Currently viewing the tag: "Cyber"

Written by Sasa Milosevic

This post is part of our special coverage Libya Uprising 2011.

Over 60,000 people in Serbia have joined a Facebook group to publicly support Gaddafi\'s regime. Credit: Support for Muammar al Gaddafi from the people of Serbia, a Facebook group

A Facebook group titled “Support for Muammar al-Gaddafi from the people of Serbia”, with its 62,500 members, became a serious threat for the Libyan opposition not only due to the support for Gaddafi, but also because of cyberattacks on the opposition's web site.

The cyber war initiated by pro-Gaddafi Serbian citizens, recruited mainly from the Serbian ultranationalists, rang out in the international media and panicked the Libyan Youth Movement (@shabablibya), “a group of Libyan Youth both in and out of Libya inspired by our brothers and sisters in Egypt and Tunis.”

Mohammed al-Sabah, a Libyan Youth Movement representative, said this to the Serbian media:

Thousands of Internet users from Serbia are attacking and infringing on our sites daily with anti-NATO and anti-EU slogans, so much that [the sites become] completely useless. We do not claim that all of them are hackers, but it is clear that it is an organized campaign. If something is not done soon, things will get worse for us.

According to Milan Kovacevic, a web administrator and author of the book “Cryptography in Electronic Banking,” Serbian hackers are not independent in their actions, but are a part of international groups:

These are two of hacker groups: “C1337ORG” and “Black Hand.” A big part of the attackers are actually foreigners who hide behind Internet address of ordinary users from Serbia.

He adds that it is possible that among the Libyan rebels there exist insiders who are informing Serbian hackers where and how to attack.

Administrators of the most popular Serbian Facebook page deny any connections with ultranationalists, explaining the essence of support for Gaddafi:

Gaddafi was sending oil to us when we were under economic sanctions. Gaddafi did not recognize Kosovo's independence. After the bombing in 1999, he sent money for Serbia's recovery. Gaddafi was providing employment to our people while they had nothing to eat here. Gaddafi is fighting against the people who have destroyed our childhood. So we are with him! Colonel, win for all of us!”

Daniel Vidal wrote in a comment to this statement:

I heard that Gaddafi gives €2500 to each student who wants to study outside Libya. He also gives them a car…

Milan Veris added:

Gaddafi is a living legend. Twenty years ago, this man built the most modern plumbing in the world. He brought water to Libya directly from the Nile.

(Because of this desert irrigation project, Belgrade's private Megatrend University awarded Gaddafi an honorary doctorate in 2007. Some of Gaddafi's opponents in Serbia, however, consider that a marketing trick to attract Libyan students to this university in the Serbian capital.)

Gorica Pukmajster wrote:

I am one of those whose family was fed by Gaddafi's salary, which, back then, was ten times what I was making when I worked in Belgrade.

Below are some more Facebook comments.

Dusan Duda Stevanovic
:

An army of monkeys led by a lion worth more than an army of lions led by a monkey.

Pathos Ydoni:

To the east of Libya, in cities that are controlled by the rebels, mobs and gangs, according to several human rights organizations, are virtually committing a crime against humanity. […] Rape, murder and torture are normal for rebels…

Trese Babe Oraje got this information from friends in Libya:

The rebels intercepted four buses from Tripoli to Benghazi, with people who started the peaceful protests in support of the Libyan army and stopping the NATO aggression. They took them hostage, and they beat even the women.

The NATO action in Libya has caused some young Serbs, who still live with the memories of the 1999 NATO bombing of Yugoslavia, to react with hatred.

Burek Pekaric:

These are the disturbed minds, and I really think to go to the French and Italian embassies and kick them with empty beer bottles on their heads. Monsters.

Ljubomir Popovski suggested this:

First, it should start from the dead. All French soldiers should be dug out from the New Cemetery and sent to France in cattle wagons. Second, all French monuments from Kalemegdan should be removed. Third, the French embassy in Belgrade should be closed and turned it into a museum of the NATO aggression.

Will exchange Tadic for Gaddafi. Credit: Vujaklija.com

The most rigorous critics are those Serbs who are disappointed with the decision of the Serbian president Boris Tadić to publicly distance himself from Gaddafi's government, “washing his own hands” of the long-term arms trade with Libya.

Vladimir Speed Savic urges:

Gaddafi, take from Tadic the Persian carpet you gave him last year for the Day of the Libyan revolution. And the honorary medal… Let Sarkozy weave him a new one at his own expense…

The administrator of the group posted a video of Radio Television Vojvodina from the time when the Serbian Ministry of Foreign Affair paid a visit to Gaddafi, thanking him for not recognizing Kosovo. Foreign minister Vuk Jeremić and his group performed a deep bow for Gaddafi.

Some of the group's members warn that the Serbian police and the Serbian Inteliigence Agency ((BIA)) are monitoring online activities in the well-known dictatorial style.

Marko Nikolic posts this alarm:

Twenty of them from BIA are here in this group and they are posting messages to the wall.

