CISPA cybersecurity bill backers hope second time’s a charm

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

May 172013

CISPA cybersecurity bill backers hope second time’s a charm

NBC News
by Alina Selyukh & Deborah Charles (Reuters)
May 16, 2013

WASHINGTON (Reuters) –

Six months after a U.S. cybersecurity bill died in the Senate, some Obama administration officials and lawmakers are optimistic they can get a new law passed amid heightened public awareness of hacking attacks and cyber espionage.

With top intelligence officials warning that cyber attacks have replaced terrorism as the leading threat against the United States, the White House and lawmakers have spent months discussing how to improve the flow of information between the government and the private sector.

A second go-around for the Cyber Intelligence Sharing and Protection Act (CISPA) was approved by the Republican-controlled House of Representatives in a bipartisan vote on April 18, though the White House has again threatened to veto the bill unless more protections for privacy and civil liberties are added.

Still, senior Obama administration officials say behind-the-scenes talks with lawmakers this time around are constant, more serious and more productive.

“I actually think that the outlook is significantly better than it was last year,” the White House cybersecurity policy coordinator, Michael Daniel, told the Reuters Cybersecurity Summit in Washington this week. “What has impressed me has been the willingness of everybody involved to actually continue having those discussions and to continue that extensive level of dialogue trying to find some solutions.”

While Daniel cautioned that it is never easy to get the divided House and Senate to agree to anything, he predicted that final cyber legislation might be seen by the fall.

“A lot of us are concerned about getting a good piece of cybersecurity legislation before something really bad happens. As a general rule, legislation that is produced immediately after a crisis is not as good as the stuff that can be done when it’s more thought-out,” he said.

Last year, the Senate failed to pass a comprehensive cybersecurity bill that combined information-sharing provisions similar to those in the current CISPA with voluntary cybersecurity standards for businesses that control critical U.S. infrastructure.

Since then, President Barack Obama has signed an executive order that directs government officials to set voluntary standards to reduce cybersecurity risk and offer incentives to private companies to adopt them.

A series of high-profile cyber attacks — such as repeated disruptions of the online banking sites of major U.S. banks, or markets plunging on a fake message on the AP Twitter feed about a White House bombing that never happened — have built momentum behind cyber legislation.

* Separate bills

The Senate does not plan to vote on CISPA, but is expected instead to take up its own cyber-related bills. On Wednesday, Senate Intelligence Committee Chairman Dianne Feinstein, a California Democrat, said her panel was drafting a version of an information-sharing bill.

Congressional aides said staff and lawmakers from both sides of the aisle are constantly meeting on the issue. One Senate aide said it was a collaborative process to agree on multiple key elements to make the overall law stronger.

Representative Mike Rogers, chairman of the House intelligence committee and CISPA co-author, said key senators including Feinstein were “completely all in” on the need to pass a cybersecurity law. The Michigan Republican predicted that House and Senate lawmakers could work out an agreement on at least an information-sharing bill.

“I think we’re finally coming to the consensus here that hey, let’s pass what we can pass and take another bite. This isn’t the end-all cure-all,” Rogers told the summit.

He said a meeting was scheduled this week — with more to come — between the House and the Senate to discuss in detail the elements of cyber legislation and see where compromise could be reached, without starting completely from scratch.

Rogers predicted that if a bill could pass through both houses of Congress, Obama would sign it despite the veto threat.

* Urgent need

Top administration officials have underscored the urgent need for laws that would complement Obama’s executive order and help ensure the government and the private sector are on the same page when it comes to threats posed to critical U.S. infrastructure.

Homeland Security Secretary Janet Napolitano said many lawmakers received classified briefings last year on cyber threats, and better education on cyber risks means “we’re starting from a much better base” on legislation.

“There’s a lot of work going on behind the scenes,” Napolitano told the summit. “There are many fewer concerns than there were last time around.”

But officials acknowledge that hurdles remain. For example, some senators, like Homeland Security Committee Chairman Tom Carper, prefer a more comprehensive bill.

“While information sharing is an important part of our efforts, it is only one of many elements needed to properly bolster our cyber defenses,” Carper, a Delaware Democrat, said in a statement.

