Why the Government’s Cybersecurity Plan Will End in Catastrophe

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Nov 122012
 

Why the Government’s Cybersecurity Plan Will End in Catastrophe

 

Computer World
by Rob Enderle
October 19, 2012

 

 

CIO –

Last week Defense Secretary Leon E. Panetta presented his case for an invasive system to monitor the nation’s private systems in order to better identify and respond to cyber threats.

Panetta correctly points out that the likelihood of a 9/11 scale cyber attack is real-and if something isn’t done, large sections of the U.S. infrastructure could fail. He uses as an example the successful attack on ARAMCO, a Saudi Arabian state owned oil company, which wiped 30,000 computers, causing massive data loss and rendering them temporarily useless.

\

News: Future Cyber Attacks Could Rival 9-11, Cripple US, Warns PanettaGet the latest IT news and analysis from Constantine von Hoffman’s IT Security Hack blog

The proposed remedy is to provide the U.S. government with broad access to private systems so that malware can be quickly identified and removed and other national threats identified and stopped. The problem is that such access creates privacy issues and may itself be a bigger problem than the threat it attempts to eliminate. Not only is the requested change unlikely to happen any time soon, it may increase the potential for either a domestic or foreign cyber attack.

 

Central Network Eliminates Natural Protection

One hidden benefit in the fact that our systems often don’t share information well or have a common security structure is that attacks against infrastructure therefore have to be tightly targeted. This means an attack on one private or public system probably won’t even work on most others, since they run a variety of different security packages, operating systems and applications, all surrounded by different policies.

One of the reasons we haven’t yet had a repeat of 9/11-that is, an attack that reaches catastrophic levels-is because these systems just don’t interoperate very well or share information at a low level. The amount of work to carry out such an attack currently exceeds the resources of the attackers.

Create a central network where systems regularly and automatically share information in real time, though, and you also create a single point of access where such an attack can be perpetrated. You change an impossible problem into one that is just very difficult-and, given both public and private practices to put off spending on security until there is a credible threat or demonstrated damage, attacking this centralized system will likely get easier over time for an outside entity and may be too attractive for a properly placed disgruntled employee to pass up.

 

Commentary: Failure of Senate to Pass Cybersecurity Act Leaves Us All At RiskBlog: Security Pros Blast US Cybersecurity Laws

The government’s recent history with security is a case in point. The death of the U.S. Ambassador to Libya showcased a situation in which the risks were real, and known, yet protections were reduced. After the attack, the political system focused on finding someone to blame, not assuring that the problem wouldn’t recur.

In short, the very system Panetta is suggesting could be the key to causing the thing he is trying to avoid.

 

A Better Short-Term Cybersecurity Solution

I see several things the government could do instead.

  • Strengthen liability laws in order to fast-track the process for compensating companies that suffer damage caused by inadequate protection.
  • Assure that compensation came from the budgets of the government organizations whose systems were targeted, in a manner similar to the way insurance companies pay out settlements. This would force agencies to increase their security budgets and audit the results to ensure they aren’t too exposed.
  • Provide a common, required reporting method to report an identified attack along with a requirement for minimal legal coverage.

 

Analysis: How the U.S Can Avoid a ‘Cyber Cold War’

All this could all be done without connecting the systems or creating a central government body to access them. There would be little additional government cost and few, if any, privacy concerns for anyone not perpetrating or directly connected to an attack. In short, such a plan would promote a higher level of prevention through better-funded protection.

 

‘Cyber 9/11′ Will Only Be Followed By More, Worse Attacks

Panetta’s plan suggests that an attack is unavoidable. The problem with a method that almost assumes an attack will happen, or requires a successful attack in order to be implemented, is that it usually does more harm than good.

After 9/11, poorly planned responses crippled the airlines industry and nearly bankrupted the country-and the integration of government communication systems that could have prevented the event in the first place is still not complete.

The real concern is that we do, in fact, get hit with a 9/11 cyber attack, as the Department of Defense has anticipated, and that the response to the event either creates an even bigger financial or privacy problem or sets the stage for a much larger attack. None of these are mutually exclusive. Unfortunately, we need to anticipate such a dire outcome. If you are driven to interconnect your systems nationally, then doing it quickly, let alone at all, would be a very unwise idea.

 

Direct Link:  http://www.computerworld.com/s/article/9232604/Why_the_Government_39_s_Cybersecurity_Plan_Will_End_in_Catastrophe?taxonomyId=82

Future cyber attacks could rival 9-11, cripple US, warns Panetta

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Oct 222012
 

Future cyber attacks could rival 9-11, cripple US, warns Panetta

Defense Secretary laid out why the military should help defend critical infrastructure (see video below)

 

Computer World
by Matyn Williams
October 12, 2012

 

 

U.S. Secretary of Defense, Leon Panetta

 

IDG News Service -     The U.S. is facing a dramatically increasing threat from cyber attacks and a future attack on the country’s critical infrastructure could have an effect similar to the Sept. 11 terrorist attacks of 2001, the U.S. Secretary of Defense said Thursday evening.

