December 1, 2010

The WikiLeaks drama cuts deep into the divisions of our times

What’s the deepest threat that WikiLeaks poses?

As a reporter who’s covered tightly contested elections, I’ve learned that the trick to writing about races where outcomes aren’t clear is to really balance the story — even if it means calibrating it down to the weight of a hair. These stories are usually written amidst many conflicting passions — this makes writing trickier than ever.

The ensuing WikiLeaks drama is one of those stories where everyone, with bated breath, is just waiting for the coin to drop. The whistleblower site is loved and feared, challenged and yet fiercely protected. Even while Assange and WikiLeaks gatekeepers trumpet its invincibility, WikiLeaks’ main web host, Amazon, has pulled the plug on its services, leaving the site to flail after the release of its catastrophic diplomatic cables, reflecting a severe lack of confidence after the rash of hacks against its regular Swedish host, Bahnhof. My anonymous visitor wrote in response to a previous post, WikiLeaks v. Th3J35t3r, DOS attacks may not amount to much, but some temporary chaos will make a dent in the light that the site purports to shine:  “It’s not about whether Wikileaks can be taken down, but undermining confidence in the organization.”

The deepening drama about WikiLeaks’ depleting bank of trust is a story about growing rifts of our times. The website’s guards are increasingly on the defensive, lashing out on Twitter against mainstream media, governments, institutions, pushing themselves further out to the edge. As WikiLeaks prepares for the release of its Bank of America docs, and Corporate America grits its teeth, the deep and irreconcilable hurts in this country will only deepen. These divisions are possibly really the most abstract but most profound threats that WikiLeaks poses.

November 30, 2010

WikiLeaks and the growing China-U.S. rift

The WikiLeaks cables don’t bode well for official China-U.S. ties, which are delicately suspended at a particularly terse moment. Asian stocks fell for a third consecutive week with mounting tension on the Korean Peninsula, reported Bloomberg. With Beijing under pressure from Washington to rein in a North Korea that continues to carry out artillery drills after it attacked South Korea last week, it’s especially important that State officials try to smooth over the damage from the mini-diplomatic crisis that has ensued. Some snapshots of what was leaked.

  • China’s Politburo directed the Operation Aurora attacks against Google as “part of a coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government” with experience breaking into American computers since 2002,”  reports the New York Times.
  • China “declined to act on multiple U.S. requests that it stop shipments of ballistic-missile components from North Korea to Iran on commercial flights via the Beijing airport in 2007,” pointing to its role as “a procurement agent on behalf of Iranian entities,” reports the Wall Street Journal. Apparently Iran was trying to buy materials for missiles from Chinese companies.

Meanwhile the hacker scene, Julian Assange is sparking off his own mini diplomatic crisis with Chinese leakers. “It would be nice to have more Chinese speakers working with us in a dedicated way. But what they’d set up had no meaningful security. They have no reputation you can trust. It’s very easy and very dangerous to do it wrong,” he said in an interview with Forbes’ Andy Greenberg. Unlike State, alienating everyone seems to be Assange’s aim, and his acerbic comments are scarcely out of place with his public image.

November 29, 2010

WikiLeaks v. Th3J35t3r


The failed attempt of the hacker Th3J35t3r to take down Wikileaks before the release of 250,000 diplomatic cables highlighted the power of many parts.

When WikiLeaks tweeted that it was facing a “mass distributed denial of service attack” and gone offline temporarily, it turned to’s Elastic Cloud Computing service to get back online and survive the DOS attack, reports the Guardian. WikiLeaks can’t be easily hacked because its network infrastructure is so diffused and distributed, said one source.

WikiLeaks also gets huge ammo from the fact that it has a daisy chain of players that are replicating its files like a virus.  As one commentator on noted, “The documents are on BitTorrent too and copied a hundredfold elsewhere on the web so any DOS or DDOS will be, effectively, ineffective.”

Update on Dec. 1: Th3J35t3r was raided — by his local sheriff.

November 21, 2010

The U.S.-Chinese hi-tech meltdown

The latest report to Congress on how the exchange of technology with China affects national security sets the stage for a further freezing of ties between Chinese and American hi-tech firms.