Other issues he says he would like to address in legislation include protections for critical infrastructure, security of federal agency networks, cyber workforce development and notification of data breaches.

Some private industry security experts were skeptical about the prospects for broad legislation, as well as the effectiveness of such laws in preventing cyber attacks. Shane Shook, chief knowledge officer at cybersecurity services company Cylance Inc, suggested the private sector should organize information sharing itself.

“Comprehensive legislation is never going to happen that can be effective over all 18 sectors,” Shook told the summit.

Ira Winkler, president of the Information Systems Security Association, said he was skeptical that any meaningful legislation would pass this year, barring a major cyber attack that damaged U.S. infrastructure.

“We hear about wake-up calls, but people keep hitting the snooze button,” he said.

— Additional reporting by Andrea Shalal-Esa and Thomas Ferraro

Direct Link: http://www.nbcnews.com/technology/cispa-cybersecurity-bill-backers-hope-second-times-charm-1C9948195#cispa-cybersecurity-bill-backers-hope-second-times-charm-1C9948195

The incredible U.S. military spy drone that’s so powerful it can see what type of phone you’re carrying from 17,500ft

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Investigative, Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Technology & Digital Security, U.S. MARINES & Military Comments Off

May 162013

The incredible U.S. military spy drone that’s so powerful it can see what type of phone you’re carrying from 17,500ft

Daily Mail / UK
by Damian Gayle
January 28, 2013

The ARGUS-IS can view an area of 15 sq/miles in a single image
Its zoom capability can detect an object as small as 6in on the ground
Developed by BAE as part of a $18million DARPA project
System works by stringing together 368 digital camera chips

A sinister airborne surveillance camera gives the U.S. military the ability to track movements in an entire city like a real-time Google Street View. The ARGUS-IS array can be mounted on unmanned drones to capture an area of 15 sq/miles in an incredible 1,800MP – that’s 225 times more sensitive than an iPhone camera. From 17,500ft the remarkable surveillance system can capture objects as small as 6in on the ground and allows commanders to track movements across an entire battlefield in real time.

Beat that, Google: An image taken from 17,500ft by the U.S. military’s ARGUS-IS array, which can capture 1,800MP zoomable video feeds of an entire medium-sized city in real time

‘It is important for the public to know that some of these capabilities exist,’ said Yiannis Antoniades, the BAE engineer who designed the system, in a recent PBS broadcast. The aerospace and weapons company developed the ARGUS-IS array as part of a $18.5million project funded by the Pentagon’s Defense Advanced Research Projects Agency (Darpa).

In Greek mythology, Argus Panoptes, guardian of the heifer-nymph Io and son of Arestor, was a primordial giant whose epithet, ‘Panoptes’, ‘all-seeing’, led to his being described with multiple, often one hundred, eyes. Like the Titan of myth, the Pentagon’s ARGUS-IS (a backronym standing for Autonomous Real-time Ground Ubiquitous Surveillance-Imaging System) works by stringing together an array of 368 digital camera imaging chips. An airborne processor combines the video from these chips to create a single ultra-high definition mosaic video image which updates at up to 15 frames a second.

All-seeing: This graphic illustrates how the U.S. military’s ARGUS-IS array links together images streamed from hundreds of digital camera sensors to watch over a huge expanse of terrain in real time

What it looks like: The ARGUS-IS (a backronym standing for Autonomous Real-time Ground Ubiquitous Surveillance-Imaging System) strings together an array of 368 digital camera imaging chips into a single unit

That tremendous level of detail makes it sensitive enough to not only track people moving around on the ground thousands of feet below, but even to see what they are doing or carrying. The ARGUS array sends its live feed to the ground where it connects to a touch-screen command room interface. Using this, operators can zoom in to any area within the camera’s field of view, with up to 65 zoom windows open at once. Each video window is electronically steerable independent of the others, and can either provide continuous imagery of a fixed area on the ground or be designated to automatically keep a specified target in the window.

