Wednesday, 17 July 2013

GCHQ use of Prism was legal say MPs



UK security services did not break the law in accessing personal data through the US Prism programme, a committee of MPs has said. It had been alleged that data-gathering centre GCHQ circumvented the law to gain information on UK citizens. Parliament's Intelligence and Security Committee (ISC) reviewed the GCHQ reports produced with US intelligence. The ISC said the evidence showed that any intelligence sought had "conformed with GCHQ's statutory duties". Prism is a programme through which the US Government obtains intelligence material - such as communications - from Internet Service Providers (ISPs).

Details of the highly classified programme run by the US National Security Agency (NSA) were leaked by former US intelligence analyst, Edward Snowden. Now wanted by the US, Mr Snowden is in Russia where he has applied for temporary asylum. The ISC, chaired by former foreign secretary Sir Malcolm Rifkind, took detailed evidence from GCHQ for its investigation, including a list of counter-terrorist operations for which the UK was able to obtain intelligence from the US.

It also examined a list of 'selectors' (such as email addresses) that requested information on a list of UK nationals or individuals who were under surveillance in such operations.
Continue reading the main story
“Start Quote

    I see daily evidence of the integrity and high standards of the men and women of GCHQ. The ISC's findings are further testament to their professionalism and values”

William HagueForeign Secretary The committee then looked at a number of UK intelligence reports that were produced as a result of this activity. In a statement on the allegations against GCHQ, the ISC said: "The legal authority for this is contained in the Intelligence Services Act 1994." The Director of GCHQ, Sir Iain Lobban, was questioned "in detail" by the committee, it said.

Members of the committee also met the US National Security Agency (NSA) and their Congressional counterparts to discuss Prism on a recent trip to the US. The ISC added that in each case where GCHQ sought information from the US, a warrant for interception - signed by an MP - was "already in place".

'Complex interaction'

While the committee found that GCHQ had acted within the law, it expressed concern that legal frameworks in some areas were expressed in "general terms".

"More detailed policies and procedures have, rightly, been put in place around this work by GCHQ", in order to comply with the Human Rights Act, it said.

The next step for the ISC was to further examine the "complex interaction" between the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act, and the policies and procedures that underpin them.

Foreign Secretary William Hague welcomed the committee's findings. He said: "I see daily evidence of the integrity and high standards of the men and women of GCHQ. The ISC's findings are further testament to their professionalism and values.

    "It will continue to have the full co-operation of the government and the security and intelli​gence agencies." use of Prism was legal say MPs"

Android malware Stealing Mobile Banking Tan Code


Reaserchers from Dell SecureWorks Counter Threat Unit have found a multi-purpose Android Trojan horse that can harvest a victim's contact list, send and intercept SMS (text) messages, make phone calls (including calls to premium numbers), and install additional malware packages.
Researcher Dr. Brett Stone-Gross describe the threat as  new Android Trojan that is spreading through spam e-mails, using the IRS as a lure.
The malware has a number of features such as stealing a victim's contact list, making phone calls to premium numbers and intercepting text messages.
The ability to intercept text messages is significant because it can be used to bypass two-factor authentication programs, that rely on mobile transaction authentication numbers, known as mTANs, commonly used for electronic money wire transfers.

Hacked signal-boosters let cybercriminals “listen in” on cellphones

A $250 signal-boosting device for cellphone users can be hacked, two researchers claim – offering total access to phone calls, internet use and text messages on devices connected to the “femtocell”.
The devices are used to boost cellphone signal in areas with poor reception – such as large homes or remote areas. Hacked “femtocells” could be placed in public areas – becoming in effect a “cellphone tower” under the control of malicious actors, harvesting information from phones connected to it. The hack was demonstrated on a Verizon model.
“We can operate a cellphone tower, and see everything that your phone would send to a cellphone tower: phone calls, text messages, picture messages, mobile web surfing,” Tom Ritter, of security firm iSEC Partners said in an interview with CNN Money.  ”We can see and record it all.”
Verizon issued an update which patched the vulnerability in March, but the researchers, from security firm iSEC warn that the same model is used by a further 30 carriers worldwide. Firmware on such devices is often rarely updated, according to The Register.
David Samberg of Verizon says that the patch has ensured that the hack will no longer work against Verizon’s models, “All devices that have not accepted the software update have been removed from the network and no longer work,” he said in an interview with Mashable.
“This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people,” said iSEC’s Tom Ritter in an interview with Reuters.
The firm are to present their findings at the Black Hat security conference in Las Vegas this month, in a presentation entitled “I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell”.
“The Verizon Wireless Network Extender remains a very secure and effective solution for our customers,” said Verizon’s Samberg.

