Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Cybersecurity

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

NSA Claims Iran Learned from Western Cyberattacks - The Intercept - 0 views

firstlook.org/...cyber-attacks-learning-attacks

surveillance state cyberwarfare Iran NSA Stuxnet Obama

shared by Paul Merrell on 12 Feb 15 - No Cached
  • The U.S. Government often warns of increasingly sophisticated cyberattacks from adversaries, but it may have actually contributed to those capabilities in the case of Iran. A top secret National Security Agency document from April 2013 reveals that the U.S. intelligence community is worried that the West’s campaign of aggressive and sophisticated cyberattacks enabled Iran to improve its own capabilities by studying and then replicating those tactics. The NSA is specifically concerned that Iran’s cyberweapons will become increasingly potent and sophisticated by virtue of learning from the attacks that have been launched against that country. “Iran’s destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary,” the NSA document states. “Iran, having been a victim of a similar cyber attack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others.”
  • The document was provided to The Intercept by NSA whistleblower Edward Snowden, and was prepared in connection with a planned meeting with Government Communications Headquarters, the British surveillance agency. The document references joint surveillance successes such as “support to policymakers during the multiple rounds of P5 plus 1 negotiations,” referring to the ongoing talks between the five permanent members of the U.N. Security Council, Germany and Iran to forge an agreement over Iran’s nuclear program. The document suggests that Iran has become a much more formidable cyberforce by learning from the viruses injected into its systems—attacks which have been linked back to the United States and Israel. In June 2012, The New York Times reported that from “his first months in office, President Obama secretly ordered sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.” As part of that plan, the U.S. and Israel jointly unleashed the Stuxnet virus on Iranian nuclear facilities, but a programming error “allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet.” Israel also deployed a second virus, called Flame, against Iran.
  • Obama ordered cyberattacks despite his awareness that they would likely unleash a wholly new form of warfare between states, similar to the “first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade,” according to the Times report. Obama “repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons—even under the most careful and limited circumstances—could enable other countries, terrorists or hackers to justify their own attacks.” The NSA’s concern of inadvertently aiding Iran’s cyberattack capabilities is striking given the government’s recent warning about the ability of adversaries to develop more advanced viruses. A top official at the Pentagon’s Defense Advanced Research Projects Agency’s (DARPA) appeared on 60 Minutes this Sunday and claimed that cyberattacks against the U.S. military are becoming more potent. “The sophistication of the attacks is increasing,” warned Dan Kaufman, director of DARPA’s Information Innovation Office.
  • Paul Merrell on 12 Feb 15
     
    Karma is a bitch. 
Paul Merrell

Facebook and Corporate "Friends" Threat Exchange? | nsnbc international - 0 views

nsnbc.me/...porate-friends-threat-exchange

cybersecurity alternative-media

shared by Paul Merrell on 12 Feb 15 - No Cached
  • Facebook teamed up with several corporate “friends” to adapt Facebook’s in-house software to identify cyber threats and their source with other corporations. Countering cyber threats sounds positive while there are serious questions about transparency when smaller, independent media fall victim to major corporation’s unwillingness to reveal the source of attacks resulted in websites being closed for hours or days. Transparency, yes, but for whom? Among the companies Facebook is teaming up with are Printerest, Tumblr, Twitter, Yahoo, Drpbox and Bit.ly, reports Susanne Posel at Occupy Corporatism. The stated goal of “Threat Exchange” is to locate malware, the source domains, the IP addresses which are involved as well as the nature of the malware itself.
  • While the platform may be useful for major corporations, who can afford buying the privilege to join the club, the initiative does little to nothing to protect smaller, independent media from being targeted with impunity. The development prompts the question “Cyber security for whom?” The question is especially pertinent because identifying a site as containing malware, whether it is correct or not, will result in the site being added to Google’s so-called “Safe Browsing List”.
  • An article written by nsnbc editor-in-chief Christof Lehmann entitled “Censorship Alert: The Alternative Media are getting harassed by the NSA” provides several examples which raise serious questions about the lack of transparency when independent media demand information about either real or alleged malware content on their media’s websites. An alleged malware content in a java script that had been inserted via the third-party advertising company MadAdsMedia resulted in the nsnbc website being closed down and added to Google’s Safe Browsing list. The response to nsnbc’s request to send detailed information about the alleged malware and most importantly, about the source, was rejected. MadAdsMedia’s response to a renewed request was to stop serving advertisements to nsnbc from one day to the other, stating that nsnbc could contact another company, YieldSelect, which is run by the same company. Shell Games? SiteLock, who partners with most western-based web hosting providers, including BlueHost, Hostgator and many others contacted nsnbc warning about an alleged malware threat. SiteLock refused to provide detailed information.
  • ...1 more annotation...
  • BlueHost refused to help the International Middle East Media Center (IMEMC)  during a Denial of Service DoS attack. Asked for help, BlueHost reportedly said that they should deal with the issue themselves, which was impossible without BlueHost’s cooperation. The news agency’s website was down for days because BlueHost reportedly just shut down IMEMC’s server and told the editor-in-chief, Saed Bannoura to “go somewhere else”. The question is whether “transparency” can be the privilege of major corporations or whether there is need for legislation that forces all corporations to provide detailed information that enables media and other internet users to pursue real or alleged malware threats, cyber attacks and so forth, criminally and legally. That is, also when the alleged or real threat involves major corporations.
Paul Merrell

