NSA asks hackers for some help
July 30, 2012
National Security Agency chief General Keith Alexander's first-ever direct appeal to hackers to assist the secretive spy agency was greeted with polite applause at the DefCon Conference in Las Vegas on Friday. But afterwards, it was a different story...
"You're going to have to come in and help us," Alexander told DefCon attendees. The NSA boss, dressed down in jeans and a t-shirt for the occasion, also denied that his agency kept files on "millions of Americans."
"The people who would say we are doing that should know better. That is absolute nonsense," Alexander said, referring to former NSA employees who have told the media that the agency does just that.
DefCon founder Jeff Moss told the crowd that he asked Alexander to speak at the conference to educate conference guests about the NSA, which he described as one of "spookiest, least known" organizations in the world.
After reports of Alexander's appearance started making the rounds, skeptics took to online forums to express their doubts about helping the NSA make the Internet more secure "from exploitation, disruption, and destruction."
On Wired's Threat Level blog, for example, commenters questioned Alexander's playing down of the information it keeps on Americans—one advised potential NSA recruits that if they "have any sense at all they will run a mile from this guy."
The NSA also had a booth at DefCon for the first time. There was no small irony in its location next to one run by the Electronic Frontier Foundation (EFF)-—a non-profit concerned with Internet freedom and privacy issues that is currently suing the U.S. government spy agency over allegedly illegal wire taps of phone calls by American citizens.
As could be expected, representatives for the NSA and the EFF declined to discuss that litigation. Alexander's appeal to hackers focused on protecting the free flow of information on the Web from attacks by international hackers like the denial of service (DoS) attacks by Anonymous and other groups that have temporarily knocked prominent websites and even Sony's entire PlayStation Network offline in recent years.
Alexander is actually calling for more than just an early warning system provided by the hacker community, however. At DefCon, Alexander pushed for a complete overhaul of the Internet's U.S. infrastructure to enable the NSA to "know instantly when overseas hackers might be attacking public or private infrastructure and computer networks," according to MIT's Technology Review.
Alexander said the NSA is pushing as hard as it can for new legislation in Congress that would enable the private sector to more easily alert the NSA and law enforcement agencies about cyberattacks. The NSA is also collaborating with more than a dozen U.S. defense contractors to test early-warning technology in a program called the Defense Industrial Base (DIB) Cyber Pilot that sends alerts to the agency the instant one of the security systems run by the private companies is breached.
That's all part of an effort to get around restrictions on monitoring Internet activity that the NSA, the FBI, and other U.S. law enforcement agencies must abide by.
"We do not sit around our country and look in. We have no idea if Wall Street is about to be attacked," Alexander told the DefCon crowd, according to Technology Review.
In other internet security news
Prosecutors in the U.K. today said they will charge eight journalists with illegally eavesdropping on voice mail, a decision that could have strong implications for media mogul Rupert Murdoch.
British Prime Minister David Cameron's former director of communications Andy Coulson is among eight journalists facing charges, as is Rebekah Brooks, the former chief executive of Murdoch's News International.
The names of the hacking victims announced by the Crown Prosecution Service include some of the world's biggest celebrities, including Angelina Jolie, Brad Pitt, Paul McCartney, soccer star Wayne Rooney, and actor Jude Law.
Coulson and Brooks are former editors of the defunct Murdoch tabloid the News of the World, which was shut down in late 2011 in the face of public outrage at the hacking scandal.
Six other journalists were also charged, Alison Levitt of the Crown Prosecution Service announced, while three will not be prosecuted. The CPS is still waiting to decide about two other cases, she said.
Coulson resigned as editor after an earlier round of the phone-hacking scandal involving the paper's royal correspondent Clive Goodman and private investigator Glenn Mulcaire.
They were sent to prison for hacking into the voice mails of staffers working for Prince William and Prince Harry. Coulson said he knew nothing about the hacking but resigned because he was editor of the paper at the time.
He was later hired to be communications director for David Cameron, a move which Cameron's critics say was bad judgment on his part.
Coulson quit the post in Cameron's office last year when police opened a new investigation into phone hacking after accusations that it went far beyond Goodman and Mulcaire.
Brooks went on to become chief executive of News International after her time at News of the World and is seen as personally close to Rupert Murdoch. She quit News International, the British newspaper publishing arm of News Corp., amid the scandal last summer.
Murdoch recently resigned from a number of positions within News Corp., his global media empire, as the company began moves to separate its entertainment and publishing arms following the scandal.
British police have been investigating phone-hacking by people working for Murdoch since January 2011 and have arrested dozens on suspicion of phone hacking, computer hacking and corruption.
The scandal exploded with the revelation that one of the hacking victims was Milly Dowler, a 13-year-old British girl whose phone was hacked after she disappeared in 2002. She was later found murdered.
