|
Sign-up here for the weekly Infowar Monitor Mailing List (IMML) service:
|
|  |
Ronald Deibert and Rafal Rohozinski: Recently, the Canadian envoy to Iran was called in and admonished by Iranian officials for contributing to the destabilitization of the regime because of support for social networking tools, like Twitter and Facebook. The envoy must have scratched his head in puzzlement.
|
Posted by: gregw on Tuesday, June 30, 2009 - 03:07 PM
Read more... (6677 bytes more) comments?  
|
|
WSJ Opinion: In a Monty Python skit from 1970, the Vercotti brothers, wearing Mafia suits and dark glasses, approach a colonel in a British military barracks. "You've got a nice army base here, Colonel," says Luigi Vercotti. "We wouldn't want anything to happen to it." Dino explains, "My brother and I have got a little proposition for you, Colonel," and Luigi elaborates, "We can guarantee you that not a single armored division will get done over for 15 bob a week."
|
Posted by: gregw on Monday, June 29, 2009 - 05:32 AM
Read more... (4725 bytes more) comments?
|
|
o John Naughton: Last Wednesday, the American secretary of defence, Robert Gates, announced the US was finally getting its act together on cyberwarfare. After a couple of false starts and a good deal of bureaucratic infighting, the Pentagon is setting up a unified US Cyber Command to oversee protection of military networks against cyber threats. It will be called USCybercom and will be led by the director of the National Security Agency, Lt Gen Keith Alexander.
|
Posted by: gregw on Sunday, June 28, 2009 - 08:16 AM
Read more... (3943 bytes more) comments?
|
|
By SHAYA TAYEFE MOHAJER The Associated Press: A sharp clampdown by Iranian authorities may have quelled street protests, but the fight goes on in cyberspace.
Groups of "hacktivists" — Web hackers demanding Internet freedom — say they are targeting Web pages of Iran's leadership in response to the regime's muzzling of blogs, news outlets and other sites.
|
Posted by: gregw on Sunday, June 28, 2009 - 08:06 AM
Read more... (4088 bytes more) comments?
|
|
Posted by George Smith on Global Security: Today, a collection of items having to do with the tradition of blaming China and its mighty but hard-to-see cyberwarriors. As stories on our nation's cybersecurity strategy and the military's plans for a cyberforce unfold, you'll continue to see a lot of this.
George Smith also blogs here.
|
Posted by: gregw on Sunday, June 28, 2009 - 07:59 AM
Read more... (11070 bytes more) comments?
|
|
By JOHN MARKOFF and ANDREW E. KRAMER, NYT: The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet.
Both nations agree that cyberspace is an emerging battleground. The two sides are expected to address the subject when President Obama visits Russia next week and at the General Assembly of the United Nations in November, according to a senior State Department official.
But there the agreement ends.
|
Posted by: gregw on Saturday, June 27, 2009 - 02:40 PM
Read more... (7926 bytes more) comments?
|
|
By Michel Comte – OTTAWA (AFP) — Software developed by a Canadian lab to circumvent online censorship has been downloaded by more than 18,000 Iranians in the last 10 days, says its developer Rafal Rohozinski.
|
Posted by: gregw on Saturday, June 27, 2009 - 04:17 AM
Read more... (3597 bytes more) comments?
|
|
The Infowar Monitor first briefed ONI Asia partners on the NokiaSiemens' system in June 2008. The file has been open since that time. We began providing analysts and selected journalists with off-the-record, background briefings the day after the Iran elections. We fed the limited information we have into Psiphon Red Team gaming as soon as we began to propogate our Right2Know nodes in public channels - such as Twitter and Facebook. As the story unfolds, we felt it might be helpful to analysts for us to share what background information we have that's already in the public domain.
Firstly, we were made aware of the case by a New Scientist journalist, Laura Margottini, who wanted us to verify and comment on the systems sold to Iran.