Texas restaurant sues credit card giant after point of sale hack

A Texas restaurant chain is suing one of its suppliers over a point-of-sale system which allowed hackers to steal customer data – claiming that card-processing giant Micros Systems supplied units which failed to meet security guidelines, allowing for large-scale theft.
Cotton Patch Cafe alleges that the Micros Systems point-of-sale system did not meet industry standards, and this allowed “a hacker” to access credit card information and clone credit cards in 2006 and 2007. The trial will start on Monday in Baltimore’s U.S. District Court
“The system was not compliant at the time they sold it to us,” said Larry Marshall, president of Cotton Patch Cafe, in an interview with the Baltimore Business Journal.
”Cotton Patch CafĂ© had been using Micros Systems to install and manage our point-of-sale system since our initial installation, and a critical element of that was ensuring the system met security guidelines,” Marshall said in an interview. “Unfortunately, it did not, and its failure resulted in significant negative impact on us and our customers. We discovered several of Micros’ clients experienced similar security breaches, we were not made aware of the problem and Micros knowingly sold software that did not meet industry standards.  They left the small guys out there to fend for themselves.”
Cotton Patch Cafe has spent $800,000 on legal fees and $250,000 in fines due to Visa and Mastercard for not having a compliant system, Marshall said.
Roger Nebel, Cotton Patch’s forensics expert, claims that after one patch “malware provided a back door into the system and facilitated the hacker’s ability to access credit card data,” according to a court memorandum posted by DataBreaches.net. The trial relates to point-of-sale units during the period 2003-2007, after Cotton Patch upgraded its restaurant point-of-sale units from dial-up connection to DSL broadband.
A Micros Systems spokesperson described the lawsuit as “frivolous”.

Bogus UPS invoice phishing scam hits businesses

Figures on a keyboard representing phishing
Cyber criminals are targeting businesses with a UPS invoice phishing campaign that has already spat out 540,000 bogus messages.
AppRiver researcher Jonathan French reported uncovering the scam, warning that the criminals have already sent over half a million emails using 116 different compromised domains. French said the bogus UPS invoices are loaded with a malicious link to one of the compromised sites, which when clicked infects the victim's machine with malware
French wrote: "This morning a malware campaign started coming in as fake UPS invoice emails. The messages looked legitimate in their formatting with a standard UPS email. Every link in the message, however, took the user to a compromised website," he wrote
"The URLs themselves used a similar formatting after the compromised domain name, usually including some variation of the UPS domain name in them. The threat is a Kryptik Trojan that is placed using a Java exploit. After clicking on one of the links, the user will be brought to a page telling them they are being redirected. From there, the Java exploit begins and the malware gets installed."
The campaign is one of many phishing scams using the UPS brand to dupe web users. Prior to it a similar scam was detected in September 2012. The campaign targeted Apple fans with bogus emails masquerading as iPhone 5 UPS delivery notifications on the eve of the smartphone's launch.
French said the attacks can be mitigated if employees use common sense and follow basic best practice when using their company email.
"It's always good practice to be cautious of unexpected emails from large retailers or service providers. Most browsers will also show you link URLs in the bottom of the browser windows if you hover over a link without clicking it," he wrote.
"If the URL is taking you to an unknown site or one that does not belong to the email sender, that is usually a red flag that there may be something malicious going on."