Jebes Chuck Norris, Gaddafi ujedinio Srbe reveals:

We welcome the night shift of MUP [Ministry of the Interior] that monitors our group with fake profiles.

Bloggers on Vujaklija.com also offer public support to the “defiant” Libyan leader, as the Western media describe him.

Cho-Seung Hui says:

The president who would welcome us to free ourselves forever from joining the European Union, democracy, the rule of human rights, privatization, globalization, capitalism and other disasters that have befallen us after the October 5, [2000].

As_basket_player_5 concludes:

Until a few days ago, a totally irrelevant figure in our lives, and now a hero in Serbia. Nobody knows why.

This post is part of our special coverage Libya Uprising 2011.

Global Voices in English

Tagged with:
 

There is good news for the people of Iran in confronting enemies through the consequential powers of cyberspace. Soon the Islamic Republic of Iran’s cyber war campaign will be activated under the Passive Defense Organization of Iran.

During a news conference for the second gathering of the National Resistance and Passive Defense, in an interview with Bulletin News, the Head of Iran’s Passive Defense Organization pointed to events following the presidential elections and concentration of adversaries in cyberspace. He stated:

“Prior to the events last year, some authorities acted passively to warnings of cyber security and did not believe cyberspace could be a prime embankment for the enemy.  But in the wake of last year’s  events it became quite clear that today the world has concentrated on cyber war. The United States established a cyber army nine months ago, and the existing German cyber army are clear indications of this situation.”

According to the Bulletin News reporter, during the interview General Gholamreza Jalali emphasized:

“In fact, last year an all out soft war was imposed on the Islamic Republic, utilizing modern tools as the internet. Through prompt investigations and timely actions in all areas, these impositions were disabled. But during the past year, many events improved our strategy in multiple areas, especially in cyber issues. For instance, the Stuxnet virus was an attempt by the U.S. to cripple Bushehr nuclear power plant and strike Iran. Through a German software developed by the Siemens corporation, the United States invaded our nuclear facilities. However, due to swift action by the Passive Defense Organization and Ministry of Intelligence, through communications and training, the virus was prevented from spreading and was disabled altogether.

“Stuxnet virus invaded our country, had accomplishments, and of course inflicted some damage. But what the enemy would like is for us to declare the very damages and issues this virus created. The virus led to Iran’s versatility in cyber issues with the coordination of Passive Defense Organization, Ministry of Intelligence (MOI) and Communications, and trainings were held to confront the Stuxnet virus.”

Additionally, Jalali mentioned:

“Fortunately, appropriate courses of action in cyber security have been implemented by all establishments, security forces have launched Ofta, the department of justice has allocated a court to investigate cyber crimes, and there are additional security measures. I am very delighted about cyber-related discussions in accordance with these activities. Additional good news I can deliver to the people of Iran is: Soon the Islamic Republic of Iran’s Cyber War Campaign will be underway through the Passive Defense Organization, and it will fight our enemies with abundant power in cyberspace and internet warfare.”

Finally, the Head of the Passive Defense Organization added:

“For cyber war efforts, we welcome active participation of hackers who want to get involved and promote the goals of the Islamic Republic. However, we deliver a warning to those hackers who want to strike against to the people with filthy purpose. In watching them, we will confront them severely.”

Big Peace

Tagged with:
 

While politicians are still talking about restoring civility, liberal thugs are waging an all out attack on the website of David Rivkin, lead counsel in the multi-state lawsuit against Obamacare, rather than engage in a civilized debate that they can’t win.  And what do the ACLU and other left-leaning civil rights groups have to say about these attempts to silence a leading voice for freedom and liberty? Not a thing.

Rivkin represents 26 States, the National Federation of Independent Business, and two individuals in the most prominent and successful challenge to Obamacare.  He’s been a prominent critic of the law’s individual mandate from the beginning, and is used to engaging in intellectual battle—it comes with the territory.  But this is something far different.

One week after federal district judge Roger Vinson held that the mandate was unconstitutional and struck down the entire law, Rivkin’s website came under attack by a highly organized group of cyber-terrorists seeking to silence him and knock his views off the Internet.

Just like the recent attacks by Wikileaks supporters on Amazon.com, MasterCard, and PayPal—attacks that have led to international investigations that remain ongoing and several arrests—unknown hacktivists from IP addresses located overseas took aim at Rivkin’s website, bombarding it with fake traffic and intrusion attempts.  They managed to destroy entire sections of the site dedicated to his advocacy on behalf of the states in the health care law suit.

The ongoing criminal attacks have been reported to the Federal Bureau of Investigation, which is charged with investigating denial of service cyber attacks.

Perhaps the most amazing aspect of this episode is the complete disregard of this attack by the mainstream media and left-wing civil liberties groups.  Imagine, for example, a similar attack on the website of the plaintiffs in the challenge to California’s Proposition 8, which struck down same-sex marriage in the state.  Imagine the outrage, finger-pointing, and howls of indignation that would follow.  The media, as well as the ACLU and others, would be quick to condemn conservatives, and many prominent conservatives, no doubt, would disassociate themselves from the cyber-attack.  And rightly so—conservatives don’t need to cheat or break the law to win the war of ideas.

