netdefences

★ Post-Stuxnet market failures and socialisation of risks?

More than a year ago, we’ve learned that Stuxnet would be a game changer. Indeed, no advisor in all things security missed to mention that the alleged U.S.-Israel (Langner) originated hack and blow-up of Iranian Uranium enrichment facilities posed a show-case of future attacks on our beloved infrastructures and industrial production sites. While one might [...]

‘Old Karl would die of laughter’

Fouché is enjoying #Occupy for a snack. The Committee of Public Safety announces: Hippie global meliorism is Marxism without the House of War. It wills an end that can only be realized through means of violence. Yet they refuse to will the means. If laughter could be projected from an ocean and half a continent [...]

★

“unauthorized enrichment facilities” as IO targets in a May 2010 article

History, but anyhow. Jon Baumgartner, “Computers as Weapons of War”, IO Journal, May 2010, pp. 5-8: Similar IO attacks could be conducted against nation states that have violated international treaties in order to carry out as uranium enrichment for nuclear weapons. Most of the unauthorized enrichment facilities in these cases are constructed deep underground. Conventional [...]

★

Anonymous cyber terror

Dan Kaplan, SC Magazine: In my eyes, this seems to be another step by U.S. officials, without exactly coming out and saying it, to label Anonymous as a cyber terrorist organization, bent on indiscriminate destruction of digital property and infrastructure. The DHS in the “National Cybersecurity and Communications Integrations Center Bulletin”, A-0020-NCCIC / ICS-CERT –120020110916: [...]

★

★ Open Security Data

The European Commissioner for the Digital Agenda from the Dutch conservative-liberal VVD party, Neelie Kroes, announces an “ambitious EU Open Data Strategy“. It seeks to “encourage more openness and re-use of public sector data” by a Public Sector Information Directive. The Commission is planning to set up an “Open Data portal” for the European Commission, [...]

“Hiroshima of cyberwar”

How could I miss that line in Michael J. Gross’ Stuxnet article in the April edition of Vanity Fair: Stuxnet is the Hiroshima of cyber-war. That is its true significance, and all the speculation about its target and its source should not blind us to that larger reality. We have crossed a threshold, and there [...]

★

Hacker, concepts thereof

The Telegraph: The Foreign Secretary revealed that Britain has developed new weapons to counter the threat from computer hackers and is prepared to strike first to defend the nation’s infrastructure and businesses. … The Government is investing an extra £650 million to develop deterrents to hostile viruses and hackers. Joe Grand, grandideastudio.com: My idealistic view of [...]

★

The risks of open collaboration, OWS edition

Not much of a surprise, the Occupy Wall Street movement has been infiltrated. A New York-based security consultant called Thomas Ryan and a team of IT security professionals managed to access systems used by the movement. As part of their intelligence-gathering operation, the group gained access to a listserv used by Occupy Wall Street organizers [...]

★

The ineradicable cyber-myth

The Epoch Times reports: Although the attacks on Estonia—one of the world’s most wired countries—did not involve physical attack, virtually the whole country came to a standstill as banks, communications, and government fell victim to cyberattacks. It did not come to a standstill. Whenever an article starts with this meme, enjoy the line of argument [...]

★

14 years after, blissfully unaware

Fourteen years ago, the Clinton administration launched the Presidential Commission on Critical Infrastructure Commission. Its 1997 report “Critical Foundations – Protecting America’s Infrastructure” states (Appendix A, Section Summary Report, p. A-26): Vulnerabilities facing the energy industries include: * Those created in the operating environment by the rapid proliferation of industry-wide information systems based on open-system [...]

★

cyberwar ‘not just for a run around town’

Eric Schmitt and Thom Shanker, NYT: But administration officials and even some military officers balked, fearing that it might set a precedent for other nations, in particular Russia or China, to carry out such offensives of their own, and questioning whether the attack could be mounted on such short notice. … “We don’t want to [...]

★

“Are Stuxnet and Duqu related? I don’t know.”

Micorosft’s Terry Zink sums up his “20 minutes of research“ on Duqu: On page 18 of that report, they list similarities between Stuxnet and Duqu. But how many generic pieces of malware have those same similarities as Stuxnet? Is this just an example of the Barnum effect (like that one South Park episode where Stan [...]

★

“so big it does my head in”

The unnamed Economist author shares her notes of a prep-conference for the upcoming cyber sec conference in London next month. A “senior” participant remarked: “It is so big it does my head in.” But why? The author notes: “Because this stuff is all mashed up. The interconnectedness of cyberspace breaks down borders and distinctions around [...]

★

The Prince of Wales moment in cyberspace

Stewart Baker, former official at DHS and NSA, in an article called “Denial of Service” on Foreign Policy: “We should not wait for our own Prince of Wales moment in cyberspace.” Now, that’s disturbing. Virtual Pearl Harbour no more. Welcome to: Oh, that I were a bot upon that machine that I might touch that [...]

★

Hacktivism response – the technocratic order of ICT security

Tim Lohman, Australian edition of Computerworld, in a piece called “Hacktivism: The fallout from Anonymous and LulzSec”: While government and industry figures all agree that hacktivism — no matter the colour or stripe — poses a real security threat to organisations, opinion is divided on the motivations, and hence seriousness of groups such as Anonymous [...]

★