“China denied accusations by two U.S. lawmakers that it hacked into congressional computers, saying Thursday that as a developing country it wasn’t capable of sophisticated cybercrime.” [Link--->]

Neat little essay snagged via Slashdot.  Wargames and Sneakers still stand as two of my favorite films about computer security.

I thought that WarGames also merited mentioning (in addition to it being a terrific film) because of the reaction that it engendered upon its release. With its depiction of teens hacking into school systems to change their own grades, and then breaking into military-grade mainframes and coming a hair’s-breadth from nuking the whole planet, WarGames initiated unusual paranoia in the mainstream press about the power of computers. I remember one CBS Evening News report at the time that seriously questioned whether parents should allow their children to access the outside world via their personal computers at home. A magazine article suggested that computer modems be “locked up” just like firearms, to keep them out of the reach of teenagers. I even heard one pundit proclaim that there was no need for regular people to be able to log in to a remote system: that if you need to access your bank account, a friendly teller was just a short drive away. [Link--->]

Good article at Wired, but even more entertaining discussion that follows it:

While most government agencies are struggling to keep their computers out of the latest Russian botnets, Col. Charles W. Williamson III is proposing that the Air Force build its own zombie network, so it can launch distributed denial of service attacks on foreign enemies.

In the most lunatic idea to come out of the military since the gay bomb, Williamson writes in the Armed Force Journal that the Air Force should deliberately install DDoS code on its unclassified computers, as well as civilian government machines. He even wants to rescue old machines from the junk bin to enlist in the .mil botnet army. [Link--->]

Great regarding a briefing the FBI gave on counterfeit Cisco equipment being sold to U.S. companies and government agencies.

Link—>

So Chertoff is speaking at the RSA conference and we’re getting more play regarding a Cyber Manhattan Project.  This idea is anything but new.  In 1997, Winn Schwartau established a groundswell on the same issue but couldn’t secure adequate government support despite having pulled together some of the top minds in the industry.  Several years ago, Richard Clarke (while still at the White House) asked several of us to do the same thing again, resulting in the Cyberconflict Studies Association (which is not rolling in government grants for our important research).  It is hard to get excited over the words being thrown around again given the lack of support for other initiatives.

The federal government has launched a cyber security “Manhattan Project,” U.S. homeland security secretary Michael Chertoff said Tuesday, because online attacks can be a form of “devastating warfare”, and equivalent in damage to “physical destruction of the worst kind.”

Speaking to hundreds of security professionals at the RSA security conference, Chertoff cited last year’s denial-of-service attacks against Estonia, and hypothetical hack attacks on financial networks and air traffic control systems, as proof that a federal strategy was needed. [Link --->]

Some interesting factoids coming out of the hearings held last week on multiplayer games/virtual worlds like Second Life.  The most insightful (in my perspective) having to do with the amount of money that flows out of SL:

To prevent money laundering or financial crimes, Second Life polices the financial activity of its members, and scrutinizes any withdrawals over $10, Rosedale said.

“We believe that the degree of scrutiny that is created by [policing methods] is quite rich and the pattern recognition of non-standard behavior … is easy enough to spot,” according to Rosedale. (Link —>)

Rosedale also goes on to state that the average withdrawal from SL is $1.00 USD.  Yes, that decimal point is in the right place. Obviously, SL isn’t going to be that attractive to terrorist or money launderers until there is more noise to hide the signal in.  Also, I’d like to see some stats about the average current holdings of Second Life players.  Is the average in-game bank account balance $100 or $1,000.00.

Interesting…German police want to trojan suspect machines in order to engage in surveillance…

German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany’s top police officer said.

Skype allows users to make telephone calls over the internet from their computer to other Skype users free of charge.

Law enforcement agencies and intelligence services have used wiretaps since the telephone was invented, but implementing them is much more complex in the modern telecommunications market where the providers are often foreign companies. [Link--->]

It seems the folks at Wired Magazine have developed the homeland security gut guide based on the reporting that Secretary Chertoff has a “gut feeling” about a period of increased risk to the homeland.

All joking aside, from an analyst’s perspective, we shouldn’t diminish the role that the “gut” or “intuition” plays in the predictive analysis process. Intuitively, our gut feelings are drawn from experiential patterns that our brains use to try and predict the next sequence of events. If I type “Mary had a little ______”, you are inclined to predict “lamb” as the next word in the sequence even though “problem” or “nose” are also valid options. Secretary Chertoff is exposed to one of the most massive data sets relating to domestic homeland security threats and threats and attacks that have manifested themselves overseas. If he has a “gut feeling” that something is coming, it means that there is some sensory input that is leading him to predict an attack in the near-term sequence of forthcoming events. While I enjoy the lambasting as much as the next person, I am not as quick to dismiss it as others have been.

Of course, there is always a catch. In this instance, I would attract your attention to three catches. First, I don’t think the experiential data sets are significant enough to distinguish meaningful patterns at the level Chertoff is analyzing them. Second, we are dealing with inherently unpredictable adversaries displaying at least an notional capability to adapt and surprise. Lastly, some experiential patterns are known well enough by the terrorist adversary to allow them to engage in deception (for example the heavily discussed concept of “increased chatter”). As an essay on the CIA’s own site points out:

To the extent that perception is influenced by expectations, analysts may have missed or discounted the contrary instances. People also have a better memory for recent events, events in which they were personally involved, events that had important consequences, and so forth. These factors have a significant influence on perceptions of correlation when analysts make a gut judgment without consciously trying to think of all four cells of the table. Many erroneous theories are perpetuated because they seem plausible and because people record their experience in a way that supports rather than refutes them. Link —>

Think of the “terrorist problem” in the context of that last paragraph. Many have also been skeptical that Chertoff was simply engaging in the “politics of fear” and that using a fuzzy metric such as a “gut feeling” is a low risk way to increase the perception of threat. Given the White House backtracking on the statement, I don’t think the comment was anything but a genuine informal assessment. I know I’ve shared “gut feelings” with my colleagues on several occasions and a few times in the international media. Speaking to these “gut feelings” only provides another metric for the budding analysts to put in their own experiential data sets that they’ll draw on for future gut feelings of their own.

Countering the reach of the global jihad within networked diasporas is a global security priority. Police and intelligence services worldwide—especially in “Global Cities” with international political and economic importance and transnational connections—must develop relationships with diaspora communities. These efforts must build upon community policing and develop the cultural understanding and community trust required to recognize the emergence of extremist cells, radicalization, efforts to recruit terrorists, and efforts to exploit criminal enterprises or gangs to further terrorist activities. These efforts need to be linked to develop the intelligence needed to combat a global networked threat. This requires more than “information-sharing” and co-operation, it requires a multi-lateral framework for the “co-production” of intelligence so police and intelligence services can recognize global interactions with local impact and local activity with global reach. Link—>

Anyone who has seen me present or has been a student in my class is familiar with the matrix below. In fact, this matrix was the guiding principle for an entire conference session in Sweden 18 months ago and I’ve briefed on it least 300 times to thousands of people.

Now read this article:

SCOTLAND YARD has uncovered evidence that Al-Qaeda has been plotting to bring down the internet in Britain, causing chaos to business and the London Stock Exchange. Link —>

This is the beginning of what will be an interesting trend as some emergent terrorist cells push the boundaries and decide to engage in physical attacks on financial infrastructures. When you are in Nigeria all your targets look like oil pipelines, so when you are in London, what do you targets look like if your intention is to wage economic terrorism?

Richard Clarke even has a recent book where the founding premise is a series of attacks on the U.S. Internet infrastructure. It isn’t a bad read, even with the obvious Soxster = Mudge parallels.