If you're a NS subscriber you can read her report here: Surveillance made easy (20 August 2008)[...]Now German electronics company Siemens has gone a step further,
developing a complete "surveillance in a box" system called the Intelligence Platform, designed for security services in Europe and the Middle and Far East. It has already sold the system to 60 countries.
According to a document obtained by New Scientist, the system integrates tasks typically done by separate surveillance teams or machines, pooling data from sources such as telephone calls, email and internet activity, bank transactions and insurance records. It then
sorts through this mountain of information using software that Siemens dubs "intelligence modules".
This software is trained on a large number of sample documents to pick out items such as names, phone numbers and places from generic text. This means it can spot names or numbers that crop up alongside anyone
already of interest to the authorities, and then catalogue any documents that contain such associates.
Once a person is being monitored, pattern-recognition software first identifies their typical behaviour, such as repeated calls to certain numbers over a period of a few months. The software can then identify any deviations from the norm and flag up unusual activities, such as
transactions with an exotic bank, or contact with someone who is also under surveillance, so that analysts can take a closer look.
Included within the package is a phone call "monitoring center", developed by the joint venture Nokia Siemens.
However, it is far from clear whether the technology will prove accurate. Security experts warn that data-fusion technologies tend to produce a huge number of false positives, flagging up perfectly innocent people as suspicious.
"Combining two different sources of data has the tendency to increase your false positive rate or your false negative rate," says Ross
Anderson, a computer security engineer at the University of Cambridge.
"If you're looking for burglars in a run-down district where 50 per cent of men have a criminal conviction, you may find plenty. But if you're trying to find terrorists among airline passengers - where they
are extremely rare then almost all your hits will be false."
Computer security expert Bruce Schneier agrees. "Currently there are
no good patterns available to recognise terrorists, so it's unlikely that those employed by Siemens are any good."
Whatever the level of accuracy, human rights advocates are concerned that the system could give surveillance-hungry repressive regimes a ready-made means of monitoring their citizens. Carole Samdup of the
organisation Rights and Democracy in Montreal, Canada, says the system bears a strong resemblance to the Chinese government's "Golden Shield"
concept, a massive surveillance network encompassing internet and email monitoring as well as speech and facial-recognition technologies and closed-circuit TV.
In 2001, Rights and Democracy raised concerns about the potential for governments to integrate huge information databases with real time analysis to track the activities of individuals. "Now in 2008 these
very characteristics are presented as value-added selling points in the company advertisement of its product," Samdup says.
In June, the EU-funded PRISE consortium of security technology and
human-rights experts, including Ian Brown of the Oxford Internet Institute at the University of Oxford, submitted a report to the European Commission asking for a moratorium on the development of
data-fusion technologies, referring explicitly to the Siemens Intelligence Platform. "The efficiency and reliability of such tools is as yet unknown," says the report. "More surveillance does not necessarily lead to a higher level of societal security. Hence there
must be a thorough examination of whether the resulting massive constraints on human rights are proportionate and justified."
The company said 90 of the systems are already being used around the world, although it did not specify which countries are using it. "In all countries where we operate we do business according to the Nokia Siemens Networks standard code of conduct, based on UN & EU
recommendations," they say.
Samdup argues that such systems should fall under government controls that are imposed on "dual-use" goods - systems that could be used both
for civil and military purposes. Security technologies usually escape these controls. For example, the European regulation on the export and
transfer of dual-use technology does not include surveillance and intelligence technologies on the list of items that must be checked and authorised before they are exported to certain countries.
The problem is that surveillance technologies have developed so rapidly that they have outpaced developments in export controls, says
Samdup. "In many cases politicians, policy-makers and human-rights organizations lack the technical expertise to adequately assess the impact that such technology could have when it is exported to repressive regimes."
