Fascinating, well- researched and targeted - what more do you need in a scholarly paper asking that age old interrogatory: Are Cyber-Weapons Effective? Via Ivanka Barzashka and published by the Royal United Services Institute for Defence & Security Studies [RUSI]. Deemed today's must read commentary. Enjoy.
Security Bloggers Network
ICANN blog
TeamSHATTER
Cryptography News
Ms. Smith
SANS Internet Storm Center, InfoCON: green
May 2013
Search
2013.05.16
2013.05.10
2013.05.02
US Retail Banks, Federal Information Security Dust Up
Reports indicae, commercial banking institutions in the United States are peeved with the federal response to data security related attacks (evidence fingers Iranian sources for the specific attacks under scrutiny)...
2013.05.01
Taiwanese NSB: PRC Cyberattacks Target Private Sector
Evidently, Taiwan is publicly calling out the Peoples' Republic of China, in reference to the Chinese Communists' targeted cyber attacks on the private sector infrastructure within the island nation.
via FocusTaiwan's Wen Kuei-hsiang and Elizabeth Hsu, the Taiwanese National Security Bureau (NSB) claims PRC PLA electronic warfare groups have temporarily modified their attack targets from government intrusions to private sector institutions within the only truly Chinese democratic society. Astounding.
Maskirovka
Well crafted and researched thought piece via CSO's J eff Bardin, detailing Maskirovka [Маскировка] [also known as deception utilized as a military stratagem]. The post focuses on scenarios with certain, not necessarily quantifiable, linkage to current events in Massachusetts. Read Mr. Bardin's post and you will be intrigued.
2013.04.26
2013.04.25
Was Aurora Really Counter-Intel?
The lastest scuttlebutt points to the recent, so-called 'Aurora' electronic network attacks as counter-intelligence . Really? You be the judge.
2013.04.01
NASA DBMS External Connectivity Terminated, PRC National Arrested
Reportedly, evidence, detailing intrusions into a United States National Aeronautics and Space Administration [NASA] database management system has forced the Agency to subsequently terminate external connectivity to the system, pending a thorough investigation.
Apparently, a PRC national - Bo Jiang - was arrested by Federal Bureau of Investigation Special Agents, after boarding a plane to Beijing at Dulles International Airport. Jiang had ben working as a contractor at NASA’s Langley Research Center; additional information regarding the arrest of the Chinese national points to false statements, possession of specific items [laptop, external storage devices], et cetera. Statements regarding previous exfiltration of data have been made, regarding this individual's past, perhaps leading to this arrest.
2013.03.26
Seoul, Searching
An all-to-brief screed, via the IEEE's Spectrum Magainze elucidating the almost complete lack of positive source identification vectoring the attacks on South Korea (other than the local, infected computational devices). Astounding.
2013.03.21
NATO's CCD COE Publishes Tallinn Cyber War Manual
The NATO Cooperative Cyber Defence Centre of Excellence headquartered at Tallinn, Estonia, has published the final edition of the Tallinn Manual on International Law Applicable to Cyber Warfare. Essentially, the Manual enumerates 95 high priority rule sets, targeting conflict governance in the prosecution of any particular 'cyberwar' scenario.
2013.03.14
DOD, New Teams... Really?
Hard to believe team construction hasn't been going on since day-one, noting the Commands' highly motivated and deeply experienced leadership... Notwithstanding the source [I read it in The Washington Post]... Apparently, the Department of Defense Cyber Command is creating new teams to target [offensively] electronic computational attacks.
2013.03.12
BigData Two-Step
Failures in big data land just keep piling up... Flawed analysis - when brought to bear on large scale data collection activities, and the resultant artifact monikered 'Big Data' - is fundamentally as damaging as electonic warfare intrusions into those same systems. Not what we should expect to see. Read it and weep.
2013.03.05
Stuxnet Variant Predates Latest Release by 60 Months
News, via Wired's irrepressible Kim Zetter, details the latest discovery relative to Stuxnet. Evidence uncovered by researchers show a recently unearthed variant predates the current release by five years. Absolutely outstanding reportage, and deemed today's' Must Read, especially if you are in the SCADA and ICS realms.
'The new variant was designed for a different kind of attack against centrifuges used in Iran’s uranium enrichment program than later versions that were released, according to Symantec, the U.S-based computer security firm that reverse-engineered Stuxnet in 2010 and also found the latest variant.' - Wired's Kim Zetter
2013.03.01
DARPA, Targeted-Attack-alyzer
Ah, the old Targeted Attack Analyzer coupled with the Cone of Silence ploy, eh DARPA? After examining the requirements of this program, - Our advice: Just call up that crazy gang over at Facebook, Inc. (NasdaqGS: FB).