Speaking at a meeting of the Business Executives for National Security (BENS) in New York, Leon Panetta called the Internet “the battlefield of the future” and spelled out what he believes the Department of Defense’s role should be in cyberspace.

The military’s role in securing the domestic Internet and working against attacks on commercial institutions has been controversial, although Panetta sought to get the assembled business leaders on his side by warning them of the danger a large-scale attack could have on their companies.

“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack on 9/11,” he said in the televised speech. “Such a destructive cyber terrorist attack could virtually paralyze the nation.” (See video of Panetta warning against future cyber attacks.)

Panetta acknowledged recent distributed denial of service (DDOS) attacks on U.S. financial institutions that disrupted their websites and expressed concern with the speed at which they hit, but said he was even more alarmed by a recent attack by malware dubbed “Shamoon” that hit oil company Saudi Aramco.

 

 

“Shamoon included a routine called a ‘wiper,’ coded to self-execute,” Panetta said. “This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional ‘garbage’ data that overwrote all the real data on the machine. More than 30,000 computers it infected were rendered useless, and had to be replaced. It virtually destroyed 30,000 computers.”

“All told, the Shamoon virus was probably the most destructive attack the private sector has seen to date,” he said. “Imagine the impact an attack like that would have on your company.”

Panetta told his audience the Department of Defense knows of specific instances where attackers have gained access to critical infrastructure systems and said such attacks could do great harm.

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” he said. “They could for example derail passenger trains, or even more dangerous trains loaded with lethal chemicals,” he said. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country. The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time in combination with a physical attack on our country.”

Such a scenario, said Panetta, would “paralyze and shock the nation” and be equivalent to a “cyber Pearl Harbor.” (See video of Panetta setting out the scenario.)

The Department of Defense has an interest in stirring up fear of online attacks — it wants to remain involved in cyber defense.

Over the last few years, the U.S. has developed the world’s most sophisticated system to detect and prevent cyber attacks, Panetta said. He then set out why he believes the Department should be involved in national cyber security.

Panetta first addressed one of the biggest issues surrounding increased military involvement with the Internet: the possibility that the Department of Defense would monitor personal e-mail and communications between U.S. citizens.

“That it not our goal, that is not our job, that is not our mission,” he said. “Our mission is to defend the nation. We defend. We defer. And if called upon, we take decisive action to protect our citizens. In the past we have done so through operations on land and at sea, in the sky and in space. In this century, the United States military must help defend the nation in cyberspace as well.” (See video of Panetta pledging not to monitor the communications of U.S. citizens.)

To do this, Panetta said the Department of Defense in investing more than US$3 billion per year in developing new capabilities to fight cyber attacks and said the U.S. has the capability to go on the offensive when required.

“If we detect an incoming attack that will cause significant physical destruction in the United States, or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president” Panetta said. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”

“Let me be clear, that we will only do so to defend our nation, to defend our interests, to defend our allies. And we will only do so in a manner that is consistent with the policy principles and legal frameworks that the department follows for other domains, including the law of armed conflict,” he said. (See video of Panetta’s remarks on when the military would get step in to defend the national Internet.)

As a result of the increased focus on cyber security by several government agencies, Panetta said the Department of Defense is in the final stages of revising its rules of engagement in cyberspace. The change is the largest in seven years and will spell out the duty of the military to defend its networks and also the nation should the U.S. come under major cyber attack.

Panetta closed with a call to his audience to share the responsibility to protect cyberspace.

“Ultimately, no one has a greater interest in cyber security than the business that depend on a safe, secure, and resilient global digital infrastructure,” he said. “To defend those networks more effectively, we must share information between the government and private sector.”

“We’ve made real progress in sharing information with the private sector, but very frankly, we need Congress to act to ensure that this sharing is timely and comprehensive. Companies should be able to share specific threat information with the government without the prospect of lawsuits hanging over their head. And a key principle must be to protect the fundamental liberties and privacy in cyberspace that we are all duty bound to uphold.”

 

Direct Link:  http://www.computerworld.com/s/article/9232317/Future_cyber_attacks_could_rival_9_11_cripple_US_warns_Panetta?taxonomyId=82&pageNumber=1

READ: NO JOKE! >>>> Internet will vanish Monday for 300,000 infected computers!

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  No Responses »
Jul 062012
 

Internet will vanish Monday for 300,000 infected computers

 

Users must wipe DNSChanger malware from PCs and Macs before 12:01 a.m. ET July 9

 

Computer World

By Gregg Keizer

July 6, 2012

 

 

Computerworld –

As many as 300,000 PCs and Macs will drop off the Internet in about 65 hours unless their owners heed last-minute calls to scrub their machines of malware.

According to a group of security experts formed to combat DNSChanger, between a quarter of a million and 300,000 computers, perhaps many more, were still infected as of July 2.

 

DNSChanger chart

The dns-ok.us website quickly tells users whether their PC or Mac is likely infected with DNSChanger.