A new United States-China Economic and Security Review Commission report to Congress speculates that the exchange of technology with China could pose an information security risk, setting the stage for the further freezing of ties between Chinese and American companies.

The report, released Friday, puts the spotlight on an April episode where China Telecom directed traffic through Chinese servers and another March incident where United States and Chilean Internet users were rerouted behind the Chinese firewall. The April glitch affected traffic from .mils and .govs, as well as those for Dell Inc., Yahoo! Inc., Microsoft Corp. and International Business Machines Corp. “Incidents of this nature could have a number of serious implications,” notes the report, adding that “This level of access could enable surveillance of specific users or sites.”

The report also called out the Chinese government for requiring foreign tech manufacturers to disclose cryptography information  on routers, firewall systems and intrusion detection systems bought by the Chinese government. This would allow the Chinese to gain access to encrypted traffic passing through these devices or allow them to copy the configuration of devices, exposing security techniques and intellectual property to Chinese competitors.

The report minced no words in calling these protectionist measures: “these issues present a trade barrier that, perhaps by design, advantages Chinese firms over foreign competition,” using the fact that “no foreign firms had submitted to the certification process as of June 2010″ to bolster its argument.

The report admits that, “Discerning trends in the cybersecurity environment remains difficult given the problem’s magnitude and other obstacles such as persistent underreporting of events.”

Because the exact magnitude of the cybersecurity threat that China presents can’t be ascertained, cyber is an easy political card in the international relations game. Amidst the currency debate and resulting mudslinging between the Chinese and U.S. government, the question of how large these threats really are can only cloud economic relations between the two nations in further mistrust.

November 20, 2010

Capitalizing on Stuxnet to get cash and mandates on the Hill

Is “Stuxnet” becoming a cliche in the cybersecurity echo-chamber on Capitol Hill?

Agencies and security industry capitalized on the Stuxnet threat in Congress this week in an attempt to push the passage of cybersecurity bills that would secure them the cash and mandates.

Stuxnet hit nuclear facilities in September this year, continues to make headlines as the first documented crossover cyber-to-concrete worm, but is fast becoming a cliche in the security echo-chamber on Capitol Hill.

In testimony before the Senate Committee on Homeland Security and Governmental Affairs, Sean McGurk, acting director of the Homeland Security’s National Cybersecurity and Communications Integration Center slipped in this self-conscious disclaimer — “to use a very overused term, it’s a game changer” — underscoring the cynicism that the rhetoric around the perils of Stuxnet is getting a little old.

Security experts know that in reality, SCADA threats — threats that target physical infrastructure and operating systems through networks — are anything but new. “Stuxnet, which targeted a specific type of infrastructure, was sophisticated, but not different from a lot of malware,”  Adam Meyers, director of cybersecurity intelligence at the government contractor and IT security provider, SRA International told me in a candid interview at the recent SC World Congress trade show, “There wasn’t anything that was game changing.”

“For some people, it was a game-changer,” Meyers said, adding, “I guess it’s all about perspective.”

While the rhetoric on the Hill heats up, the number of logged incidents of malicious cyber activity against the Pentagon has been actually projected to go down this year, for the first time in a decade.

Source: United States-China Economic and Security Review Commission

But navigating infosec is something akin to walking through a hall of mirrors: perspective is a rare commodity in an industry dominated by hype. Congress is unlikely to pass any cybersecurity legislation in the lame duck session, I reported on NextGov . That means that there’s more time for the Stuxnet rhetoric to bubble up further, and for more security companies to capitalize on the theater and try to get more goodies from Congress.

November 11, 2010

Signs of the growing information security bubble?

Is the pow-wow of private industry and political power in infosec circles an unsettling sign of a growing bubble — or signs of a maturing industry?

SC World Congress sponsors/Dawn Lim

New York City  — At the Sheraton Hotel at the SC World Congress trade show on a Wednesday night in Manhattan, over 500 security professionals sip on Chardonnays and pick off plates of coconut shrimp in a hall packed with at least 50 vendor booths with shiny freebies and glassbowls of company cards. In the background, Congresswoman Yvette Clarke (D-NY), who has taken cyber as her political battle cry on Congress, urges the crowd to to “reach out to federal counterparts to come up with innovative ways to protect the public sector.” She steps down from the podium,  while an aide stands by, armed with name cards to dish out to the line of fans and hopefuls that have gathered for a last handshake.