2013.02.27
In 'Cyberspace' No One Can Hear You Drop The Ball...
News, via the New York Times' David E. Sanger, focusing on evidence of the current political will to engage PRC's PLA cyberwar units has come to light, as it were. Politicians, who grow a pair, after the fact, never cease to astonish even the jaded amongst us...
2013.02.26
ISACA, APT, ETC
In an absolutely outstanding piece, detailing an ISACA survey's interesting connections to the latest news of PRC infiltration via APT artifacts, Steve Ragan [via InfosecIsland] leads us on a tour de force targeting those same vectored threat. Today's Must Read.
Image via Larry Zeltser
2013.02.21
Sandia Supercomputers Modelling Cyberweapons
Along with the news of the inauguration of the Cybersecurity Engineering Research Laboratory at Sandia National Laboratories in the Great State of New Mexico, comes this astonishing bit: The Labs are executing modelling activities targeting newly developed 'Cyberweapons' on the Laboratory's supercomputer instances, in situ. Phenomenal.
"Sandia’s cyber R&D capabilities are rooted in our [nuclear weapons] mission, and specifically weapons use-control engineering and adversarial threat assessment,” said Ben Cook, a senior manager for Sandia’s research and development science and engineering group..." - Nextgov.com's Aliya Sternstein
2013.02.20
Fingered, Unit 61398
via the latest Mandiant investigative artifact - 'APT: Exposing One of China's Cyber Espionage Units' - comes the tale of Unit 61398, in which, apparently, all APT nodes lead to Shanghai, People's Republic of China... In a counterpoint rebuttal to Mandiants' APT report, Jeffrey Carr has published an interesting rebuttal targeting the accuracy of the reportage contained in the document: 'Mandiant APT1 Report Has Critical Analytic Flaws'.
2013.02.19
2013.02.15
Suspicion, less
Bad Ideas Designed In D.C.
Yes, that's right, the Department of Homeland Security has affirmed the Department's right to initiate warrantless searches of electronic devices anywhere within the so-called Fourth Amendment Free Zone [100 miles or 160.93 kilometers of an international border adjascent to any United States Possession, Territory, Protectorate or State.] [in, and of, itself, impetus to set B. Franklin, J. Adams, and T. Jefferson et al., spinning in their graves...].
Gobsmacked.
2013.02.04
2013.01.30
2013.01.27
2013.01.21
USAF GEN Shelton, Iran Fingered
The General's downplaying og the Islamic Republic of Iran's current electronic warfare capability appears on the surface, to be rather disingenuous...
2013.01.14
Attribution, Lack of
Meanwhile, in flawed intelligence analysis news (now promoted by elected officials) the latest 'Iranian State Sponsored Financial Institution Attacks' attribution statements lack both clarity and firm evidential artifacts. Kudos to InformationWeek's' Mathew J. Schwartz for making the appalling flaws clear.
Notwithstanding the reported lack of evidence, the reality of the overt linkage between and betwixt the Iranian national defense infrastructure (e.g., the IRIA, Gendarmerie, IRGC, Oghab 2, Quds Force, and the Army of the Guardians of the Islamic Revolution, etc.) and external-to-the-government hacker collectives is is just that - overt, rather than covert.
The smoking gun, as it were, will likely target those Iranian nationals [rather than the theocratic State]; but again, predicated on conjecture, rather than evidentiary proof.
Whilst a multitude of electronic acts of warfare can be sourced to the Islamic Republic of Iran or the nations-states' thralls, the current activities cannot yet be attributed with finality of judgment. The key concept here is evidence leading to a reasoned and prudent understanding of attribution within the scope of information security and electronic warfare realms, specifically focused on the attacks under scrutiny.
Senior Bletchley Park Codebreaker Named MBE
Outstanding news, of the appointment of Captain Jerry Roberts, [RET] MBE, a senior cryptographer, resident at Bletchley Park during World War II, to a Member of the Order of the British Empire [MBE] , pursuant to services rendered to Bletchley Park and to codebreaking.
2013.01.11
Open Source Armor
News, of Defense Advanced Research Projects Agency funded and promoted Open Source focused armament manufacture and improvement wares is making the rounds. Monikered META, built in part by research assets at Vanderbilt University and the CPS-VO, and today's Must Read. Is this the future of warfare related conceptualization, design and ultimately, manufacture?
2013.01.08
2013.01.03
Bellator, Mutantem
Future Soldiers/Marines/Airmen/Sailors in possession of mutant powers... Sound far-fetched? Military human enhancements are on the near horizon, ranging from robotic device implantation, movement-by-thought technologies currently underway to prosthetics and human genome manipulation, the future is evidently, overtaking us.