HP updates big data surveillance services to spot security threats 10 times faster

HP logo
HP has updated its ArcSight security suite of tools, promising the product's unified data analytics powers will boost businesses' monitoring powers 10-fold.
The new HP ArcSight Threat Detector 2.0, Threat Response Manager 5.5 and IdentityView 2.5 services are designed to utilise the power of the firm's big data products to let companies spot atypical, or nefarious network activity faster.
The products add several enhanced features to HP's ArcSight portfolio. Specifically HP ArcSight Threat Detector 2.0 will offer new out-of-the-box threat profiles and threat profile intelligence services. Meanwhile the Threat Response Manager 5.5 will come with new cloud-ready, closed-loop capabilities designed to speed up firm's threat detection and response time. IdentityView 2.5 will feature enhanced user identity tracking services.
HP claims the upgraded services will improve enterprise's ability to handle and process information at high velocity, volume and variety, analyse structured and unstructured data, monitor events in cloud, mobile and virtual environments and automatically take action once a threat has been detected.
HP vice president and general manager for ArcSight, Enterprise Security Products, Haiyan Song, said the services will help firms mitigate the increased number of targeted threats facing them.
"Adversaries only need to get it right once to invoke serious damage on an organization's private data, ability to provide critical service or corporate reputation," said Song.
"With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action proactively to minimise business impact and prevent disruption to critical client services."
HP is one of many companies to tout big data analytics security applications. Prior to HP, German software giant SAP highlighted the super-fast analytics and monitoring powers of its HANA platform as a key selling point for the service.

Hacker selling off plundered information to criminals

Dell logo
Researchers at Dell have found that hackers are selling off user information at rates of $1,000 per record.
The company's SecureWorks subsidiary said that as hackers collect vital information on users, a trade in other data has emerged amongst cybercriminals.
According to research from SecureWorks, hackers are not only harvesting account credentials but are now looking to bundle information as full packages, referrred to by hackers as “fullz.”
The kits are said to include multiple forms of user identification, including social security numbers,
“A number of these marketplaces are serving as a one-stop shop for identity theft and fraud,” SecureWorks said in its report.
Not only are they selling the stolen credentials, but they also sell the supporting (counterfeit) documentation or ("dox") for an extra charge.”
According to the researchers, the kits include user information ranging from social security and health insurance data to drivers license, address and social security numbers. Such packages have been sold between hackers for prices of up to $500.
Meanwhile, data drops which include online gaming accounts have been sold for even higher prices, fetching costs of up to $1000 when online gaming accounts such as PSN and Xbox Live credentials have been included.
Our CTU researchers discover caches of stolen data frequently, and we have found that the hackers will steal anything they think they can sell on the underground,” said Dell SecureWorks counter threat unit researcher Don Jackson.
Health insurance credentials continue to rise in value as we see the cost of health insurance and the cost of medical services continues to rise.”

Google, Microsoft and AOL look to block ads from pirate sites

Concept image representing software piracy
Google, Microsoft and Yahoo are among a group of sites signing off on an initiative to prevent piracy sites from collecting revenues.
The companies, along with the likes of AOL, 24/7 Media and Conde Nast are joining forces to block he flow of ad revenues from piracy sites. The companies said that, in accordance with a White House initiative, they would move to prevent sites from collecting revenues on content which is illegally obtained.
Under the plan content creators will work with law enforcement agencies and service providers to flag content and prevent the administrators who seek to profit from content served through pirated content.
“The Administration is committed to reducing infringement of American intellectual property,” the White House said in announcing the plan.
“We will continue to pursue a comprehensive approach to the problems associated with infringement, including increased law enforcement, educational awareness, and increased cooperation with our trading partners in order to promote innovation, support jobs, increase exports, and maintain our global competitiveness.”
Google is not the only firm participating in the initiative. The White House said that other participants in the anti-piracy plan include AOL, Microsoft and Yahoo. The move will rely on private service providers to manage their own content and make efforts to report pirated materials.
“We believe that this is a positive step and that such efforts can have a significant impact on reducing online piracy and counterfeiting,” the White House said.