Rivkin’s sober and scholarly advocacy in favor of Americans’ fundamental rights is clearly a threat to someone, and they have decided to attack him for it.  Even on the Internet, thugs shouldn’t get a “heckler’s veto” over speech with which they disagree.  One would think that’s a point on which conservatives and left-leaning civil libertarians could agree.  But all we’ve heard so far from the left is silence.

The Foundry: Conservative Policy News.

Tagged with:
 

Those “who engage in chats even on cyberspace were ‘vulnerable to temptation,’” doncha know. Sharia Alert from modern, moderate Malaysia: “Cyber chatting against Islam, says Malaysian preacher,” from the Economic Times, February 8 (thanks to all who sent this in):

KUALA LUMPUR: Cyber chatting is against Islam , a Muslim preacher in Malaysia has said.

Preacher and motivational speaker Mohammed Zawawi Yusoh told Harian Metro newspaper that people who engage in chats even on cyberspace were “vulnerable to temptation”.

It is akin to committing ‘khalwat’ (close proximity), which is an offence under the Islamic jurisprudence.

Khalwat and other offences under the Islamic law are enforced on the majority population with the help of vigilantes from religious affairs department. Malaysia is an Islamic nation.

They carry out raids, either on their own or on a tip off from family members of the likely offenders or from members of public.

Jihad Watch

Tagged with:
 

108793085

by Zoe Pollock

Spencer Ackerman reports on how the US could have deployed mobile connectivity in Egypt:

When Hosni Mubarak shut down Egypt’s internet and cellphone communications, it seemed that all U.S. officials could do was ask him politely to change his mind. But the American military does have a second set of options, if it ever wants to force connectivity on a country against its ruler’s wishes.

There’s just one wrinkle. “It could be considered an act of war,” says John Arquilla, a leading military futurist.

The U.S. military has no shortage of devices — many of them classified — that could restore connectivity to a restive populace cut off from the outside world by its rulers.

(Photo: Egyptians take pictures with their cellphones of a burning police station set ablaze by rioters near the Sultan Hassan al-Rifai mosque in central Cairo on January 28, 2011. By Marco Longari/AFP/Getty Images.)





Email this Article
Add to digg
Add to Reddit
Add to Twitter
Add to del.icio.us
Add to StumbleUpon
Add to Facebook




The Daily Dish | By Andrew Sullivan

Tagged with:
 

The American mainstream media has for the most part overlooked news that the European Union’s emissions trading scheme has been suspended for at least a week after cyberattackers stole millions of dollars worth of EU carbon allowances. Although NPR reported on it this morning-which is how I learned about it.

I don’t know what the thieves will do with the credits, it’s not like you can trade them in for cash. The allowances come with serial numbers, so reslling them is at best problematic.

They appear to be worthless-just like cap and trade schemes.

The blogosphere has for the most part ignored the carbon cool-down, but Bluegrass Pundit found it newsworthy.

Technorati tags:

Marathon Pundit

Tagged with:
 

So says a report from the OECD.

Via the BBC: Risks of cyber war ‘over-hyped’ says OECD study

Attempts to quantify the potential damage that hi-tech attacks could cause and develop appropriate responses are not helped by the hyperbolic language used to describe these incidents, said the OECD report.

“We don’t help ourselves using ‘cyberwar’ to describe espionage or hacktivist blockading or defacing of websites, as recently seen in reaction to WikiLeaks,” said Professor Peter Sommer, visiting professor at LSE who co-wrote the report with Dr Ian Brown of the Oxford Internet Institute.

“Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure,” added Prof Sommer.

The report acknowledged the risk of a catastrophic cyber incident, such as a solar flare that could knock out satellites, base stations and net hardware, but said that the vast majority of incidents seen today were almost trivial in comparison as they did not last long and only hit a few people or organisations.

Attempts to decide how to deal with the wide variety of potential attacks and attackers were being hampered because words used to describe incidents meant different things to different groups.

For instance, it said, an “attack” could mean phishing e-mails trying to steal passwords, a virus outbreak or a concerted stealthy attempt to break into a computer system.

“Rolling all these activities into a single statistic leads to grossly misleading conclusions,” said the report. “There is even greater confusion in the ways in which losses are estimated.”

More at the link, including links to other stories on this topic.




Outside the Beltway

Tagged with:
 

By Mong Palatino

Become a Cyber Scout Volunteer

The government of Thailand is recruiting young people and other internet literate citizens to join its ‘cyber scout’ program which will monitor the internet of “online behavior that is deemed a threat to national security and the royal institution.’ Although it was announced a few months ago, the first training took place last December 20-21 at Kasetsart University.

Saksith Saiyasombut translates the objectives of the project:

1. To create a Cyber Scout volunteer network […] that observes […] [online] behavior that is deemed a threat to national security and to defend and protect the royal institution.

4. To promote the moral and ethics with the help of the volunteers, to ensure the correct behavior, build reconciliation and awareness towards the use of information with regard to morality and safety of individuals in society.

