Sunday, 8 September 2013

The New Russian Cyber War Force

Russia recently revealed that it is organizing a Cyber War organization within the Defense Ministry. This would be a separate branch of the army, joining more traditional branches like infantry, armor, artillery and signal (where Cyber War operations already exist in most countries). Noting what’s going on in China and the United States, the Russians have decided to catch up.
The Chinese military already has a growing number of formal Cyber War units, as well as military sponsored college level Cyber War departments and extensive course offerings. These Cyber War units, plus the volunteer organizations and Golden Shield (Internet censors and monitors) bureaucrats apparently work closely with each other and have provided China with a formidable Cyber War capability. NET Force, with only a few thousand personnel, appears to be the controlling organization for all this. With the help of RHU and Golden Shield, they can mobilize formidable attacks, as well as great defensive potential. No other nation has anything like it.
In early 2013 the U.S. Cyber Command (USCYBERCOM) announced that it was forming more offensive cyber-teams and would have at least 40 of them by 2015. By 2016 over a sixty defensive cyber teams will be formed, to provide defensive skills and expertise where needed most. Each team will have a mix of experienced software engineers (including civilian contractors) and personnel with skills but not much experience. The teams of a dozen or so people will benefit from Cyber Command intelligence and monitoring operations as well as a big budget for keeping the software library stocked with effectivetools (including zero day exploits, which are not cheap at all). Cyber Command also has contacts throughout the American, and international, software engineer community. This can provide crucial expertise when needed. The effectiveness of these teams will vary a great deal because one highly skilled Internet software whiz on a team can make a huge difference.
The majority of these teams will be assigned to the nine major commands (like Centcom or Socom), but 13 will be used to strike back at attacks on the United States. Exactly what weapons would be used was not discussed, nor was the exact size and organization of offensive cyber-teams. What is known that there is work for such teams of Internet specialists if they work in conjunction with lawyers and the State Department. This kind of organization has already destroyed several Internet criminal organizations. NSA (National Security Agency) has been even more active in carrying out offensive attacks, with over 200 of them revealed recently in stolen (by a disgruntled employee, not enemy hacking) NSA documents.
The Department of Defense offensive operations work like this. The Internet specialists can usually determine how the attackers are operating and where from. This evidence can be used by the lawyers and American diplomats to get warrants to seize of shut down web sites or servers in foreign countries and even arrest (eventually) those identified as being behind the attack. But what do you do if the hacker attack comes out of countries that will not cooperate, like Iran, North Korea, China or Cuba. The NSA procedure is similar, but more shrouded in secrecy.
Cyber Command became operational in late 2010 and is still working on an official (approved by the government) policy stipulating how Internet based attacks can be responded to. Meanwhile there have been a lot of unofficial attacks. The 2013 cyber-teams announcement implied that attacks are now allowed, but not what kind of attack. The NSA leaks confirmed that attacks are going on. While Cyber Command has long been asking for permission to fight back, technical, legal, and political problems have delayed agreement on how that can be done. It's not for want of trying. A year ago the U.S. Congress approved a new law that allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military is now authorized to make war via the Internet. The new law stipulates that all the rules that apply to conventional war also apply to Cyber War. This includes the international law of armed conflict (meant to prevent war crimes and horrid behavior in general) and the U.S. War Powers Resolution (which requires a U.S. president to get permission from Congress within 90 days of entering into a war). Meeting with all the fine print has so far delayed actually allowing a legal counterstrike to a Cyber War attack. The NSA doesn’t have all those restrictions because it comes out of the intelligence world, where there have always been fewer rules. While this approach to Cyber War makes sense to the NSA, the Department of Defense is frustrated at being held to conventional war standards.
Meanwhile, there are some related serious problems with finding qualified people to carry out such counterattacks. Headquartered in Fort Meade (outside Washington, DC), most of the manpower and capabilities for Cyber Command come from the Cyber War operations the services have already established. U.S. Cyber Command has some smaller organizations of its own that coordinate Cyber War activities among the services, as well as with other branches of the government and commercial organizations that are involved in network security. But most of Cyber Command manpower actually works for the Cyber War organizations of the four services.
Of the four services the U.S. Air Force is the most experienced in Cyber War matters. Back in 2008 the air force officially scrapped its own planned Cyber Command, which was supposed to operate more like USCYBERCOM. That new air force organization was supposed to officially begin operating by the end of 2008. Instead, many of the personnel that were sent to staff the new command were sent to the new Nuclear Command. This change was made in response to growing (at the time) problems with the management of air force nuclear weapons. Despite that, the air force continued trying to establish some kind of new Cyber War operation and use it to gain overall control for all Department of Defense Cyber War activities. The other services were not keen on this. That resistance, plus the nuclear weapons problems, led to the Cyber Command operation being scaled back to being the 24th Air Force. This organization handles electronic and Internet based warfare.
The U.S. Army, following the example of the air force, also established a Cyber War operation. Some 21,000 soldiers were pulled from a large variety of signal and intelligence outfits to form ARFORCYBER (Army Forces Cyber Command). It became fully operational in 2012 with its headquarters at Ft. Belvoir, Virginia.
In 2009 the U.S. Navy created an "Information Domination Corps", in the form of a new headquarters (the 10th Fleet), with over 40,000 people reassigned to staff it. While the new Cyber War command dealt mainly with intelligence and network security, it also included meteorology and oceanography. These last two items are very important for deep water navies, especially since a lot of the information about oceans, and the weather, is kept secret. The fleet calls upon the talents of 45,000 sailors and civilians. Most (44,000) of these personnel are reorganized into 10th Fleet jobs or will contribute from within other organizations. A thousand new positions were created, mainly for 10th Fleet. All this gave the navy a more powerful and secure position in cyberspace. The navy does not want to repeat the mistakes of the air force in this area.
The U.S. Marine Corps established a Forces Cyberspace Command in 2010, with about 800 personnel, to help provide network security for marine units. The marines are accustomed to doing more with less.
All those Cyber War operations are dependent on contract workers (civilians) for their top technical talent. The new Russian Cyber War organization is expected to use more civilians, because they have less Cyber War talent in the ranks than the U.S. does. There is always a shortage of skilled Internet experts, partly because they have to be capable of getting a security clearance. This rules out a lot of the best hacking talent, who had misbehaved in the past and were identified or even prosecuted for it. This is not a problem in Russia, which has a more freewheeling tradition in this area. A lot of otherwise qualified technical personnel won't even apply for these U.S. Department of Defense jobs because a background check might reveal earlier hacking misadventures they would rather keep quiet about (at least to the government). In Russia, those misadventures make candidates more attractive. Meanwhile, the Department of Defense has assembled a growing group of civilian Cyber War volunteers. Not all have security clearances but in the event of a national Cyber War crisis, that would be less of an issue.