Hackers Blackmail Belgian Recruitment Agency

Rex Mundi hackers claim to have breached the systems of Habeas.be, a Belgian recruitment agency. They are threatening to leak a large number of records belonging to the site’s customers and job applicants unless the company pays them “a reasonable amount of money.”
The cybercrooks say they’ve downloaded Habeas.be’s entire database, including customer personal records and the information of over 20,000 job applicants.
Those records include the personal details of each application covered along with confidential evaluations and test results,” the hackers stated.
“As always, we have offered Habeas a chance to prevent those records from being leaked. They have until next Thursday to pay us a very reasonable amount of money. If they fail to do so, the private lives of those applicants will be posted online for the whole world to see,” they added.
They’ve leaked some sample data to prove that they’ve gained access to the company’s systems.
In this case, the sample data consists of two applicant data records, some customer data, and details of website users.
The hackers highlight that the Belgian companies they’ve targeted don’t have proper IT security measures in place.
“JOB OFFER: Habeas.be is looking for an IT sec expert (m/f). Competitive salary and benefits. Extremely URGENT!” the hackers said jokingly on Twitter.
We’ve reached out to Habeas to hear their side of the story. The article will be updated if they respond to our inquiry.
Last week, Rex Mundi attempted to extort another Belgian company, the telecoms service provider Numericable. Moments ago, they revealed that the stolen Numericable data would be leaked on Wednesday, unless the company “reacts.”
On Friday, the extortionists leaked over 60,000 records stolen from Italian web hosting company Websolutions.it.
The data has been removed from Pastebin and Hastebin, but it was online long enough to allow users to make copies.

Hackers use Microsoft Office vulnerability to sneak into government networks


Microsoft Internet Explorer
Hackers are using patched vulnerabilities in Microsoft's Office services to infiltrate European government agencies' networks and harvest data from Internet Explorer and Outlook, according to Trend Micro researchers.
Trend Micro's Jonathan Leopando reported a wave of new targeted attacks on Microsoft services, pertaining to be legitimate email messages from the Chinese Ministry of National Defense. Leopando said the attacks are directed at European government officials and contain malware designed to siphon data from them.
"This particular attack was aimed primarily at both personnel belonging to Europe and Asia governments. The message was sent to 16 officials representing European countries alone. The topic of the email – and the attached document – would be of interest to these targets," he wrote.
"The exploit is used to drop a backdoor onto the system, which steals login credentials for websites and email accounts from Internet Explorer and Microsoft Outlook. (It also opens a legitimate 'dummy' document, to make the target believe that nothing malicious happened.)"
Leopando said evidence suggests despite the subject of the message, the origin of the attack remains unclear. "The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name," wrote Leopando.
"It's worth noting, however, that Chinese media organisations were also targeted by this attack. The backdoor itself has also been detected in the wild, but, interestingly, it has been most frequently seen in China and Taiwan, with a more limited presence in other Asian countries."
Leopando said the vulnerabilities targeted in the campaign are a common entry point into company and government networks for hackers. "The vulnerability used in this attack is one that is commonly used by targeted attacks. High-profile campaigns like Safe and Taidoor have made use of this vulnerability; if anything it's a commonly targeted flaw in sophisticated campaigns," he wrote.
The continued success of campaigns targeting the flaw is largely down to companies' and governments' slow patch cycles, as numerous security services capable of mitigating the threat are already publicly available. Slow update cycles have been a constant issue for Microsoft, which releases regular security patches to fix any new vulnerabilities in its services and software.