U.S. Embedded Spyware Overseas, Report Claims - NYTimes.com - 0 views

www.nytimes.com/...tworks-security-firm-says.html

surveillance state NSA NSA-methods embedded-spyware

shared by Paul Merrell on 18 Feb 15 - No Cached
  • The United States has found a way to permanently embed surveillance and sabotage tools in computers and networks it has targeted in Iran, Russia, Pakistan, China, Afghanistan and other countries closely watched by American intelligence agencies, according to a Russian cybersecurity firm.In a presentation of its findings at a conference in Mexico on Monday, Kaspersky Lab, the Russian firm, said that the implants had been placed by what it called the “Equation Group,” which appears to be a veiled reference to the National Security Agency and its military counterpart, United States Cyber Command.
  • It linked the techniques to those used in Stuxnet, the computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program. It was later revealed that Stuxnet was part of a program code-named Olympic Games and run jointly by Israel and the United States.Kaspersky’s report said that Olympic Games had similarities to a much broader effort to infect computers well beyond those in Iran. It detected particularly high infection rates in computers in Iran, Pakistan and Russia, three countries whose nuclear programs the United States routinely monitors.
  • Some of the implants burrow so deep into the computer systems, Kaspersky said, that they infect the “firmware,” the embedded software that preps the computer’s hardware before the operating system starts. It is beyond the reach of existing antivirus products and most security controls, Kaspersky reported, making it virtually impossible to wipe out.
  • ...1 more annotation...
  • In many cases, it also allows the American intelligence agencies to grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran’s nuclear enrichment plants.
Paul Merrell

Silicon Valley spars with Obama over 'backdoor' surveillance | TheHill - 0 views

thehill.com/...ama-over-backdoor-surveillance

surveillance state NSA encryption-backdoors Obama

shared by Paul Merrell on 27 Mar 15 - No Cached
  • Silicon Valley and a bipartisan group of lawmakers are lining up against the Obama administration, criticizing what they see as a lack of support for total online privacy.The steady rise of sophisticated privacy techniques such as encryption and anonymity software has put the government in a difficult position — trying to support the right to privacy while figuring out how to prevent people from evading law enforcement.ADVERTISEMENT“The technologies are evolving in ways that potentially make this trickier,” President Obama said during a January news conference with British Prime Minister David Cameron.The conundrum has led to a heated debate in Washington: Should law enforcement have guaranteed access to data?
  • The Obama administration — from officials with FBI and the National Security Agency (NSA) to the president himself — has come out in favor of some form of guaranteed access while still endorsing strong encryption.“If we get into a situation in which the technologies do not allow us at all to track somebody that we're confident is a terrorist,” Obama said, “that's a problem.”What shape that access takes, however, is unclear.“The dialogue that we're engaged in is designed to make sure that all of us feel confident that if there is an actual threat out there, our law enforcement and our intelligence officers can identify that threat and track that threat at the same time that our governments are not going around phishing into whatever text you might be sending on your smartphone,” Obama said. “And I think that's something that can be achieved.”Privacy hawks on Capitol Hill aren’t buying it.
  • “I don’t think much of that,” Rep. Joe Barton (R-Texas), co-founder of the Congressional Bipartisan Privacy Caucus, told The Hill. “We have a huge homeland security apparatus with almost unlimited authority to — with some sort of a reasonable suspicion — check almost any type of communication, whether it’s voice, Internet, telephonic, electronic, you name it.”“Those were positions that did not receive rave reviews here in Silicon Valley,” said Rep. Zoe Lofgren (D-Calif.), whose district includes parts of tech-heavy San Jose.Many believe the administration’s stance is inherently at odds with robust digital protection.“In order to fully implement what he's suggesting, you would need one of two things,” Lofgren said.One would be installing so-called “backdoors” in encryption — an access point known only to law enforcement agencies. Security experts find this concept abhorrent, since cyber crooks or foreign intelligence agencies would likely exploit it.
  • ...1 more annotation...
  • The second would be to have a third-party company hold all user data, with some sort of agreement to disclose information to the government, Lofgren said.“I think actually the trend line is in a different direction, which is encryption that is not accessible to the companies that provide it, either,” she added.  Major tech companies like Apple have done exactly that, claiming that even they can’t unlock data on newer devices.
Paul Merrell