5. To promote and support to various sectors of society to careful and responsible usage of information technology.

The blogger warns that the program could worsen internet censorship in Thailand. Today, more than 100,000 websites are blocked by Thai authorities.

… it is quite clear that a general trend of over-emphasizing the loyalty by all means and the sudden urge to protect the royal institution against a perceived, invisible threat. And since the internet is a quite anonymous place, it’s an even more frightening threat. Thus these mental and cultural barricades are built with the recruited man-power and the social dogma of loyalty – both off- and online.

… in order to build a knowledge-based society, which the government eventually wants to have, you have to allow the freedom to collect the knowledge by yourself and not being shoved into the throat.

Leosia criticizes the program

This whole process is disgusting. You start with immature and naive youngsters and then give them a moral superiority imperative to hunt down and expose anyone with an opinion.

Patrick Henry comments that it is a high tech version of the Village Scouts which was formed to hunt down communist members in the 1970s

Hmmm… a high tech version of the Village Scouts? You'd think this regime would have better things to do. Welcome to the Kingdom of Orwell.

Political Prisoners in Thailand describes the program

Genius mixed with Fascist tendencies, vigilantes and the “ethics” of censorship. Fabulous. Thanks Mr. Abhisit (Note:Prime Minister of Thailand).

When the program was unveiled a few months ago, Nicholas Farrelly wrote about the impact of the program on the credibility of Thailand’s political institutions

…it also serves to convince some people that when the time comes the Thai authorities will be capable of controlling the potentially huge surges of critical, satirical and confronting commentary that lurk over the horizon. I remain unpersuaded that these efforts will actually prove fit for purpose and may, once all is said and done, actually further undermine the credibility of some of Thailand’s key institutions.

Some comments on Twitter and Facebook

Brian Jungwiwattanapor: what an incredibly horrible idea. makes me laugh, makes me cry
freakingcat: @f_dinkum :-) Shows my admiration for the selfless service our Thai Cyber Scout Rats do for this country
AnyaP: Cool title for a less than cool initiative.

Global Voices in English

Tagged with:
 

Hacktivism for Cyber Democracy
by Joel S. Hirschhorn

Because of the attacks on WikiLeaks and its founder there has been considerable media attention to the hacktivism practiced by supporters of WikiLeaks. That has been manifested as cyber attacks on mainstream commercial websites that acted against WikiLeaks. Hacktivism as retribution and strategy to gain political objectives is bound to become much more common. And considering how voting, especially from the perspective of younger people, has been enormously disappointing as a means of reforming government and political systems worldwide, that seems appropriate.

Naturally, there is a fine discussion of hacktivism at Wikipedia. There we learn that it has been around far longer than the current attention to the WikiLeaks situation.

Hacking has come to mostly mean illegal breaking into computer systems, while activism has always been either violent or nonviolent. Hacktivism is clearly now seen as an alternative to convention activism, civil disobedience and, increasingly, participation in democratic, electoral processes.

The combination of computer programming skills, critical thinking, anger and disgust with prevailing corporate and government institutions can and probably should drive better focused hacktivism. It could become an effective strategy for achieving major political reforms.

Cyberterrorism along with cyber crime, Internet fraud and everyday spamming are to be feared and fought, while hacktivism merits considerable respect and public support as a philosophic and political tactic responding to contemporary political and social issues and needs. At least, as long as it does not do harm to individuals.

Those with the expertise to implement hacktivism are a new breed of radicals, revolutionaries, and power brokers that is unsurprisingly an inevitable consequence of the whole computer, networking and Internet world that has been overly embraced. As with all technologies, there are always generally unseen and unintended negative impacts that catch people, governments, companies and just about everyone else by surprise. If there is any real surprise it is that the world has not seen far more widespread hacktivism.

In a fine 2004 article Hacktivism and How It Got Here, Michelle Delio pointed out: Hacktivism, as defined by the Cult of the Dead Cow, the group of hackers and artists who coined the phrase, was intended to refer to the development and use of technology to foster human rights and the open exchange of information.

We should see hacktivism as a dimension to cyber or digital democracy. It may first appear as more deadly than violent street protests against government actions that are seen frequently, particularly in Europe, but should it not be seen as just a more technological form of protest appropriate for our time? Indeed, just as WikiLeaks is seen as a more potent, technological form of whistle blowing, is not hacktivism its logical complement?

There is a wonderful, detailed history of hacktivism on the Wikipedia site, including a citation to a 2006 published paper by the now infamous Julian Assange titled The Curious Origins of Political Hacktivism.

Listen to the thinking of a 22-year-old London software engineer known only as Coldblood, who controls the servers the group Anonymous uses to implement its hacktivist actions. “I decided to speak as I’m passionate about how government shouldn’t censor the internet. We suggest sites to attack, and if enough people think it’s good, it will generally happen. It’s a community thing. By making it harder for these companies to operate online we show them a message that it’s not just governments they need to keep happy, it’s the users as well. If their website is offline, then people can’t use their services and it affects them. It’s like an idealistic democracy. But everyone is aware that the attacks are illegal. Nobody is pressured into taking part. A lot just watch. But if they arrest one person, the attacks won’t stop.”