Sinister: The system tracks all moving objects in its field of view, highlighting them with coloured boxes, allowing operators to track movements across an area as and when they happen

The system automatically tracks any moving object it can see, including both vehicles and individuals on foot, highlighting them with coloured boxes so they can be easily identified. It also records everything, storing an approximate million terabytes of data a day – the equivalent of 5,000 hours of high-definition video footage. ‘So you can go back and say I’d like to see what happened at this particular location three days, two hours [and] four minutes ago, and it will actually show you what happened as if you were watching it live,’ said Mr Antoniades.

iPad next? The feed from the ARGUS is transmitted to a touch-screen command and control interface

Windows: Operators can open a window to zoom in to any area within the camera’s field of view, with up to 65 open and running at once

Total surveillance: The view of Quantico, Virginia, highlighted in the PBS film

For the PBS programme reporting the technology, Mr Antoniades showed reporters a feed over the city of Quantico, Virginia, that was recorded in 2009. The technology has been in development since 2007 but authorities are staying tight lipped about whether it has yet been deployed on the battlefield. Dr Steven Wein, director of optical sensor systems at BAE Systems, said: ‘The ARGUS-IS system overcomes the fundamental limitations of current airborne surveillance systems. ‘Very high-resolution imaging systems required for vehicle and dismount tracking typically have a “soda-straw” view that is too small for persistent coverage. ‘Existing wide-area systems have either inadequate resolution or require multiple passes or revisits to get updates.’ BAE are now said to be working on an infra-red version of ARGUS that would allow commanders total surveillance of an area even at night.

Direct Link: http://www.dailymail.co.uk/sciencetech/article-2269563/The-U-S-militarys-real-time-Google-Street-View-Airborne-spy-camera-track-entire-city-1-800MP.html

Russia’s CIA spy bust ‘was linked to Boston Bombing’

Articles of Interest, National security, Terrorism, Cyber Terrorism & Related Crimes Comments Off

May 162013

Russia’s CIA spy bust ‘was linked to Boston Bombing’:

U.S diplomat was trying to recruit Dagestan expert who travelled to terrorist’s home town when he was arrested

DAILY MAIL / UK
May 16, 2013

U.S. diplomat named as Ryan Christopher Fogle was arrested on Monday
Russia claim he was attempting to recruit a Russian secret services official
Letter allegedly found on him offers agents $1million per year to defect
U.S. ambassador summoned to Russian foreign ministry to explain today

The arrest of a US diplomat accused of being a CIA spy was linked to the Boston bombing, sources revealed today.Russian security officials reported on Tuesday that they had briefly detained Ryan Fogle in Moscow for allegedly trying to recruit a Russian intelligence officer.

Today sources revealed the man Mr Fogle was trying to ‘recruit’ was an FSB agent who specialised in Islamic extremism in Russia and may even have travelled to the region where the bombing suspects came from.

Suspected Boston terrorist Tamerlan Tsarnaev

It is thought that he was part of a team who went to Dagestan and provided intelligence to the United States about an extremist threat in 2011.

Ryan Fogle

Lure: Sources today said that Ryan Fogle, was seeking to lure into treachery an FSB agent who had knowledge of Russian intelligence operations on suspected Boston terrorist Tamerlan Tsarnaev

Fogle, a third secretary at the U.S. Embassy, who was carrying special technical equipment, disguises, written instructions and a large sum of money. Fogle was later handed over to U.S. Embassy officials.

Relations: U.S. Ambassador Michael McFaul walks outside as he leaves the Russian Foreign Ministry headquarters in Moscow. He was summoned to explain the alleged espionage mission of one of his diplomats

This morning the Russian foreign ministry today issued a formal protest to American ambassador Michael McFaul who was summoned to explain the alleged espionage mission of one of his diplomats.

Arrested: The US diplomat – suspected by the Russian of being a CIA agent – was named as Ryan Christopher Fogle. He was arrested last night in Moscow

As he left after the brief session with Deputy Foreign Minister Sergei Ryabkov, the envoy waved to reporters but refused to comment.

The Ministry hit out at ‘provocative acts in the spirit of the Cold War’ and has ordered the expulsion of Fogle, arrested wearing a blond wig under his baseball cap.