Congress Seeks to undermine Iran Deal by Linking Iran with ISIS | Global Research - Cen... - 0 views

www.globalresearch.ca/...5498105

war & peace Iran ISIL Congress deal

shared by Paul Merrell on 28 Dec 15 - No Cached
  • One of the consequences of the Iran Deal was the declaration by countless politicians that they were going to crack down on Iran’s sponsorship of terrorism. Even the White House signed on to this idea. Well now some of the backlash has officially begun: Congress is linking Iran with ISIS, even though Iran is fighting ISIS. [and ISIS is supported by the US, GR ed.] Few mainstream publications have picked up on the fact that in a response to the San Bernardino killings, the Congress last week passed legislation, which the president duly signed, that puts Iran in an axis of international-terrorist evil along with Syria, Iraq and Sudan. The legislation amends our country’s visa waiver program. Iranian dual nationals, as well as US citizens who have visited Iran, will need visas to get into the U.S. Reuters: Iranian Foreign Minister Mohammad Javad Zarif on Friday said it was “absurd” that Tehran should be included on the list. “No Iranian nor anybody who visited Iran had anything to do with the tragedies that have taken place in Paris or in San Bernardino or anywhere else,” he said in an interview with Middle East-focused website Al Monitor. Secretary of State John Kerry promptly met with Zarif, his Iranian counterpart, to assure him that the new law doesn’t undercut the Iran deal. But the Iranians say that the legislation is the result of pro-Israel lobbying. And even the State Department describes Iran as a state sponsor of terrorism.  
  •  Iranians say the bill reflects pro-Israel lobbying. Reuters: Iran said on Monday that Israeli lobbying was behind a new measure passed by the U.S. Congress that will prevent visa-free travel to the United States for people who have visited Iran or hold Iranian nationality. The measure, which President Barack Obama signed into law on Friday, also applies to Iraq, Syria and Sudan, and was introduced as a security measure after the Islamic State attacks in Paris and a similar attack in San Bernardino, California.
  • More from Reuters‘ description of the Israel lobby angle: Iran, a Shi’ite Muslim theocracy staunchly opposed to Sunni radicalism espoused by groups like Islamic State, says its inclusion on the list is intended to undermine a deal on its nuclear programme that Tehran reached with world powers, including the United States, in July, known as the JCPOA. Iranian Foreign Ministry spokesman Hossein Jaberi Ansari said in a televised news conference that the U.S. measure had been passed “under pressure from the Zionist lobby and currents opposed to the JCPOA”. The administration wants to have it both ways on blaming Iran. Yesterday on National Public Radio, Adam Szubin, the counter-terrorism finance under secretary at the Treasury Department, also put Iran in the category of ISIS, as an international terror deliverer: if you are familiar with the model of how al-Qaida or groups like Hamas and even Hezbollah have financed themselves, they’ve typically been heavily reliant on foreign donations, whether from state sponsors like Iran or whether from wealthy what we call deep-pocket donors, often in the Gulf. But that financing model is not ISIL. When you have a group that’s raising hundreds of millions of dollars in a year from internal sources, we don’t have those same chokepoints to go after in terms of the foreign flows.
  • ...2 more annotations...
  • Meanwhile John Kerry is doing fancy footwork, explaining the legislation away, in a letter to Javad Zarif. we remain fully committed to the sanctions lifting provided for under the JCPOA. We will adhere to the full measure of our commitments, per the agreement. At the State Department briefing Monday, reporters questioned why the legislation didn’t amount to a violation of the Iran Deal:
  • Here is some more blindness in the media on these issues. NPR has continually deceived listeners about Sheldon Adelson’s agenda, and it did so again yesterday. Adelson is a leading opponent of the Iran Deal, as a supporter of Israel. He has called on President Obama to nuke Iran. But in a report on Adelson’s purchase of a Nevada newspaper, NPR once again leaves out the Israel angle of Adelson’s interests. It says blandly: Adelson is also prominently involved in national politics. That link is to a story about his on-line gambling concerns. But as Cory Bennett of the Hill said on CSPAN the other day– something I did not know till now– Iran is said to have undertaken a cyber-attack on Sheldon Adelson’s casino last year because of his call to nuke Iran.  The alleged cyber-attack:  Investigators determined that hacker activists were the ones who broke into servers belonging to the Las Vegas Sands Corporation in February 2014, costing the company more than $40 million in damages and data recovery costs, Bloomberg Businessweek reported Thusday citing a report by cybersecurity firm Dell SecureWorks. The hackers were acting in retaliation to the company’s CEO, casino magnate Sheldon Adelson’s statement that Obama should detonate a nuclear bomb in Tehran, which stirred controversy around the world. This is the battle behind the headlines. And in a transparent effort to get Adelson’s backing, as well as that of the Andrew Herenstein’s of the world, the neoconservative favorite in the Republican race, Senator Marco Rubio, has vowed to tear up the Iran deal on his first day in the White House if he’s elected. Thus the ideological war over how much the U.S. should support Israel is playing out in global terms; and our media are shying away from the story.
  • Paul Merrell on 28 Dec 15
     