To see hacktivism positively today may require having a positive attitude towards WikiLeaks as the defender and protector of the public’s right to know what governments, corporations and international organizations are really doing, even when secrecy is used to thwart transparency. In so many respects, WikiLeaks is more trustworthy than the groups it exposes. It is performing a duty that newspapers could once be counted on to do, but with corporate ownership and censorship of media WikiLeaks offers more independence. However, the relationship between WikiLeaks and several mainstream newspapers in its release of US State Department documents has been seriously questioned by Michel Chossudovsky: “how can this battle against media disinformation be waged with the participation and collaboration of the corporate architects of media disinformation? Wikileaks has enlisted the architects of media disinformation to fight media disinformation: An incongruous and self-defeating procedure.” Still, working with corporate media may have been a tactic to protect WikiLeaks.

This much seems certain about the future: The more that electoral politics in western democracies appears increasingly ineffective in fighting political and corporate corruption, economic inequality, restraints on the Internet, environmental problems, suffering in developing countries, and unnecessary wars, the more we can expect to witness hacktivism. The most interesting question is whether the American and global plutocracy that has so successfully advanced the greedy interests of the rich and powerful will learn to live with hacktivism or whether it mounts a far more aggressive attack on it, including severe criminal penalties. Hacktivism is not so much the problem as a symptom of a far more serious, deeper set of problems.

[Contact Joel S. Hirschhorn through delusionaldemocracy.com.]


The Moderate Voice

Tagged with:
 

When a corporation screws up and your account information is compromised by “unauthorized access” (code for “someone broke into our database and stole your data”), current law seems to side with the corporate behemoths. They send you an “oops, we’re sorry” email and you have to suck it up. Liability? Seems AWOL.

This weekend, Gawker lost all information on about 1.3 million user accounts; that includes email and passwords. Shortly thereafter, many Twitter and Facebook accounts became spammers for Acai Berry. I sent a note to a Facebook friend at 4 pm advising him that his account seemed hacked (but not by Acai Berry). Gawker got around to telling me about this Monday night.

Also on Monday, McDonald’s pointed the finger at an undisclosed contractor when it acknowledged that customer “e-mail and other contact information, birthdates and other specifics” had been lost. McDonald’s refuses to say how many accounts are now in the wild but acknowledges that its long-time partner, Arc Worldwide (the “marketing services arm” of Leo Burnett) had farmed out the work.

On Friday, Walgreen told an undisclosed number of mailing list customers that it had lost their personal information. Again, a refusal to acknowledge the extent of the breach and no information on the company responsible.

My Gawker Story

This afternoon, when I tried to access gmail, Google wouldn’t accept my password. After typing it three times, I gave up and clicked the “forgot password?” link. Google asked me for the phone number associated with my account (yeah, I’m glad I added one) and sent me a text message with a numeric code. Enter the numeric code to unlock door number one, which was a demand that I create a new password. That activity done, Google unlocked door number two and I was able to send an email.

It’s been a busy/crazy day near the end of a trying year. A few minutes ago, when I logged in to read email, I learned that Gawker had sent me an email at 5.59 pm with the subject line, Gawker Comment Accounts Compromised — Important.

This weekend we discovered that Gawker Media’s servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. As a result, the user name and password associated with your comment account were released on the internet. If you’re a commenter on any of our sites, you probably have several questions.

We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security. Right now we are working around the clock to improve security moving forward. We’re also committed to communicating openly and frequently with you to make sure you understand what has happened, how it may or may not affect you, and what we’re doing to fix things.

This is what you should do immediately: Try to change your password in the Gawker Media Commenting System. If you used your Gawker Media password on any other web site, you should change the password on those sites as well, particularly if you used the same username or email with that site. To be safe, however, you should change the password on those accounts whether or not you were using the same username.

We’re continually updating an FAQ (http://lifehac.kr/eUBjVf) with more information and will continue to do so in the coming days and weeks.

Gawker Media

==============================================
You are receiving this email because your email address was associated with a Gawker Media user account. We are using this list only for the purpose of sending you this important notification.

Pardon me? THIS WEEKEND? And you don’t tell me about it until after the close of business on Monday?

Gawker Media’s actions are all the more crazy (read irresponsible) since someone with the email handle “SorryAboutThis” sent me a mail Sunday, 20 hours before Gawker did, telling me that my Gawker account had been hacked.

I am not officially from Lifehacker, Gawker, or Gizmodo, but I wanted to let you know that your account info, including name, password, and email for these places is now floating around the internet. If you used the same password for anything else, including Facebook, email, or a bank account, you should probably change it.