So what's our source for this? Well, for now we would refer you to Quintessenz in Austria. These privacy researchers were referred to us by our friends at Privacy International. You'll find a wealth of information there, including leaked documents from Nokia Siemens describing the capabilities of their system(s) and others like it being deployed around the world: IT and telco surveillance equipment - data sheets and presentations
A collection of network monitoring and datamining suites made by Nokia Siemens, Ericsson, Verint and others. All systems are compliant to ETSI and CALEA "lawful interception" standards, the vendors themselves are involved in the standardization. While the official name of the game is still "lawful interception" the newer suites also perform "high speed government surveillance". From Iran to China they are ab/used to track down the democratic opposition, dissidents, ethnic and religious minorities. The vendors are mostly European and US companies.
|
Posted by: gregw on Friday, June 26, 2009 - 07:17 PM
Read more... (3322 bytes more) comments?
|
|
Britain is to build new defences against a "cyber cold war" being launched from China and Russia amid fears that hackers could gain the technology to shut down the computer systems that control Britain's power stations, water companies, air traffic, government and financial markets.
By Duncan Gardham, Telegraph's Security Correspondent
[...]
In March researchers uncovered an electronic spy ring called GhostNet based in China, which searches computers for information, taps into emails and turns on web cameras and microphones.
It is said to have infected "high value targets" in 103 countries.
|
Posted by: gregw on Friday, June 26, 2009 - 04:59 PM
Read more... (3871 bytes more) comments?
|
|
BBC: In Iran, there's a monumental battle going on in cyberspace at the moment between the censors of information and citizens who want to know what's going on.
Just like in Burma in 2007 and in China earlier this year, the authorities in Iran are blocking full access to the internet and sites like YouTube. In Iran, at the moment, the internet is functioning but limited with some sites blocked.
|
Posted by: gregw on Friday, June 26, 2009 - 04:18 PM
Read more... (1209 bytes more) comments?
|
|
UK prepares for Cyberwar, 'has cyber attack capability' [BBC]
Cabinet Office: As the UK’s dependence on cyber space grows, so the security of cyber space becomes ever more critical to the health of the nation. Cyber space cuts across almost all of the threats and drivers outlined in the National Security Strategy: it affects us all, it reaches across international borders, it is largely anonymous, and the technology that underpins its continues to develop at a rapid pace.
This is why the Government is publishing, alongside the first annual update of the National Security Strategy, the first Cyber Security Strategy of the United Kingdom.
The Cyber Security Strategy recognises the challenges of cyber security and the need to address them. It stresses that the UK needs a coherent approach to cyber security, and one in which Government, organisations across all sectors, the public, and international partners all have a part to play. The Strategy outlines the Government’s approach - it establishes two new organisations that the UK needs in order to weave together new and existing work to make cyber space a safe, secure and resilient place where we can live and work in confidence.
* The Cyber Security Strategy [PDF, 1.6MB]
BBC: "The UK has the ability to launch cyber attacks but does not use it for industrial espionage like some other countries, minister Lord West has said."
[...]
He told BBC Radio 4's PM programme the UK faced coordinated cyber attacks "on a regular basis" from other countries including Russia and China.And he confirmed that the British government had approached the Russian and Chinese governments to ask them to stop the attacks. "We have had a dialogue with them in the past and I wouldn't want to go into what goes on in terms of debate at the moment," he told the BBC.
[...]
Launching the strategy earlier Lord West, who has been appointed as the UK's first cyber security minister, said the government had recruited a team of former hackers for its new Cyber Security Operations Centre, based at the government's secret listening post GCHQ, in Cheltenham, to help it fight back.
[...]
They had not employed any "ultra, ultra criminals" but needed the expertise of former "naughty boys", he added.
"You need youngsters who are deep into this stuff... If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys," he said.
He also confirmed that the government had developed the capability to strike back at cyber attacks, although he declined to say whether it had ever been used.
[...]
"It would be silly to say that we don't have any capability to do offensive work from Cheltenham, and I don't think I should say any more than that."
[...]
Lib Dem home affairs spokesman Tom Brake said: "This new cyber security strategy could lead to an extension of the government's invasive counter-terrorism powers which already pose significant threats to our civil liberties.