The Risks Of Mobile Checking-IN

It’s summer, that time of year where we go on vacation, take lots of pictures and, of course, upload them to Facebook, Instagram and Twitter.
And because we want people to know where we are taking this beautiful picture of the fabulous time we’re having, we also like to ‘check in’ at various locations, or to tag the geographic locations in the pictures we took, right down to the exact address of the restaurant or hotel we’re at right that moment.
But next time you’re about to click ‘share’ on your mobile device, be aware that there are many risks to notifying your many friends and followers of where you are and what you’re doing.
  1. The first risk with sharing this geolocational information is that it may not just be accessible to people you know and trust. If you have your Instagram or Foursquare accounts linked to your Twitter account to simultaneously cross-post your announcements, then everyone who is on Twitter can see this and know exactly where you are remember, Twitter is a public arena where anyone can follow and/or read the tweets of anyone else. That includes potential burglars.
  2. Which brings us to the next point  if you’re at the beach, you’re not at your home. Would-be burglars with Twitter accounts can deduce that, and from there it isn’t a huge step to figure out where you live, especially if you’ve ever tweeted the geolocational coordinates of your home address, or have otherwise been careless about sharing information, perhaps on Facebook, that makes it easy to figure out where you live. Also, the White Pages didn’t die, they moved online and are highly searchable.
  3. Putting your home and valuables at risk is one thing, but putting children in danger is obviously a much graver threat. But kids who check in or share their geolocational information when they take pictures of themselves and their friends at the pool, the mall or even at home on a lazy summer afternoon else and then post them Instagram or Twitter are potentially exposing up-to-the-minute information on their whereabouts to a sea of online predators.
That doesn’t mean you and your kids shouldn’t use these popular apps, but you have to be cautious about how you do it. First, only use services that share your information with a small and closed circle of friends. Second, never use the gelocational functionalities of apps like Instagram, Twitter and Facebook, and don’t link your Foursquare account to your Twitter account.
De-activate them if they’re already activated. Finally, if you have children, talk to them about how to use these apps stress to them the dangers of sharing any personal information, but especially their location, through social media.

Will NCCC snoop on us or protect us?

The National Cyber Coordination Centre (NCCC) is considered to be one of the several tools being built by the government of India to monitor the country’s web traffic. At a time when the recent expose of the United States government’s PRISM programme has the entire world worried about its privacy online, NCCC has already received much flak from the country’s privacy activists for being a snooping tool.
But, is it? While the privacy experts have slammed the tool for arming the government with unprecedented powers to monitor web content in the garb of national security, the government says their reactions are knee-jerk and the arguments are based on incomplete knowledge of the project. Supporters of the project claim that in the wake of rising cyber threats to the country’s internal and economic security, the government has a strong case for the project which will just track the Internet traffic flowing through the country without watching the content. Business Standard gets a sneak peek into the functioning of the project and here is the government’s version of the project as they see it along with two expert takes on the project just as they said it.
So, is NCCC a potential snooping tool of the future or is it an honest effort by the government to fight cyber crime? You decide.
Aim
According to three government officials closely associated with the project, who did not wish to be identified, the intent is to watch the traffic flowing through the Internet pipes of the country. The idea is to check malicious activity in general and in strategic sectors along with sensitive government organizations in particular, without accessing the content. “It is like knowing who is posting letters to whom without opening them to see what is written inside,” said one of the officials. Currently, the government is waking up after the attack has happened. In most cases, the attacks go unreported. With this system in place, there will be some visibility about the state of traffic in the country, and information on where are the higher volumes of traffic are coming from, where is malicious content flowing from, where are botnets located, from where are the viruses are spreading etc. At the moment it is being done by private companies like Symantec, IBM, TrendMicro etc which are running enterprise level security operation centres in which they have a group of enterprises for whom they are doing similar kind of stuff. But, that visibility is not there at the country level, a problem which this tool will fix.
Justification
On why it should not be construed as a snooping tool, the officials said that the network flow analysis, which they are doing, is like getting a phone bill with details of calls made, numbers, durations etc without the actual conversation. “In wire tapping, it’s a full packet capture so you are able to listen to the full conversation. But, here I am not doing that. If I have to capture the entire packet then, I will have to duplicate that or create a mirror image. So, I will have to put some kind of a port mirroring device to capture the entire traffic. But, if I have to just monitor the traffic flow of any organization, then I don’t have to put any hardware. That feature is already available in the router and one command has to be enabled to activate it.” The flow doesn’t collect any data and is non-intrusive, officials claim. “There is nothing malicious in it. All countries have a body like NCCC.”
Functioning
The major activity involved in NCCC will be traffic analysis. Most organizations have a traffic pattern. For instance, when there is a surge in usage or a dull period. In NCCC, these flows will come from different networks, and on that basis the traffic will be analysed and anomalies will be identified. For instance: If there is a break in traffic, it will be immediately noticed. The traffic flow will be at the country level, not just at the organizational level. The traffic coming into the country as well as going out will be seen. In case of an external attack, the traffic will be cut off at the external gateway itself. All the important government websites are hosted on the National Informatics Centre network, which will be studied by NCCC. Other important government websites can be monitored separately. For detection of attacks, two techniques will be deployed – proactive technique and defensive technique. In the proactive technique: the attack can be seen as coming, by the use of network traffic flow analysis. Honey nets or pots are deployed which act as lures for attackers. In the defensive technique, immediate action can be taken after an attack has been identified.
The data which is actually captured includes: time of usage, date, duration, interface, flags, source internet protocol, destination internet protocol, source code, destination code, packet size and the number of packets. “If somebody is trying to hack into a website, it requires deeper inspection of the packets, so we will not be able to tell that but if someone is doing continous spamming, or generating some traffic, so we will be able to very easily track that,” one of the officials said.
Status
A detailed project report of the Rs.600 crore project which is currently under the ministry of communications and information technology is being prepared. But, there is not much clarity who will finally execute it and whether private technology companies will be roped in to build the infrastructure or the government will build it completely on its own. Also, the government would not require any additional permission to build this tool as current Information Technology Act allows it. “We are not monitoring content after all,” re-emphasised one of the government officials.