 

DNSChanger hijacked users’ clicks by modifying their computers’ domain name system (DNS) settings to send URL requests to the criminals’ own servers, a tactic that shunted victims to hacker-created sites that resembled real domains.

At one point, as many as 4 million PCs and Macs were infected with the malware, which earned its makers $14 million, U.S. federal authorities have said.

Infected machines will lose their link to the Internet at 12:01 a.m. ET Monday, July 9, when replacement DNS servers go dark.

The servers, which have been maintained under a federal court order by Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software, were deployed last year after the Federal Bureau of Investigation (FBI) seized more than 100 command-and-control (C&C) systems during the take-down of the hacker gang responsible for DNSChanger.

The FBI’s “Operation Ghost Click” ended with arrests of six Estonian men — a seventh, a Russian, remains at large — the C&C seizures, and the substitution of the replacement servers. Without the substitutes, DNSChanger-infected systems would have been immediately knocked off the Internet.

Originally, the stand-in servers were to be turned off March 8, but a federal judge extended the deadline to July 9.

It’s not just consumer PCs and Macs — DNSChanger was equal-opportunity malware — that remain infected, but also corporate computers and systems at government agencies, said Tacoma, Wash.-based Internet Identity (IID), which has been monitoring cleanup efforts.

Last week, IID said that its scans showed 12% of Fortune 500 firms, or about one out of every eight, harbored DNSChanger-compromised computers or routers. And two out of 55 scanned U.S. government departments or agencies — or 3.6% — also had failed to scrub all their PCs and Macs.

The newest numbers were down from earlier scans by IID. In March, for example, the company pegged the Fortune 500 DNSChanger infection rate at 19% and the government agency rate at 9%.

In January, both groups’ rate was an amazing 50%.

But there are still tens of thousands of laggards who have not cleaned their computers, even after a months-long effort by the DNSChanger Working Group (DCWG), a volunteer organization of security professionals and companies.

“We’re all struggling with this,” said Rod Rasmussen, chief technology officer of IID and a member of the DCWG. “There are a lot of people who just haven’t gotten the word.”

The cleanup, Rasmussen said, has been the tough part of the DNSChanger takedown.

“There was a lot of planning done for the initial takedown, the arrests, the swapping of servers, but there wasn’t as much for after the take-down,” said Rasmussen. “How do we clean things up? Victim remediation is a challenge for our industry. Everyone wants to do it, but how do you pay for it?”

The DCWG worked extensively with ISPs (Internet service providers) to help them alert customers with infected computers — identified by their being shuttled through the replacement servers — and advise them on removing the malware. The group also reached out to enterprises, government agencies and other organizations to offer the same assistance.

At times, that worked.

“Some ISPs have been very draconian,” said Rasmussen, citing providers that repeatedly called, emailed or phoned members with infected computers. “Some worked hard at a fair amount of expense.”

Others instead prepared for the support calls they expect to field starting Monday when startled customers realize they can’t get online. “They’re staffing up for [Monday], they know that they’re going to get [a large number of calls].”

For those that have done nothing, Monday will be rough, Rasmussen predicted. “For some ISPs, this may be a real flap,” he said.

But the project was sometimes frustrating.

One company, which Rasmussen would not name, had cleaned all its machines of DNSChanger, but was repeatedly re-infected. Finally, the firm discovered that laptops connecting to its public Wi-Fi network were spreading the malware, and even narrowed the list of suspects to the media because the timing of the re-infections coincided with press events the corporation held on its campus.

Even so, the effort has been worthwhile, not simply to ameliorate the impact, but as a learning experience for future such takedowns, or of “sinkholing” botnets in general.

“What we need in the future is a real-time alerting capability,” said Rasmussen, and described a system that would immediately notify a user if his or her computer had been shunted to a substitute server. The idea was discussed by the DCWG, but never implemented because it would have required much more hardware and support than was available.

“Someone has to support this volunteer effort,” said Rasmussen, who didn’t have an answer for where that support, whether financial or other resources, would come from.

Two of the Internet biggest companies have also pitched with their own anti-DNSChanger campaigns.

In late May, Google began warning infected users with a bannered message at the top of the company’s search results page. Several days later, Facebook kicked off a similar alert for its members.

Users have access to several free tools that identify infected computers, including several that just debuted under the DCWG’s auspices. In the U.S., for example, users can steer to the dns-ok.us website. Other detection sites are listed on the DCWG’s domain.

The DCWG’s website also has links to free tools that remove the malware.

But perhaps the loss of the Web is the only wake-up call some users will hear, Rasmussen said.

A few in the DCWG lobbied to stick to the original March 8 deadline and against an extension, believing that only a “tough love” approach would work, said Rasmussen.

“Some people haven’t been paying attention to the messages,” he said. “It’s not a lot, but they’re very reticent to do anything.”

 

 

Direct Link:   http://www.computerworld.com/s/article/9228860/Internet_will_vanish_Monday_for_300_000_infected_computers