Here are some details that the MSM and wire services have left out of their reporting:

  • Salon: “Nearly 1.25 million accounts, including more than 500,000 user e-mails and more than 185,000 decrypted passwords, were posted to the Pirate Bay.”
  • LifeHacker: It’s not possible to delete your Gawker account.
  • WalletPop: MSM might not be naming names, but McDonald’s handed this work over to Leo Burnett — the ninth largest agency in the world 10 years ago. Its marketing arm, in turn, hired another firm to coordinate and distribute emails and that firm is the one that lost your personal data.
  • Forbes: Gawker has no one to blame but itself. The founder, Nick Denton, noticed suspicious behavior in November, And Did Nothing.

    analysis of the file released by the crackers themselves indicates that the breach extends to employees of Gawker, includes credentials for internal systems (Google applications, collaboration tools) used at the company, includes a leak of Gawker’s custom source code, includes credentials of Gawker employees for other web sites, includes FTP credentials for other web sites Gawker has worked with, includes access to Gawker’s statistics web site, and includes the e-mails of a number of the users who left comments at Gawker as well as users of lifehacker.com, kotaku.com, and gizmodo.com.

    The evidence also suggests the attackers have had access to Gawker’s internal systems for a period of time that is at least a month, and that they gained root level access to servers the Gawker Media web properties are hosted on.

McDonald’s and Walgreen

The LA Times reports “unauthorized access” at McDonald’s to personal information given by customers, in good faith, to the fast-food giant website or its (one assumes, offline) promotions. When MickyD reported the breach on Monday:

McDonald’s was quick to note that no financial or sensitive personal information was swiped by cyber criminals who broke into computer systems operated by an outside firm used to manage a customer email database.

“Limited customer information collected in connection with certain McDonald’s websites and promotions was obtained by an unauthorized third party,” McDonald’s said in an email response to an AFP inquiry.

Is a breach of personal information truly “limited” if someone can confirm that a birthdate is associated with an email address? Because the McDonald’s breach included “e-mail and other contact information, birthdates and other specifics.”

Who was the “outside firm”? Were their security measures as poor as Gawker’s? Where these data in the cloud or on servers owned/managed by the “outside firm”?

At Walgreen drug stores, the breach was subscribers to an email distribution list. Least you think just having your email address is only a minor security breach, the company reported that subscribers to its “e-mail distribution list should be on the lookout for spam directing them to another site and then asking for personal data.”

What You Can Do

Not sure if you ever created an account on a Gawker property? Use this widget from Salon to check your email addresses.

Going forward, some suggestions:

  • Set up an email address that you only use for public comments and/or email from corporations, nonprofits and political candidates. This is a do as I say, not as I only sometimes do … because, well, sometimes we want our comments to be associated with our primary persona. This may be a luxury that we can’t afford, especially given the cavalier attitude Gawker Media took towards us “peasants.”
  • Another way to limit your exposure: tighten up your passwords. Yeah, I can hear you. I’ve been known to use “password” as the password on accounts where I Do Not Care if someone poses as me. You know, like at LifeHacker or Gizmodo. (For the record, I do not know what the password on the account was.)
  • When possible, comment on public websites by logging in with your OpenID (if you have a WordPress.com blog, you have an OpenID), Google, Facebook or Twitter accounts. Sites are not supposed to be able to see your passwords for those accounts, so they aren’t being stored in someone else’s database. Resist the invitation to create an account, especially when that requires a second step after you’ve logged in with an external service. Complain about the demand to actually create a new account with email and password and such: we log in with “trusted” accounts so that we don’t have to create yet-another-account.
  • Join me in demanding that banks get with the 21st century and allow customers to create secure passwords! Every one of my commercial banking accounts — with the exception of PayPal — will NOT allow me to use a special character in the password!

Finally, start talking to your state legislators and Congress critters about the need for corporate liability when personal information is released in as egregious manner as Gawker’s appears to have been.


The Moderate Voice

Tagged with:
 

The New York Times is reporting:

“The whistle-blowing Web site appears increasingly engaged in a game of digital Whac-A-Mole as it struggles to stay online. The Web infrastructure that supports WikiLeaks is deliberately diffuse and difficult to track, with servers spread through many countries in order to insulate the site from hostile states or companies.

‘Since April of this year our timetable has not been our own, rather it has been one that has centered on the moves of abusive elements of the United States government against us,’ Julian Assange, the organization’s founder, in an online discussion on the Guardian newspaper’s Web site.

According to the Web site whois.com, the new domain,wikileaks.ch, is registered to the Swiss branch of the Swedish Pirate Party, a political organization that has previously worked with Mr. Assange, who is being sought for questioning in connection to alleged sex crimes in Sweden. Mr. Assange has denied the allegations.”

Big Peace

Tagged with:
 

Now that they might make the President and the Russians look bad….it’s personal. Back when it only made President Bush look bad, it was useful. Right now, Wikileaks is facing a Denial of Service attack, but the New York Times and news organizations around the world are releasing the documents at this moment. Ben Smith says it demonstrates the impotence of the administration. I don’t know what it demonstrates yet, outside of creating chaos.