"The cyber security strategy uses broad, undefined terms that risk creating panic among the public and a demand for further government powers. We must not retreat into a Cold War mentality."
He demanded reassurances from Home Office minister John Hanson that the new unit, which will start work in September and be paid for out of existing budgets, will not be used to spy on ordinary people's internet use.
Mr Hanson said a special ethics panel would be set up to monitor the new unit and the government would work with civil liberties groups, although he declined to say which ones.
[...]
Tom Watson, until earlier this month a Cabinet Office minister in charge of digital engagement, said the opposition were missing the point: "There is state-sponsored hacking of key UK information networks on an industrial scale and we have to transform GCHQ into a spy school for geeks who are more cunning than their Chinese counterparts."
|
Posted by: gregw on Friday, June 26, 2009 - 02:17 PM
comments?
|
|
by zikipediq: China, Myannmar, Iran: surfing in these countries can be dangerous for political opponents. Psiphon software, developed by a Canadian university, can evade the censors of the Internet in non-democratic countries.
This is a recurrent question of Internet users in China: how to circumvent the Great Firewall , the censorship on the Net erected by the Chinese authorities. They may now acquire Psiphon. This software allowing to evade the Net censors, was developed by the Citizen Lab at the University of Toronto in association with the Universities of Cambridge and Oxford, and Harvard University.
Ron Deibert, creator of the system, decrypts how it works:
|
Posted by: gregw on Friday, June 26, 2009 - 12:12 PM
Read more... (1800 bytes more) comments?
|
|
CTV.ca News Staff: A flood of uncensored news and information is being made available to the people of Iran thanks to Canadian technology, and the authorities in Tehran are furious about it.
[...]
Iranian authorities have been so alarmed they called in Canadian diplomats to express their displeasure at how Canadian technology might be helping to destabilize Iran.
At that Rohozinski chuckled "I can only imagine how confused Canadian diplomats might be in hearing that Psiphon might be fermenting insurrection. "
Psiphon software was designated one of the "Best and Brightest Ideas of 2008" by Esquire Magazine, and was the winner of the 2008 Netxplorateur Award at the French Senate. [...]
CTV News: "Fighting the Firewall: Canadian Company Has Role In Iranian Unrest"
TV interview with Psiphon CEO Rafal Rohozinski
|
Posted by: gregw on Friday, June 26, 2009 - 11:55 AM
Read more... (2873 bytes more) comments?
|
|
Laurie Burkitt and Andy Greenberg: In the wake of the disputed Iranian election, American Internet companies including Facebook and Twitter have given Iranians an avenue to voice their opinions and to break through the wall of censorship their embattled government has built around the country's traditional media. Now those companies --or others aspiring to help--may be given a boost from Uncle Sam.
|
Posted by: gregw on Thursday, June 25, 2009 - 01:35 PM
Read more... (5744 bytes more) comments?
|
|
Ex-cyber security official says attacks difficult to defend
By Jordana Huber: Cyber attacks have become increasingly sophisticated and targeted, and their threat is underestimated, according to a former top U.S. cyber-security official.
"These are not hypothetical teenage hackers from New Hampshire," said Amit Yoran, former director of the U.S. Department of Homeland Security's national cyber-security division. "This is a very real threat environment, where nation-state actors are actively engaged, where non-nation-state actors, and where organized crime is actively engaged."
[....]
"They are more about shaping the realm of ideas to their strategic advantage," Deibert said. "That means, for example, disabling access to opposition websites or bringing down sources of information that are critical or engaging in targeted surveillance of the type we found in GhostNet."
|
Posted by: gregw on Thursday, June 25, 2009 - 01:26 PM
Read more... (3033 bytes more) comments?
|
|
| |
A joint report from IWMP and ONI Asia reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype.
|
Includes chapters by Rafal Rohozinski and Ronald J. Deibert, and is available from Amazon.com.
|
|