The Met Police continues to investigate claims of phone hacking, known as Operation Weeting. A parallel police operation is investigating claims of inappropriate payments to police and public officials. Those crimes were also committed in 2011.
Prime Minister David Cameron established a separate independent judge-led inquiry into media ethics, the Leveson Inquiry, following the news of the hacking of Milly Dowler's voice messages.
Cameron and other senior present and ex-government figures have been called to testify before the inquiry, as have News Corp. media baron Rupert Murdoch and his former UK deputy, Rebekah Brooks.
Milly Dowler's parents told the inquiry in November how phone hacking on behalf of News of the World had given them false hope their missing daughter was still alive.
In fact, the messages had been accessed by a private investigator working for News of the World, Dowler's father, Bob, told the inquiry panel. Milly Dowler had already been murdered by then.
In other internet security news
A top-level U.S. defense contractor has been fined no less than $75 million for trouncing software to China that was a critical component in the country's first attack helicopter.
United Technologies and its two subsidiaries Pratt & Whitney Canada and Hamilton Sundstrand have both confessed to more than 500 violations of secret technology export restrictions in a federal court.
The violations involve engine control software without which China could not have completed the development of its Z-10 attack helicopter, a battlefield-ready aircraft capable of carrying 30 mm cannons, anti-tank guided missiles, air-to-air missiles and unguided rockets.
According to the U.S. Immigration and Customs Enforcement Division which carried out the investigation, Pratt & Whitney turned a blind eye to the potential military utilization of the software in hope of securing a lucrative contract for civilian helicopters from China, a $2 billion transaction that never appeared on its books.
Pratt & Whitney had previously sold to China ten commercial development engines that didn't require export licenses. But the company then wilfully followed that up with electronic engine control software made by Hamilton Sundstrand and modified it for use in a military helicopter, the Immigration and Customs Enforcement Division said.
The export of defense articles and associated technical data has been banned by the United States since the 1989 Tiananmen Square massacre.
The companies did themselves no favors by failing to disclose the illegal exports for several years and then making numerous false statements to the U.S. State Department.
"Pratt & Whitney Canada exported controlled U.S. technology to China, knowing full well it would be used in the development of a military attack helicopter, and in direct violation of the U.S. arms embargo with China," said U.S. Attorney David Fein.
"Pratt & Whitney Canada took what it described internally as a calculated risk, because it wanted to become the exclusive supplier for a civil helicopter market in China with projected revenues of up to $2 billion. Several years after the violations were discovered, United Technologies, Pratt & Whitney Canada and Hamilton Sundstrand disclosed the violations to the U.S. government and made false statements in doing so.”
United Technologies CEO and chairman Louis Chênevert issued the following statement "Export controls are an integral part of safeguarding U.S. national security and foreign policy interests. As a supplier of controlled products and technologies to the Department of Defense and other domestic and international customers, we are committed to conducting business in full compliance with all export laws and regulations. We accept responsibility for these past violations and we deeply regret they occurred."
The fine, $20 million of which can be used by United Technologies towards a compliance program, is unlikely to financially affect a company with revenues exceeding $50 billion, but the case will be a huge embarrassment to the United States, nevertheless.
Politicians and various military officials had been increasingly vocal in their criticism of China’s state-sponsored cyber espionage activities, much of which is directed at stealing military intelligence from the private sector simply by selling restricted technology.
China’s rapid rise to success in the military segment will soon see it take on America’s crown as preeminent global superpower and in the end it is this new economic reality, and incidents like this which it gives rise to, which could yet prove the biggest threat to U.S. supremacy in the military.
In other internet security news
Six individuals, including three IT executives have been arrested in Tokyo in connection with an Android malware scam which netted the group over US $245,000.
Japan’s first arrests for the crime of distributing a smartphone virus came after 9,200 people downloaded malware disguised as an application designed to play videos, according to the Daily Yomiuri.
The six men, which are also being investigated on suspicion of developing the virus, decided to distribute it on an adult website they created, presumably luring victims into paying with the promise of being able to view video content.
Once downloaded onto a user’s phone, the app displayed a message demanding payment of US $1,100 with the notice continuing to be displayed even when the victim tried to turn the device off.
The group also allegedly nicked personal data from the phone including contact information from the address book, and stored it on a server overseas, the report added.
The news highlights the continued threat to Android-based smartphones, one which becomes more alarming for IT managers given that many such devices are being used to access corporate networks as part of BYOD initiatives.
Tokyo-headquartered security vendor Trend Micro said that Android malware actually grew by a huge 1410 percent in the first half of last year.
Although only a very small percentage of the approximately 410,000 apps on Google Play are likely to be harmful, internet security professionals usually recommend users to avoid third party app stores and other sites where malware is more likely to lurk.
The Chinese government has even been forced to voice some concerns about security issues in mobile app stores owned by state-run operators China Mobile and China Telecom.
Source: The U.S. National Security Agency.
You can link to the Internet Security web site as much as you like.