    It's preposterous for Congress to say that Iran is associated with ISIL and for Obama to sign such a bill. Iran is one of the major military forces in the fight against ISIL in both Syria and Iraq.
Paul Merrell

U.S. government reveals breadth of requests for Internet records | Reuters - 0 views

www.reuters.com/...rity-nsl-idUSKBN0TJ2PJ20151201

surveillance state FBI NSLs stats litigation

shared by Paul Merrell on 02 Dec 15 - No Cached
  • The Federal Bureau of Investigation has used a secretive authority to compel Internet and telecommunications firms to hand over customer data including an individual’s complete web browsing history and records of all online purchases, a court filing released Monday shows.The documents are believed to be the first time the government has provided details of its so-called national security letters, which are used by the FBI to conduct electronic surveillance without the need for court approval.The filing made public Monday was the result of an 11-year-old legal battle waged by Nicholas Merrill, founder of Calyx Internet Access, a hosted service provider, who refused to comply with a national security letter (NSL) he received in 2004. Merrill told Reuters the release was significant “because the public deserves to know how the government is gathering information without warrants on Americans who are not even suspected of a crime.”
  • National security letters have been available as a law enforcement tool since the 1970s, but their frequency and breadth expanded dramatically under the USA Patriot Act, which was passed shortly after the Sept. 11, 2001 attacks. They are almost always accompanied by an open-ended gag order barring companies from disclosing the contents of the demand for customer data.A federal court ruled earlier this year that the gag on Merrill’s NSL should be lifted. Merrill's challenge also disclosed that the FBI may use NSLs to gain IP addresses on everyone a suspect has corresponded with and cell-site location information. The FBI said in the court filings it no longer used NSLs for location information. The secretive orders have long drawn the ire of tech companies and privacy advocates, who argue NSLs allow the government to snoop on user content without appropriate judicial oversight or transparency.
  • Last year, the Obama administration announced it would permit Internet companies to disclose more about the number of NSLs they receive. But they can still only provide a range such as between 0 and 999 requests, or between 1,000 and 1,999. Twitter (TWTR.N) has sued in federal court seeking the ability to publish more details in its semi-annual transparency reports. Several thousand NSLs are now issued by the FBI every year, though the agency says it is unaware of the precise number. At one point that number eclipsed 50,000 letters annually. The FBI did not respond to a request for comment Monday.
« First ‹ Previous 61 - 66 of 66
Showing 20 items per page