Meet the Air Force's Top Cyberwarrior

The military has long believed it plays an essential role in protecting the nation's power grid, water supply, and financial sector from cyberattacks. But until recently, you'd be hard-pressed to find a top military officer willing to say so publicly.
For nearly a decade, protecting the nation's critical infrastructure from hackers and foreign cyberarmies has been the nominal responsibility of the Department of Homeland Security (DHS), a civilian agency. Talk of the military operating on U.S. soil raised the specter of militarizing the Internet and the Posse Comitatus Act. But let's be honest.
The technical expertise to fight a cyberwar resides in the Defense Department, where the head of U.S. Cyber Command, Gen. Keith Alexander (who also happens to run the National Security Agency), wants to grow his force of cyberwarriors from 900 to 4,000.
That would dwarf the cyberworkforce at DHS, which numbers in the hundreds and has no authority to launch offensive operations on the Internet. Civilians and soldiers have long known that if the United States went to war in cyberspace, it would largely fall to the military to defend U.S. computer networks -- and to launch a counterstrike.
Now, the officers in charge of the military's burgeoning cyberforces are speaking more freely about their role, aided in part by a new presidential directive that spells out the Defense Department's authority for protecting U.S. computer networks during a national emergency.
The general who oversees the Air Force's online warriors says there needs to be a "frank discussion" among nations to keep misunderstandings in cyberspace from escalating into a broader conflict. "We still have to get our hands around deterrence," said Lt. Gen. Michael Basla, the Air Force's chief of information dominance and its chief information officer, in an interview with Foreign Policy.
There are no hard lines that tell an adversary what response he can expect after taking action against a U.S. network, Basla explained. Nor is there a full understanding of "signaling" by a cyber-adversary -- that is, how to tell the difference between an action that may look provocative, but is actually more benign.
Basla's title reflects how priorities have changed for the Air Force in a short period of time. In June 2012, he became the first chief information officer (CIO) to hold that second title putting him in charge of "information dominance" -- read cyber-operations. In many organizations, the CIO is the guy in charge of keeping the network running. He's like the plumber. Basla's a kind of plumber too, but he's figuring out how to take out an adversary's networks, at the same time that he tries to defend the Air Force's.
Basla's comments about deterrence echo those of other cybersecurity experts who say that there is currently no cyber-analog to the strategy of nuclear deterrence, whereby nations understand what aggressive steps they might take but still stop short of a full exchange of nuclear weapons.
To keep misunderstandings in cyberspace from escalating into full-scale conflict, Barack Obama's administration is taking a page from the Cold War playbook.
The United States and Russia will start sharing information about national-level cyberconcerns through the Nuclear Risk Reduction Center, which was established to let U.S. and Soviet leaders reach each other at any moment and talk their respective countries down from the brink of war.
This system of communications links, popularly known as the "red phone," will also connect cyberofficials at the White House to their counterparts in the Kremlin.
Basla pointed to that development as a positive sign that norms of behavior are starting to be laid out in this new domain of warfare. As far as the Air Force is concerned, these are still early days. "We're still in the forming and storming phase," Basla said.
Basla oversees the range of Air Force activity in cyberspace, from defending its computer networks around the world to what he called the "very exquisite operations piece." In other words, sophisticated, and secretive, cyberoffense capabilities that rely on elite personnel.
Today, nearly all Air Force cyberpersonnel, about 90 percent, are defending the service's networks, Basla said. The operational side is "very small." (Basla said last year that the most classified and sophisticated operators account for less than 1 percent of the overall force.)
However, the demand for those offensive cyberoperators is growing. The nation's top intelligence officials, James Clapper, has warned that a potentially devastating cyberattack on U.S. infrastructure, such as a financial system or the electrical power grid, is now the greatest national security risk the country faces. In March, Alexander, the Cyber Command chief, said that the United States was fielding 13 teams capable of striking at foreign countries if the country's networks were attacked.
The Air Force, like the other military service branches, supports the overall joint cyber-command. But it comes to the fight with a particular perspective, Basla said. It's developing, for example, techniques to neutralize an enemy's air defense systems, so that U.S. aircraft can provide unimpeded support to ground forces. Such a strike could also be delivered with a missile. The result would be the same. "We want to be able to eliminate the threat," Basla said.
The Homeland Security Department doesn't have any missiles in its arsenal. And it's not building cyberweapons, either. If America goes off to cyberwar, there will be no doubt about who's on point.