Claims: The FSB counter intelligence service said the envoy, a third secretary in the political section of the American embassy was caught red handed seeking to recruit a Russian intelligence officer

‘This does not contribute to the further process of building mutual trust between Russia and the United States and bringing our relations to a qualitatively new level,’ warned Dmitry Peskov, spokesman for Russian president Vladimir Putin.

Detained: The FSB said Fogle was in possession of two floppy wigs, three pairs of glasses, a map of Moscow and a folding knife when he was detained

But it was becoming clearer today that the US was seeking to lure into treachery an FSB agent who had knowledge of Russian intelligence operations on suspected Boston terrorist Tamerlan Tsarnaev, who lived in America but had travelled to Dagastan where he was believed to have met Islamic extremists.

Just call me James… blond? Russian intelligence services parade the ‘CIA spy’, named as Ryan Christopher Fogle, for cameras on Monday

The FSB had earlier warned the FBI about his potential extremist links.

In material released by the FSB, it is clear the Americans had phone numbers for one or more Russian intelligence agents involved in anti-terrorism work in the Caucasus.

CIA Espionage Kit

They obtained these during trip involving FBI agents to Dagestan in search of intelligence on Tamerlan’s trip.

‘After the first call he refused to meet, but this man called again and insisted on a meeting,’ said a recording of a FSB officer addressing three US diplomats who came to collect the alleged CIA agent from FSB headquarters.

Statement: ‘Recently, the US intelligence service has made repeated attempts to recruit the staff of Russian law enforcement agencies and special services,’ according to the FSB

‘At first we did not believe it was happening, because recently the FSB has been actively helping to investigate the Boston blasts, and was also providing some other information about threats to US national security’.

Today Kommersant newspaper said: ‘It is likely that during the trip in April the US side obtained the phone numbers of Federal Security Service (FSB) agents.’

‘Clearly, they then decided to use it to have personal contacts with anti-terror agents, given that the exchange of information in the form of question and answers between special services is not always quick and smooth,’ it said.

Russia has not named the target of the US co-operation, and it is not known whether the agent has faced any problems or even arrest over the US interest in him.

Fogle apparently hinted at an initial payment of $100,000 followed up a salary of up to $1 million a year plus bonuses if the Russian intelligence official handed over secrets to the CIA.

Questions: A letter the agent carried suggested the US government was willing to pay up to $1 million a year plus bonuses to his unidentified potential Russian recruit, if the letter released by the FSB is genuine

Russian Foreign Minister Sergei Lavrov said he had opted not to bring up the case at talks with US Secretary of State John Kerry on Tuesday in Sweden.

‘I decided that talking about it would be superfluous, since it is already made public and everyone already understands everything,’ he said.

Fogle was the first American diplomat to be publicly accused of spying in Russia in about a decade.

Fogle ID

While relations between the two countries have been strained, officials in both Washington and Moscow sought to play down the incident.

Fogle was caught in Vorontsovski Park, an area in south-east Moscow, the FSB said.

A letter in Russian which Fogle carried suggests – if genuine – that the CIA hoped to reel in a big fish.

Addressed ‘Dear friend’, it states: ‘We are ready to offer you $100,000 [£65,000] and discuss your experience, expertise and co-operation, and the payment may go much higher if you are ready to answer certain questions.

‘For long-term co-operation we offer $1million [£650,000] per year.’

The recruit is instructed to use an internet cafe to ‘create a new Gmail mailbox which you will use only for staying in touch with us’.

The incident is the biggest spy scandal since the arrest of glamorous agent Anna Chapman and nine other Russians in the US in 2010.

The FSB stated: ‘Recently, the US intelligence community has made repeated attempts to recruit employees of Russia’s law-enforcement bodies and special agencies.’

Many details remained shrouded in mystery last night. It is not known whether the target was part of the sting operation or if they have been arrested.

Russia’s haste to make the news public could mean either that the attempt was so audacious that it shocked leaders, or that hardliners have seized on it to stop a move towards detente with the US.

Yesterday Patty Fogle, the diplomat’s mother, refused to comment at her home in St Louis, Missouri.

Direct Link: http://www.dailymail.co.uk/news/article-2324861/Russias-CIA-spy-bust-linked-Boston-Bombing-U-S-diplomat-trying-recruit-Dagestan-expert-travelled-terrorist-s-home-town-arrested.html#ixzz2TRag1Ykv

US Navy Successfully Launches UAV From Aircraft Carrier!