To some of the revelations (note: I’ll link every point even if it’s repetitive for ease of search):

1. The Obama Administration doesn’t like the Brits.

2. The Germans don’t like each other (via Der Spiegel’s Wikileaks coverage):

Even the leadership of a close ally such as Germany emerges in a poor light in the cables. The members of the ruling government coalition in Berlin denigrate each other in comments to the US ambassador to Germany, Philip Murphy. For example, Defense Minister Karl-Theodor zu Guttenberg tattled on his colleague German Foreign Minister Guido Westerwelle, telling the US ambassador that Westerwelle was the real barrier to the Americans’ request for an increase in the number of German troops in Afghanistan. And the US diplomats are rather cool in their assessment of Chancellor Angela Merkel: One dispatch describes her as risk-averse and “rarely creative.”

3. Secretary of State Hillary Clinton wants her diplomats to be spies:

Sometimes the US embassy activities seem to go beyond the requirements of diplomacy. Secretary of State Hillary Clinton demands of members of her diplomatic corps that they prove their worth as spies. The embassy staff are asked to acquire any accessible personal details of UN staff, including credit-card numbers and frequent-flyer customer numbers.

4. Everyone is terrified of Iran (from the New York Times):

Feeding the administration’s urgency was the intelligence about Iran’s missile program. As it weighed the implications of those findings, the administration maneuvered to win Russian support for sanctions. It killed a Bush-era plan for a missile defense site in Poland — which Moscow’s leaders feared was directed at them, not Tehran — and replaced it with one floating closer to Iran’s coast. While the cables leave unclear whether there was an explicit quid pro quo, the move seems to have paid off.

There is also an American-inspired plan to get the Saudis to offer China a steady oil supply, to wean it from energy dependence on Iran. The Saudis agreed, and insisted on ironclad commitments from Beijing to join in sanctions against Tehran.

Also, the New York Time’s bias just seeps on through. “The move seems to have paid off”, they say. How exactly has it paid off? Never mind. There’s more.

The Telegraph documents how destructive this leak may be:

Officials involved in overseeing British policy in the region say that diplomatic materials compiled between 2008 and 2010 on Iran contained sensational information that could jeopardise efforts to disrupt the nuclear programme if unveiled on WikiLeaks.

The UK has played a key role on breaking up one network of businessmen in Dubai who had been using the emirate as the “HQ of a worldwide spiders web” to supply equipment to Iran’s banned nuclear programme.

“Information was provided to the UAE authorities that was only procured by getting inside this group. It was a very successful effort of disruption carried out at some personal risk by our people,” said one Whitehall official. “It would not be good for any of this to come out.”

5. U.S. has doubts about Turkey. From Speigel Online International:

The leaked diplomatic cables reveal that US diplomats are skeptical about Turkey’s dependability as a partner. The leadership in Ankara is depicted as divided and permeated by Islamists.

US diplomats have grave doubts about Turkey’s dependability. Secret or confidential cables from the US Embassy in Ankara describe Islamist tendencies in the government of Prime Minister Recep Tayyip Erdogan.

The US diplomats’ verdict on the NATO partner with the second biggest army in the alliance is devastating. The Turkish leadership is depicted as divided, and Erdogan’s advisers, as well as Foreign Minister Ahmet Davutoglu, are portrayed as having little understanding of politics beyond Ankara.

The Americans are also worried about Davutoglu’s alleged neo-Ottoman visions. A high-ranking government adviser warned in discussions, quoted by the US diplomats, that Davutoglu would use his Islamist influence on Erdogan, describing him as “exceptionally dangerous.” According to the US document, another adviser to the ruling AKP party remarked, probably ironically, that Turkey wanted “to take back Andalusia and avenge the defeat at the siege of Vienna in 1683.”

How, precisely, is it helpful for this information to be out and open? Once again, Der Spiegel nails it:

Never before in history has a superpower lost control of such vast amounts of such sensitive information — data that can help paint a picture of the foundation upon which US foreign policy is built. Never before has the trust America’s partners have in the country been as badly shaken. Now, their own personal views and policy recommendations have been made public — as have America’s true views of them.

Forget the content of the leaks for a moment, this is a moment of impotence so complete and horrifying-the Jerusalem Post notes that Israel’s leaders were notified but that US officials aren’t sure what’s in the documents-that America is diminished before everyone. Consider this thumbnail:

The documents quoted in the leaked article include nicknames for a number of world leaders. Iranian President Mahmoud Ahmadinejad is referred to as “Hitler,” French President Nicolas Sarkozy as a “naked emperor,” the German Chancellor is called Angela “Teflon” Merkel and Afghan President Hamid Karzai is “driven by paranoia.” Russian Prime Minister Vladimir Putin is an “Alpha Male,” while President Dmitry Medvedev is “afraid, hesitant.”

The documents also say that North Korean leader Kim Jong Il suffers from epilepsy, Libyan leader Muammar Gaddhafi’s full-time nurse is a “hot blond,” and Italian Premier Silvio Berlusconi loves “wild parties.”

The article also quotes the State Department as saying that US President Barack Obama “prefers to look East rather than West,” and “has no feelings for Europe.”

“The US sees the world as a conflict between two superpowers,” the diplomatic cables say. “The European Union plays a secondary role.”