American Cyber jihadist sentenced Incited Violent Jihad Online

A  federal judge sentenced Emerson Begolly  to eight years and six months in prison for soliciting others to engage in acts of terrorism within the United States and for using a firearm in relation to an assault on FBI agents.
FBI  describe him as a shy young man. But online, the 24-year-old was the complete opposite he forcefully incited jihadist violence against Americans and Jews. And when FBI agents attempted to talk to him in 2011, he reached for a loaded handgun in his pocket and then bit the agents who disarmed him.
Begolly pled guilty in August 2011 after being indicted less than a month earlier.
“This is a guy who definitely had the potential to hurt people,” said Special Agent Blake McGuire, who led part of the investigation from our Pittsburgh office. “He was a disaffected U.S. citizen who was susceptible to the message of violent extremism, and he became self-radicalized on the Internet. That type of offenderthe so-called lone wolf is extremely dangerous,” McGuire added, “because they can be difficult to discover before they resort to violence.”
Begolly came to the FBI’s attention in 2010 when he began posting violent material on an Islamic extremist Internet forum. Using the pseudonym Abu Nancy, the Pennsylvania resident and occasional college student solicited fellow jihadists to use firearms and explosives against American police stations, post offices, Jewish schools and daycare centers, military facilities, train lines, and water plants. He further urged his audience to “write their legacy in blood” and promised a special place in the afterlife for violent action in the name of Allah.
Members of the Bureau’s Joint Terrorism Task Forces in Pittsburgh and in Northern Virginia worked on the case with U.S. attorneys in both jurisdictions. “We all shared the same concern,” McGuire said, “that something might trigger this young man to carry out his own personal jihad.”
Begolly was under surveillance during the summer of 2010 when he legally purchased an assault weapon. Several months later, he escalated his online postings by soliciting jihadists to violence by posting a manual on how to manufacture a bomb.
Shortly after the bomb-making post, agents obtained search warrants for the homes of Begolly’s parents, where he often stayed. While the searches were being conducted, two other agents approached Begolly at a fast food restaurant near Pittsburgh to speak with him. That’s when he reached for the loaded handgun in his pocket. As the agents subdued him, he bit their fingers, trying to free himself and reach for his gun. His actions were consistent with a previous online post in which he urged jihadists not to be taken alive by law enforcement and to always carry a loaded firearm.
“When you combine troubling rhetoric that escalates with weapons, it poses a tremendous threat to public safety,” McGuire said. “Fortunately, we headed off any potential danger before it happened.”