Articles of Interest, National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, U.S. MARINES & Military Comments Off

May 162013

US Navy Successfully Launches UAV From Aircraft Carrier

Defense News
by AGENCE FRANCE-PRESSE
May 14, 2013

Northrop Grumman personnel conduct pre-operational tests May 13 on an X-47B Unmanned Combat Air System (UCAS) demonstrator on the flight deck of the aircraft carrier USS George H.W. Bush. On May 14, the ship became the first aircraft carrier to catapult launch an unmanned aircraft from its flight deck. / (MC3 Kevin J. Steinberg / US Navy via AFP)

WASHINGTON —

The US Navy successfully launched an unmanned plane off the deck of an aircraft carrier for the first time Tuesday in what officials called a breakthrough for robotic aviation.

The bat-winged X-47B drone took to the air after being launched by a catapult aboard the George H.W.Bush aircraft carrier off the coast of Virginia, a Navy spokeswoman said.

“I can confirm it was successfully launched at 11:18 a.m. (1518 GMT),” Navy Lt. Katie Cerezo told AFP.

The aircraft carried out several low approaches to the carrier before landing in Maryland at the US naval air station at Patuxent River after a 65-minute flight, the Navy said.

The test flight marked the first catapult launch of a robotic, unmanned plane from a carrier at sea, and Navy officers called it a “milestone.”

“This historic event challenges the paradigm of manned carrier landings that were first conducted more than 90 years ago,” Rear Adm. Mat Winter, who oversees unmanned aviation for the Navy, wrote on the service’s website.

The experimental aircraft, which looks like a smaller version of the B-2 stealth bomber, is supposed to clear the way for a new line of drones that would carry out bombing raids from a carrier.

The Air Force and Army already have a large fleet of robotic aircraft, but the Navy hopes to catch up with the X-47B, the unmanned Fire Scout helicopter and other drones that can stay in the air for hours to spy or attack an adversary.

The X-47B can reach an altitude of 40,000 feet with a range of about six hours or 2,100 nautical miles (3,900 kilometers), and has two weapons bays that can carry a payload of up to 4,500 pounds (2,040 kilograms).

With a much longer range than manned fighter jets, the robotic bomber could transform naval warfare in the same way drones have reshaped the battlefield on land.

Controlled by mouse click from a “mission operator” on the carrier, the aircraft has more autonomy than current robotic aircraft, according to Northrop Grumman, which manufactures the drone.

The plane flies a preprogrammed mission and the operator “does not actively ‘fly’ it via remote control as is the case for other unmanned systems currently in operation, “ according to a fact sheet from Northrop.

Rights groups have voiced concern over the advent of more autonomous combat aircraft that could allow robots to wage war semi-independently. Human Rights Watch has cited the X-47B in particular as a potentially alarming advance.

The group has called for a “pre-emptive prohibition” on fully autonomous robotic weapons, which it says would endanger civilians and violate the principles of international humanitarian law.

Direct Link: http://www.defensenews.com/article/20130514/DEFREG02/305140016/US-Navy-Successfully-Launches-UAV-From-Aircraft-Carrier

Hotel Lock Hack Still Being Used In Burglaries, Months After Lock Firm’s Fix

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Science & Related Space Technology, Social Media, Technology & Digital Security Comments Off

May 152013

Hotel Lock Hack Still Being Used In Burglaries, Months After Lock Firm’s Fix

FORBES
by Andy Greenberg
5/15/2013

Photos released by Arizona police of two suspects alleged to have robbed a 27-year-old girl’s hotel room using the Onity lock-hacking method at the Coast Hotel in Phoenix.

More than nine months after the hotel lock firm Onity announced a fix for a security flaw that allowed anyone to gain access to millions of hotel rooms in seconds, that lock-hacking technique seems to be thriving–and thieves are still using it to perform dozens of burglaries with hardly a trace.