Well, this Wikileaks release of information doesn’t seem particularly surprising, just confirming what most who pay attention believe about things. Still, how is this helpful to the U.S.’ standing in the world? I don’t see it.

The cavalier nonchalance of some on the left, in particular, about this leak speaks volumes. Aren’t these the same folks who deified Valerie Plame? But wholesale diplomatic revelations is okay? I don’t get the justification here.

Liberty Pundits Blog

Tagged with:
 
style="float: right; margin-bottom: 10px; margin-left: 10px;"> href="http://blog.heritage.org/wp-content/uploads/computer-security.jpg"> class="alignright size-full wp-image-36758" title="computer-security" src="http://blog.heritage.org/wp-content/uploads/computer-security.jpg" alt="" width="375" height="240" />

The report today from the U.S.–China Economic and Security Review Commission is chilling but not terribly surprising. According to href="http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf">the commission (pages 243–44):

For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from U.S. government (“.gov”) and military (“.mil”) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM.

id="more-46867">Though nobody knows what happened to the data, this sort of access could allow Chinese surveillance of specific users or sites or disrupt a data transaction and prevent a user from establishing a connection with a site. According to the commission, “it could even allow a diversion of data to somewhere that the user did not intend [or] possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions.”

That’s powerful stuff. Naturally, href="http://www.bloomberg.com/news/2010-10-21/china-has-ability-to-hijack-u-s-military-data-report-says.html">the Chinese have denied the report in its entirety, saying that the report was “unacceptable” and based on groundless information. (One can only suppose that the “unacceptable” aspect of the report is that it reveals the Chinese activity for what it is.)

The incident simply reinforces the need for Congress to act on cyber security. The executive branch has been, appropriately, engaged in finding solutions to cyber security problems, but cyber security legislation is essential. Too much is happening by executive action without the input of our elected representatives.

We need to clarify the nature of the President’s authorities—how can and should the President be able to respond to an intrusion of the sort reported? We also need to determine where ultimate authority for cyber security operations should be housed within the federal government. It matters, profoundly, whether the Department of Homeland Security or the Department of Defense takes the operational lead for protecting America’s cybernet, and that decision warrants the input of Congress.

There are three bills pending in the Senate that address cyber security: One, authored by Senators Joe Lieberman (I–CT) and Susan Collins (R–ME) takes a security-oriented approach; another, authored by Senators John D. Rockefeller (D–WV), Olympia Snowe (R–ME), and Thomas Carper (D–DE), leans more heavily on the creation of mandatory standards for the private sector; a third, authored by Senators Kit Bond (R–MO) and Orrin Hatch (R–UT), looks to foster a public–private partnership through our national laboratories. Each of these approaches has something to offer. In the main, we should rely as much as possible on private sector incentives rather than regulation or federal control.

The reconciliation of these three approaches remains to be completed. It is too ambitious to hope that it will be done in this lame duck session of Congress. But it should be done in the coming year. If the next session of Congress does not produce a comprehensive, consensus bill, everyone should be disappointed.

The Foundry: Conservative Policy News.

Tagged with:
 


In light of yesterday’s news that explosives-laden toner cartridges bound for a Chicago synagogue had “all the hallmarks of Al Qaeda,” here’s one more on the exaggerated cyber war threat from Hersh’s New Yorker piece:

There is surprising unanimity among cyber-security experts on one issue: that the immediate cyber threat does not come from traditional terrorist groups like Al Qaeda, at least, not for the moment. “Terrorist groups are not particularly good now in attacking our computer system,” John Arquilla told me. “They’re not that interested in it—yet. The question is: Do vulnerabilities exist inside America? And, if they do, the terrorists eventually will exploit them.” Arquilla added a disturbing thought: “The terrorists of today rely on cyberspace, and they have to be good at cyber security to protect their operations.” As terrorist groups get better at defense, they may eventually turn to offense.

The packages originated in Yemen, where American citizens appear to be helping the local branch of Al Qaeda take aim at the United States. Some details of the terror plot come to light.

Photo: The device found attached to a toner cartridge in a package on a U.P.S. cargo plane at East Midlands Airport near Nottingham, England, from the NYTimes slide show on yesterday’s suspicious packages.


The Moderate Voice

Tagged with:
 

Seymour Hersh visits the front lines:

There is surprising unanimity among cyber-security experts on one issue: that the immediate cyber threat does not come from traditional terrorist groups like Al Qaeda, at least, not for the moment. “Terrorist groups are not particularly good now in attacking our computer system,” John Arquilla told me. “They’re not that interested in it—yet. The question is: Do vulnerabilities exist inside America? And, if they do, the terrorists eventually will exploit them.” Arquilla added a disturbing thought: “The terrorists of today rely on cyberspace, and they have to be good at cyber security to protect their operations.” As terrorist groups get better at defense, they may eventually turn to offense.





Email this Article
Add to digg
Add to Reddit
Add to Twitter
Add to del.icio.us
Add to StumbleUpon
Add to Facebook




The Daily Dish | By Andrew Sullivan

Tagged with: