Can You Hack It?

Calling all hackers, do you pack what it takes?

NSA is looking for a few good hackers

The National Security Agency has a challenge for hackers who think they’re hot stuff: Prove it by working on the “hardest problems on Earth.”

Computer hacker skills are in great demand in the U.S. government to fight the cyberwars that pose a growing national security threat — and they are in short supply.

For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.

The NSA is among the keen suitors. The spy agency plays offense and defense in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies.

See also:
NSA Wants to Hire Hackers at DefCon
US gov’t building hacker army for cyber war
U.S. government hankers for hackers
U.S. Federal Agencies Look to Hire Hackers at Defcon; Cyber Criminals Offer Services to the Public
US government agencies scouting for computer hackers: report
Federal Agencies to Recruit Hackers at Defcon
R u h4X0R? n33d @ jo8? NSA wants you (locked up in a cubicle, not a cell)
The NSA Wants More Hackers for Their ‘Collection of Geeks’
Welcome to the National Security Agency – NSA/CSS
National Security Agency
Defcon
DEF CON

Would you rather work for them or be hunted down by them? If you’re good enough, it probably pays pretty well and beats sitting in a prison cell.

/don’t forget to bring your white hat

Advertisements

Is Our Back Door Open?

Gee, I wonder which computer component manufacturing country might be responsible for this? Hmmm, let me think.

(you might want to skip to 51:47)

U.S. Suspects Contaminated Foreign-Made Components Threaten Cyber Security

Some foreign-made computer components are being manufactured to make it easier to launch cyber attacks on U.S. companies and consumers, a security official at the the Department of Homeland Security said.

“I am aware of instances where that has happened,” said Greg Schaffer, who is the Acting Deputy Undersecretary National Protection and Programs Director at the DHS.

Schaffer did not say where specifically these components are coming from or elaborate on how they could be manufactured in such a way as to facilitate a cyber attack.

But Schaffer’s comment confirms that the U.S. government believes some electronics manufacturers have included parts in products that could make U.S. consumers and corporations more vulnerable to targeted cyber attacks.

A device tampered with prior to distribution or sale could act as a “Trojan horse” in the opening wave of an international cyberwar. Contaminated products could be used to jeopardize the entire network.

See also:
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
Tomorrow’s cyberwarfare may be carried out by pre-infected electronics: DHS
Malware Comes with Many Gadgets, Homeland Security Admits
Supply chain security – DHS finds imported software and hardware contain attack tools
U.S. official says pre-infected computer tech entering country
Homeland Security Admits Hidden Malware in Foreign-Made Devices
Homeland Security Finds Your Electronic Device Poses Risks?
Threat of destructive coding on foreign-manufactured technology is real
Homeland Security Official: Some Foreign-Made Electronics Compromise Cybersecurity
White House’s Cyberspace Policy Review (PDF)

So, Mr. Schaffer “did not say where specifically these components are coming from.” Well, here, let me help, it’s obviously China. There, how hard was that? The next question is, what are we doing about it?

Our national power grid, electronics infrastructure, you name it, very few of the critical components are manufactured in the U.S. anymore and if there exists a series of back doors, enabling a hostile country, like China, to preemptively take it all down at once, we’re in serious, catastrophic trouble territory, so far up the proverbial [expletive deleted] creek without a paddle we’re no longer visible. And we’d be down for the count too, because we don’t have the U.S. manufacturing capability to pick ourselves up off the canvas

/the end game scenario this revelation portends would make Pearl Harbor look like a sorority pillow fight

Aid And Comfort To The Enemy

Let’s see, China launches cyberattacks and conducts internet espionage against the United States 24/7/365 and our U.S. Department of Homeland Security is warning China about their vulnerabilities? WTF?

China’s Infrastructure Vulnerable to Cyber Attack

Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security.

The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.

See also:
SCADA Vulnerabilities Patched in Two Industrial Control Software from China
Chinese Weapon Systems Vulnerable To SCADA Hack
US warns China software risk to public infrastructure
US Warns of Problems in Chinese SCADA Software
Software bugs discovered in Chinese-made applications
China’s weapons systems have exploitable software bugs
Department Of Homeland Security Cites China Vulnerability
Exclusive: China software bug makes infrastructure vulnerable
US reveals Stuxnet-style vuln in Chinese SCADA ‘ware
Critical vulnerability in industrial control software

China is not our friend, why are we feeding the hand that bites us? Why aren’t we keeping these discovered Chinese vulnerabilities to ourselves in case we might actually need to use them in the event of escalated hostilities with China?

/and just when did the DHS become the CDHS, Chinese Department of Homeland Security, protecting the homeland of a hostile country?

Mexican Pirates In Texas?

Welcome to Homeland Security in the age of Obama and Janet Napolitano.

Pirates plying the waves of Falcon Lake

Heavily armed Mexican freshwater pirates have been shaking down U.S. boaters on Falcon Lake, a reservoir and bass fishing haven that straddles the Rio Grande.
At least three such incidents have been reported since April 30, the latest on Sunday, according to a Texas Department of Public Safety warning issued Tuesday that linked the muggings to northern Mexico’s increasing lawlessness.

According to descriptions of the incidents, the robbers — in at least one case posing as Mexican federal law enforcement officers — searched fishermen’s boats for guns and drugs, then demanded cash at gunpoint.

One of the incidents reportedly occurred on the U.S. side of the lake.

“The robbers are believed to be members of a drug trafficking organization or members of an enforcer group linked to a drug trafficking organization who are … using AK-47s or AR-15 rifles to threaten their victims,” the DPS statement said. “They appear to be using local Mexican fishermen to operate the boats to get close to American fishermen.”

See also:
Pirates terrorize boaters on Texas lake
Cartel Pirates Sailing Falcon Lake, Tx.
Falcon Lake Pirates
DPS warning: Pirates shaking down Falcon Lake boaters
Law Enforcement Agencies Urging Caution on Falcon Lake 5/18/10
Fishermen warned of armed robberies at Falcon Lake
DPS warns about ‘pirate’ attacks on fisherman
Fishermen warned about Falcon Lake dangers
Zapata officials say U.S. side of lake is safe

Who needs secure borders anyway?

/nothing to see here, move along, don’t worry, the country is in the very best of hands

Department Of Homeland Firearms Insecurity

Brought to you by the people in charge of keeping us safe.

DHS officers lost guns in restrooms, bowling alleys, cars

In the first such accounting, Homeland Security officers lost nearly 200 weapons in bowling alleys, restrooms, unlocked cars and other unsecure areas from fall 2005 through 2008, USA TODAY’s Thomas Frank reports. At least 15 guns ended up in the hands of gang members, criminals, drug users and teenagers.

The report, by Inspector General Richard Skinner, said most weapons were never found. They included hand guns, shotguns and military rifles.

He documented 289 missing firearms, though some were lost after Hurricane Katrina and others were stolen from safes.

DHS has disciplined some offenders and beefed up training.

CNN writes that 179 guns — 74% of the total — were lost “because officers did not properly secure them,” the report said

Read the IG report:

DHS Controls Over Firearms

See also:
Homeland Security reports losing guns
Report: Officers lose 243 Homeland Security guns
Report tracks lost firearms at DHS
Homeland Security Lost Dozens of Guns, According to Internal Report
Homeland Security fails to secure its guns
Homeland Security Officers Lost Hundreds of Firearms
Homeland Security loses 243 guns, report says
Do DHS agents know where their guns are?
Homeland Security Agents Keep Losing Their Guns

Well hey, I feel safe, don’t you?

/don’t worry, the country is in the very best of hands

The Cyberwar Rages 24/7

Corporations’ cyber security under widespread attack, survey finds

Around the world, corporations’ computer networks and control systems are under “repeated cyberattack, often from high-level adversaries like foreign nation-states,” according to a new global survey of information technology executives.

The attacks include run-of-the-mill viruses and other “malware” that routinely strike corporate defenses, but also actions by “high-level” adversaries such as “organized crime, terrorists, or nation states,” a first-time global survey by the Center for Strategic and International Studies (CSIS) in Washington has found. More than half of the 600 IT managers surveyed, who operate critical infrastructure in 14 countries, reported that their systems have been hit by such “high-level” attacks, the survey concludes.

A large majority, 59 percent, said they believed that foreign governments or their affiliates had already been involved in such attacks or in efforts to infiltrate important infrastructure – such as refineries, electric utilities, and banks – in their countries.

Such attacks, the survey said, include sophisticated denial-of-service attacks, in which an attacker tries to so overwhelm a corporate network with requests that the network grinds to a halt.

But they also include efforts to infiltrate a company. Fifty-four percent of the IT executives said their companies’ networks had been targets of stealth attacks in which infiltration was the intent. In two-thirds of those cases, the IT managers surveyed said company operations had been harmed.

The IT managers also believed that these “stealthy” attacks were conducted by “nation states” targeting their proprietary data, says the survey’s main author, CSIS fellow Stewart Baker, in a phone interview. Mr. Baker is a cybersecurity expert formerly with the Department of Homeland Security and National Security Agency.

“It’s all the same kind of stuff – spear-phishing, malware, taking over the network and downloading-whatever-you-want kind of attack,” he says. “Over half of these executives believe they’ve been attacked with the kind of sophistication you’d expect from a nation state.”

The CSIS report describes such attacks as “stealthy infiltration” of a company’s networks by “a high-level adversary” akin to a “GhostNet,” or large spy ring featuring “individualized malware attacks that enabled hackers to infiltrate, control and download large amounts of data from computer networks.” The GhostNet attacks, which Canadian researchers attributed to Chinese state-run agencies, bear similarities to recent attacks on Google and other high-tech companies, Baker says. Google attributed attacks on it to entities in China.

Read the report:
In the Crossfire: Critical Infrastructure in the Age of Cyber War

See also:
In the Crossfire: Critical Infrastructure in the Age of Cyber War
Report: Critical Infrastructures Under Constant Cyberattack Globally
Utilities, Refineries and Banks Are Victims of Cyber Attacks, Report Says
Critical Infrastructure under Siege from Cyber Attacks
Critical Infrastructure Vulnerable To Attack
Critical Infrastructure Security a Mixed Bag, Report Finds
Report shows cyberattacks rampant; execs concerned
Key infrastructure often cyberattack target: survey
Critical infrastructure execs fear China
SCADA system, critical infrastructure security lacking, survey finds

Ironically, the more dependent we become on interconnected network technology, the more vulnerable we become too.

/so keep your fingers crossed and your computers patched against hacking and intrusion, at least you can do your part to avoid being part of the problem

Fighting Al Qaeda With Words On Paper And TV Talking Points

A true team effort at CYA damage control if there ever was one. Nine pages of PDF and a half hour of talking later . . . are we any safer?


Remarks by the President on Strengthening Intelligence and Aviation Security


Briefing by Homeland Security Secretary Napolitano, Assistant to the President for Counterterrorism and Homeland Security Brennan, and Press Secretary Gibbs

Summary of the White House Review of the December 25, 2009 Attempted Terrorist Attack

Attempted Terrorist Attack on December 25, 2009: Intelligence, Screening, and Watchlisting System Corrective Actions

Obama Orders Security Fix

President Barack Obama ordered his top intelligence chiefs Thursday to patch gaps in the way terrorism intelligence is distributed, analyzed and checked against watch lists used to identify potential attackers bound for the U.S.

It was his strongest and most detailed response to the Christmas Day attempt to blow up an airliner bound for Detroit. “We are at war,” the president said. “We are at war with al Qaeda.”

The White House also released details on how the alleged suspect, Umar Farouk Abdulmutallab, slipped through the intelligence net, used cash to purchase a one-way ticket and, carrying a bomb sewn into his underwear, boarded a Northwest Airlines flight with almost 300 passengers and crew.

A “series of human errors” included the “delayed dissemination of a finished intelligence report” that might have helped intelligence analysts connect the dots and prevent the attempted bombing, according to an unclassified version of the White House review of the attempted Christmas attack. The “finished report,” prepared by the Central Intelligence Agency, contained background on Mr. Abdulmutallab, officials said.

See also:
U.S. was more focused on al-Qaeda’s plans abroad than for homeland, report on airline bomb plot finds
Obama Releases Security Review of Attempted Bombing
White House releases intelligence review of attempted Christmas attack
Travelers react to Obama’s security review
Obama Orders Improvements in Security Policies
U.S. learned intelligence on airline attack suspect while he was en route
John Brennan: We failed on Christmas Day terrorist intelligence
What Surprised Brennan, Napolitano In Wake of Flight 253 Attack
The Daily Wrap: What We Learned About the Intelligence Failure
Factbox: Christmas Day bombing plot: Who knew what, when?

Personally, releasing nine pages of reports to the public and putting the Three Stooges on the TV to apologize and make excuses, while entertaining, doesn’t impress or reassure me and certainly does nothing to make Americans any safer. Until the government can actually keep terrorists off of commercial aircraft, it’ll still be primarily up to the flying public to stomp on the al Qaeda operatives when they try and explode their underwear. Talk is cheap, just do it.

/instead of wasting everybody’s time covering your ass with damage control on the TV, spend that time killing a few al Qaeda or at least trying to disrupt their networks and plots