The latest reports of criminals implementing the Onity lock hack come from Arizona, where police say that hotel rooms have been burglarized across the cities of Phoenix, Scottsdale, Tempe, and Mesa, with between six and nine robberies in each city. In every case, police and hotel staff believe that the burglars used a small device that can be inserted into a data port on the underside of hotel locks to read their memory, access a digital key, and trigger the locks’ opening mechanism in seconds. The targeted hotels include the Holiday Inn, Extended Stay, Quality Inn, Laquinta Inn, Red Roof Inn, Motel Six, Budget Inn, Courtyard By Marriot, and Comfort Inn, according to a Phoenix police spokeperson.

The video below shows two of the suspects entering the Coast Hotel in Phoenix and allegedly leaving with a 27-year old woman’s suitcases. Though the video footage doesn’t capture the accused thieves using the lock-hacking device to open the room’s door, police say that hotels found evidence in its lock’s memory that a device accessed the lock during the brief time when the men were in the building. That hacking device, which was first revealed by the security researcher and software developer Cody Brocious at the Black Hat security conference last year, can be built for less than $50, and spoofs the “portable programmer” used by hotel staff to change locks’ settings and open locks with depleted batteries.

Local police are offering a $1,000 reward for information about the suspects.

In cases at other hotels, thieves stole luggage, TVs, laptops, iPads, the gun and badge of a U.S. marshall, and the full uniform of an airline pilot, along with every other possession he’d left in the Tempe hotel room. “Since all my stuff was cleaned out, I thought I was in the wrong room,” pilot Ahmiel Fried told local news TV station ABC15, who first reported the break-ins. “[I was] not expecting everything to be gone.

Photos released by Arizona police of two other suspects believed to have used the hotel lock-hacking devices.

Phoenix police spokesperson Darren Burch says it’s still not clear how many people are exploiting the vulnerability in Onity’s locks to rob hotels, or even whether the Arizona burglaries were performed by a single group or by individuals working separately. But he warns that while he’s only aware of the Arizona thefts, it’s likely that the lock-hacking technique is being exploited across the country, and that it may be being used more often than it’s being reported. After all, Onity’s keycard locks protect more than four million rooms worldwide. “We’ve just learned about this locally, but it’s my understanding this is happening elsewhere,” Burch says. “This is just the tip of the iceberg.”

In November of last year I reported that the same vulnerability in Onity locks was used to break into a series of hotel rooms in Houston, Texas. In that case, police arrested and charged 27-year-old Matthew Allen Cook with theft. Cook, who still awaits trial, was identified when a stolen HP laptop ended up at a local pawnshop, whose staff helped to identify him.

An Onity lock and (inset) the circuit board Onity has offered to replace for a full reimbursement in many hotels’ doors.

This latest round of burglaries comes months after Onity became aware of its security issue and began working to fix it. In August, Onity announced it would be releasing temporary plugs to cover its locks data ports, and would follow up with a software update, albeit one that hotel customers themselves would have to pay for. But after the string of Texas break-ins, I obtained memos from Onity to Marriott, InterContinental Hotel Group, and Hyatt in which it agreed to reimburse those major chain hotels for a full circuit-board fix.

Given that some of the Arizona hotels are among the customers whose fixes Onity agreed to cover, it’s not clear how they’ve remained vulnerable. I’ve reached out to Onity for a response and will update this post if I hear from the company.

Onity’s troubles began in July, when Cody Brocious demonstrated to me in a series of New York hotels that his lock-opening trick could work. At the time, Brocious’ technique was unreliable, only opening one of the three hotel room doors we tested. But he soon released the method online, and hackers began to post YouTube videos of themselves adapting and improving the lock-opening device until it worked reliably and could fit into an iPhone case or even a dry-erase marker.

At the time, Brocious argued that his hacking trick was intended to demonstrate Onity’s security vulnerability and force the company to fix it–not to take advantage of the security flaw for criminal purposes. But nearly a year after he first showed me his trick, it’s transformed from a theoretical bug to a very real criminal technique. And unless Onity and its customer hotels take greater care to update their locks, there’s no end to the insecurity in sight.
Direct Link: http://www.forbes.com/sites/andygreenberg/2013/05/15/hotel-lock-hack-still-being-used-in-burglaries-months-after-lock-firms-fix/

Older Entries