Professionals would seem to have every reason to toast to the blossoming security market, estimated to be worth an annual $80 billion to $140 billion worldwide, Reuters reports. As cybersecurity and electric grid reform in Congress falters, bogged down by the billion-dollar question on industry involvement, the solution the federal government has taken is to bring in more contractors while Congress attempts to unravel its knots. The amount of cash flowing in from government coffers from 2010 – 2015 into cyber issues is expected to reach $55 billion, according to Market Research Media’s latest forecast on the federal security market. Tech-security companies are “poised to become Wall Street darlings this year,” a USA Today article headlined “Cybersecurity stocks look hot in 2010.”

The pow-wow of private industry and political power in infosec circles is an unsettling sign of a growing bubble for some who are  finding it harder to woo clients in a crowded market. “This is all theater,” a sales representative for an infrastructure provider told me at the SC World Congress, while twirling a mini flashlight that he was giving out as freebie, “Before the recession you’d be able to schmooze at these trade shows, but now you can’t even call it schmoozing because the people they send are so junior.” He added that the grossly overpriced figure — $1.5 billion, or $43.50 per share — that Hewlett-Packard bought security and compliance management company ArcSight in late Oct. were tell-tale signs of a bubble. (ArcSight’s sales rep at the trade show did not want to comment on the acquisition.)

Reps from a large telcom equipment provider disagreed. That acquisition was just part of a string of big purchases that show that the security industry is consolidating and maturing, they said, rattling off major acquisitions that are  changing the U.S. market. Take for instance, Intel’s purchase of McAfee in the wake of Operation Aurora, Juniper Networks move to buy Ankeena Networks, and Cisco’s four acquisitions since May. Infosec suffered after the bubble burst in the early 2000s, but is  coming-of-age beautifully, they said.

Right now, there’s a risk that market saturation is making it difficult to distinguish the good from the mediocre, said a security consultant at a large defense contracting company, “But once a huge data breach happens — and it’s going to happen because the networks are so vulnerable — the government is going to have to come to its senses and be more selective. That’s when the bubble we’re seeing will burst.”

November 6, 2010

Smart phone malware threat to rise exponentially, creating a fertile market: Markus Jakobsson

This PayPal consultant-turned-entrepreneur is tapping into the virgin territory that is the antivirus mobile market.

Smart phones will be increasingly riddled with malware as they become more profitable terrain for planting viruses and their market penetration grows, said Markus Jakobsson, who works on‘s online security and malware strategy team.

Because there are few commercially available solutions for antivirus protection on smartphones, Jakobsson is tapping into the virgin territory with his $2 million, Mountain View, Calif.-based start-up, FatSkunk.

There will be more smart phones than windows desktops and laptops in the world and the U.S. in a couple of years, said Jakobsson in an informal interview with me after judging a security research competition at NYU-Poly’s Cybersecurity Awareness Week on Oct. 29. Once this happens, the severity and types of malware on smart phones will rise in the threat landscape.

“Give it one to two years,” he said, “all hell is going to break loose.”

Market researcher Nielsen has forecasted more smartphones than feature phones in the U.S. market by the end of 2011. In the fourth quarter of 2009, 21% of American wireless subscribers were using a smartphone, up from 19% in Q3 2009 and 14% at the end of 2008.

Unlike most computer-based antivirus software, which tend to guzzle up battery power because they are so computationally demanding, Jakobsson’s mobile antivirus software tries to minimize battery life by scanning phones only when necessary or suitable, say, “when you’re gonna toss a vote, do online corporate banking, or access a corporate network,” or when a phone is being charged.

By computing how much time it takes for free space in smart phones to be filled out, the device is able to find out whether there is a malware lurking in the memory of devices.

Jakobsson’s start-up is angel-funded and is seeking out its first round of venture capital. Continue reading

November 5, 2010

The Great American Wall

Walled out of the American market and facing an unwarranted level of government scrutiny, Chinese tech manufacturers are trying to play the all-American card.

Updated on Nov. 7, 5:30 p.m. EST,  with a breaking update on Huawei was dropped in deals with Sprint Nextel.

Lights on the Shanghai Bund

Shanghai Bund/Dawn Lim

New York City  — At ISC Solutions, an annual security hardware tradeshow held at the Jacobs Javits Center in New York from Nov. 3-4, Wendy Lin, the associate manager of Chinese technology manufacturer, David Link, combs the crowd for potential clients, armed with a stack of name cards.

David Link makes biometric readers and door access systems, products in high demand amidst a terrorist threat that has given rise to a ballooning security industry. But because David Link also has its main branch in Shenzhen and manufactures its products in China, its managers can only afford cautious optimism as they try to expand their U.S. presence.

“I spoke to a government contractor yesterday, and he expressed interest in our products,” she told me while manning David Link’s booth. Then he dropped the bomb. “His response? ‘If only you weren’t Chinese.'”

Walled out

Chinese technology manufacturers are being walled out of the U.S. market and facing an unwarranted level of political scrutiny, industry players and analysts say.

3 senators and one congressman wrote to the Federal Communications Commission on Oct. 19, arguing that the presence of Chinese telecommunications equipment provider Huawei Technologies Co. in the U .S. would “pose a real threat to our national security” if it secretly installed back doors in the exported equipment that would give the Chinese government access to the American telecommunications to carry out espionage and cyberattacks.

Together with the second largest telco equipment vendor, ZTE Corp., Huawei has been courting Cricket Communications Inc. and Sprint Nextel, the third-largest wireless carrier in the U.S. for a piece of the pie from its imminent multibillion-dollar network upgrade. Huawei, which reported sales of more than $2.3 billion in 2009, recently partnered with T-Mobile to launch the world’s first Android-based prepaid phone, but its North American footprint remains small.

Although 75 percent of Huawei’s orders came from outside China in 2008, analysts say that the share from U.S. orders is less than  5 percent, because of the regulatory barriers the company has faced entering the country.

“We are very concerned that these companies are being financed by the Chinese government and are potentially subject to significant influence by the Chinese military,” wrote Rep. Sue Myrick (R-N.C.), Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Jon Kyl (R-AZ), adding that the company’s presence would “create an opportunity for manipulation of switches, routers, or software embedded in American telecommunications network so that communications can be disrupted, intercepted, tampered with, or purposely misrouted.”

Continue reading

November 5, 2010

White Noise: The Jeff Moss retweet

Jeff Moss, or “The Dark Tangent,” the founder of Def Con and Black Hat, tweeted my recent hacker piece.

November 2, 2010

Research project to trace anomalies in BlackBerry traffic

Rim Check, an application that tracks patterns in how BlackBerry Web movements are rerouted, was launched after rumors that the developer Research In Motion forged back-door data-sharing deals with India and UAE.

CANADA — Pro-privacy technologist groups launched a research project on Oct. 21 to track Internet traffic exiting the BlackBerry network worldwide, amidst widespread speculation that Canadian BlackBerry developer Research In Motion granted foreign governments access to encrypted messaging and web data.

Rim Check, a project to trace patterns in how Internet movements are rerouted was started after RIM’s negotiations with state officials in the United Arab Emirates, India and Saudi Arabia came to an unexpected breakthrough this summer — even after these governments had raised a stink about the “terrorist threats” these encrypted devices posed.

There is a “need to monitor the activities of private sector actors that own and operate cyberspace, particularly as they come under increasing pressure to cooperate with governments on national surveillance and censorship laws, policies, and requests,” said a statement released by the groups involved, Citizen Lab at the University of Toronto’s Munk School of Global affairs and the think-tank Information Warfare Monitor.

BlackBerry users that go to RIM Check’s website will get their I.P. addresses — signals that relay data across the Internet — and user agents — applications that initiate requests to servers or routers, tracked. The technologists behind the project will look for patterns and anomalies in the traffic being rerouted and see if it corresponds to where users are from.

RIM has been coy about the details of the agreements that it reached with state authorities. Although the additional scrutiny may not mode well for RIM, which was eaten out by Google’s Android platform and Apple iOS in its third quarter results, according to research from Canalys and the NPD Group, its investors are defiantly confident. RIM stocks have risen exponentially over the past week, and is at its highest point in three months.

Source: Reuters

Hat tip: Collin Anderson, via Stanford’s Liberation Tech mailing list


Get every new post delivered to your Inbox.