Microsoft Yammer Social Network hack video

Yammer, Inc. is a freemium enterprise social network service that was launched in 2008 and sold to Microsoft in 2012. Yammer is used for private communication within organizations or between organizational members and pre-designated groups, making it an example of enterprise social software. It originally launched as an enterprise microblogging service and now has applications on several different operating systems and devices. Access to a Yammer network is determined by a user`s Internet domain, so only those with appropriate email addresses may join their respective networks.
Yammer is a secure, private social network for your company. Yammer empowers employees to be more productive and successful by enabling them to collaborate easily, make smarter decisions faster, and self-organize into teams to take on any business challenge. It is a new way of working that naturally drives business alignment and agility, reduces cycle times, engages employees and improves relationships with customers and partners. Pioneered Enterprise Social Networking when we launched in 2008 Among the fastest growing enterprise software companies in history, exceeding over four million users in just three years. Raised $142 million in venture funding from top tier firms Used by more than 200,000+ companies worldwide Built social from the ground up with ‘Facebook DNA’: Facebook’s Founding President, Sean Parker serves on Yammer’s Board of Directors Yammer and Facebook share the same first investor, Peter Thiel; backed by Social+Capital Partnership – a fund established by former Facebook Vice President, Chamath Palihapitiya.
More than 80 percent of the Fortune 500® are using Yammer. Leading organizations including Ford, Nationwide, 7-Eleven, Orbitz Worldwide, Rakuten, and Telefonica O2 have adopted Yammer. Protocol Introduction: OAuth is an emerging authorization standard that is being adopted by a growing number of sites such as Twitter, Facebook, Google, Yahoo!, Netflix, Flickr, and several other Resource Providers and social networking sites. It is an open-web specification for organizations to access protected resources on each other`s web sites. This is achieved by allowing users to grant a third-party application access to their protected content without having to provide that application with their credentials.
Unlike Open ID, which is a federated authentication protocol, OAuth, which stands for Open Authorization, is intended for delegated authorization only and it does not attempt to address user authentication concerns. There are several excellent online resources, referenced at the end of this article, that provide great material about the protocol and its use.
 To watch the video click the link below:
http://www.youtube.com/watch?v=SwxWNvmOsU4&feature=player_embedded

NSA Bullrun program, encryption and false perception of security

Revelations on Bullrun program demonstrated that NSA has capabilities against widely-used online protocols such as HTTPS and encryption standards.

