mirror computers and inhabited by myriad software sim-people ‘replicants,’ and used as a firing range in which to develop the art of cyber warfare.”)

And the Obama administration has even added a military cybersecurity coordinator to the National Security team.

Read More: h+ magazine

With the coolness of a card shark at the final table of the World Series of Poker, Matt Bergin pulls the hood of his brown sweatshirt over his head and concentrates on the task at hand.

The task: hacking into as many target computers as he can and then defending those computers from attacks by other skilled hackers.

Other skilled hackers like Michael Coppola, 17, a high school senior who, at this very moment, is hunched over a keyboard in his Connecticut home.

Or like Chris Benedict, 21, from the tiny town of Nauvoo, Illinois. Chris is sitting silently nearby, one of 15 “All Star” hackers who have taken over this spacious hotel conference room.

At days end, the moderator of this unusual computer challenge declares the best of the best: Benedict is the winner, king of the hacker hill, followed by Bergin and Coppola.

The trio — a job seeker, a grape distributor for a vineyard and a student — are precisely the type of people whom organizers of this event hoped to attract: young techies with perhaps little formal computer education who, nonetheless, could contribute to the defense of the nation’s cybernetworks.

In many cases, organizers of the U.S. Cyber Challenge say, hackers’ skills go unrecognized or unappreciated by those around them and sometimes even by themselves.

“I thought that I would get demolished,” Benedict said. “I didn’t think I would get anything at all.”

Organizers say the competition is aimed at identifying young people with exceptional computer skills and inspiring them to join the country’s woefully understaffed ranks of cybersecurity specialists needed to protect systems used by the military, industry and everyday people…

[continues at CNN]