The latest nightmare for US Administration is named Bullrun, another US program for massive surveillance. Snowden‘s revelations represented a heartquake for IT security, the image of NSA and US IT companies are seriously compromised such the trust of worldwide consumers.
The extension of US surveillance activities seems to have no limits neither borderlines, every communication and data despite protected with sophisticated encryption mechanisms were accessible by US Intelligence and its partners like Britain’s GCHQ.
The New York Times and The Guardian newspapers and the journalism non-profit ProPublica  revealed details of the new super secret program, codenamed Bullrun, sustained by the NSA to have the possibility to bypass encryption adopted worldwide by corporates, governments and institutions. The Bullrun program is considered the second choice of U.S. Government to the failure in place a backdoor, the so-called Clipper chip, into encryption that would have allowed it to eavesdrop on communications.
Be aware we are not speaking of cracking algorithms, Snowden warned that NSA bypass encryption targeting end point of communications:
“Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said to the Guardian.
The Intelligence Agency has inducted vendors and manufactures to include backdoors in their products or to disclose related encryption keys  to allow the access data, this is the core of the Bullrun program. Snowden revelations are causing the collapse of many certainties, last in order of time is the integrity of encryption standards, according the popular newspapers NSA has worked to undermine the security of those standards.
Following an image of classification guide to the NSA’s Bullrun decryption program
NSA Bullrun Doc
The repercussions are critical, the diffusion of the defective encryption standard has exposed the same data accessed by NSA to the concrete risk of stealing operated by third party actors such as foreign state-sponsored hackers and cybercriminals.
“The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets,” “Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSA’s efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States’ reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies.”commented Christopher Soghoian, principal technologist of the ACLU’s Speech, Privacy and Technology Project.”
Suddenly the IT world discovered that has perceived a false sense of security, the repercussion on the global security market are enormous, customers have put their trust in the wrong companies, too often they have been deceived by false myths and new paradigms (e.g. Cloud computing) designed to facilitate the surveillance operated by intelligence agencies.
Bullrun program is the last revelation on a nefarious policy conducted by one of the major security agencies, ironically because of its willingness to supervise each and every date of the largest Internet has made it unsafe. Chasing the concept of security NSA has actually opened loopholes in the global information systems that could have benefited powers such as China or terrorist groups.
The surveillance programs such as Prism and Bullrun are certainly questionable, as well as the conduct of major American companies that have gone along with his demands.
NSA and other agencies siphoned data from land and undersea cables, just after the revelations on PRISM program intelligence has started a misinformation campaign sustaining that US authorities was working to find the way to crack encrypted traffic, in reality the agency has no reason to do it and the Bullrun program is the proof. Misinformation as a pure diversion to influence the global sentiment and keep the lights of the media far from the dirty collusions of governments and private companies.
“None of methods used to access to encryption keys involve in cracking the algorithms and the math underlying the encryption, but rely upon circumventing and otherwise undermining encryption.”
The newspapers sustains that NSA maintains an internal database, dubbed “Key Provisioning Service”, of encryption keys for each commercial product. Using the Key Provisioning Service the NSA is able to automatically decode communications and access to encrypted data. Every time the agency needs a key for a new product it formalizes a request to obtain it, the request is so-called Key Recovery Service.
Other news reported that in one circumstance the US government learned that a foreign intelligence had ordered new computer hardware and after pressure of NS A the US vendor agreed to insert a backdoor into the product before it was deployed.
Keys are provided by vendors or obtained by the intelligence with hacking campaign against infrastructures of product providers.
“How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored,” “To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means.” states NYT.
The most disturbing revelation involves the NSA’s efforts to deliberately weaken international encryption standards developers use to make their encryption secure, according to a classified NSA memo obtained by NYT the fatal weakness discovered by two Microsoft cryptographers in 2007 in a 2006 standard was intentionally engineered by the NSA.
“Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,”“If the backdoor is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.” said cryptographer Bruce Schneier.
“Some of the methods involved the deployment of custom-built, supercomputers to break codes in addition to collaborating with technology companies at home and abroad to include backdoors in their products. The Snowden documents don’t identify the companies that participated.”
The Bullrun program, according to the documents, “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” By this year, the Times reports, the program had found ways “inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws.”
We are therefore assuming that the U.S. Government has deliberately prompted to enter bugs in software solutions sold worldwide, the knowledge of those flaws could then have been sold in the black market of zero-day vulnerabilities  about which so much has been discussed. At that point, probably the same U.S. Intelligence would offer big bucks to buy back the zero-day to cover traces of the shocking activities.
Which are the targets of the NSA?
Everyone! The imperative is global monitoring, ISP, Internet phone call and text services and mobile operators are privileged targets according the paper, and I add social media platforms.  Of course now every internet users desire to stay far from prying eyes, the use of anonymizing network and secure messaging system is exploding, Tor metrics data revealed an incredible increase of total number of Tor users.
The unique certainties are that the surveillance program will continue and the expense of monitoring activities will increase exponentially, there is another consideration to do related to the global commerce for security solutions. The global market will be seriously impacted, fall of trust in US security vendors could advantage other players, the equilibrium is jeopardized when trust is broken and open source software will live a new peak of popularity waiting for the next incident.