Can You Hack It?

Calling all hackers, do you pack what it takes?

NSA is looking for a few good hackers

The National Security Agency has a challenge for hackers who think they’re hot stuff: Prove it by working on the “hardest problems on Earth.”

Computer hacker skills are in great demand in the U.S. government to fight the cyberwars that pose a growing national security threat — and they are in short supply.

For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.

The NSA is among the keen suitors. The spy agency plays offense and defense in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies.

See also:
NSA Wants to Hire Hackers at DefCon
US gov’t building hacker army for cyber war
U.S. government hankers for hackers
U.S. Federal Agencies Look to Hire Hackers at Defcon; Cyber Criminals Offer Services to the Public
US government agencies scouting for computer hackers: report
Federal Agencies to Recruit Hackers at Defcon
R u h4X0R? n33d @ jo8? NSA wants you (locked up in a cubicle, not a cell)
The NSA Wants More Hackers for Their ‘Collection of Geeks’
Welcome to the National Security Agency – NSA/CSS
National Security Agency
Defcon
DEF CON

Would you rather work for them or be hunted down by them? If you’re good enough, it probably pays pretty well and beats sitting in a prison cell.

/don’t forget to bring your white hat

Is Our Back Door Open?

Gee, I wonder which computer component manufacturing country might be responsible for this? Hmmm, let me think.

(you might want to skip to 51:47)

U.S. Suspects Contaminated Foreign-Made Components Threaten Cyber Security

Some foreign-made computer components are being manufactured to make it easier to launch cyber attacks on U.S. companies and consumers, a security official at the the Department of Homeland Security said.

“I am aware of instances where that has happened,” said Greg Schaffer, who is the Acting Deputy Undersecretary National Protection and Programs Director at the DHS.

Schaffer did not say where specifically these components are coming from or elaborate on how they could be manufactured in such a way as to facilitate a cyber attack.

But Schaffer’s comment confirms that the U.S. government believes some electronics manufacturers have included parts in products that could make U.S. consumers and corporations more vulnerable to targeted cyber attacks.

A device tampered with prior to distribution or sale could act as a “Trojan horse” in the opening wave of an international cyberwar. Contaminated products could be used to jeopardize the entire network.

See also:
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
Tomorrow’s cyberwarfare may be carried out by pre-infected electronics: DHS
Malware Comes with Many Gadgets, Homeland Security Admits
Supply chain security – DHS finds imported software and hardware contain attack tools
U.S. official says pre-infected computer tech entering country
Homeland Security Admits Hidden Malware in Foreign-Made Devices
Homeland Security Finds Your Electronic Device Poses Risks?
Threat of destructive coding on foreign-manufactured technology is real
Homeland Security Official: Some Foreign-Made Electronics Compromise Cybersecurity
White House’s Cyberspace Policy Review (PDF)

So, Mr. Schaffer “did not say where specifically these components are coming from.” Well, here, let me help, it’s obviously China. There, how hard was that? The next question is, what are we doing about it?

Our national power grid, electronics infrastructure, you name it, very few of the critical components are manufactured in the U.S. anymore and if there exists a series of back doors, enabling a hostile country, like China, to preemptively take it all down at once, we’re in serious, catastrophic trouble territory, so far up the proverbial [expletive deleted] creek without a paddle we’re no longer visible. And we’d be down for the count too, because we don’t have the U.S. manufacturing capability to pick ourselves up off the canvas

/the end game scenario this revelation portends would make Pearl Harbor look like a sorority pillow fight

Aid And Comfort To The Enemy

Let’s see, China launches cyberattacks and conducts internet espionage against the United States 24/7/365 and our U.S. Department of Homeland Security is warning China about their vulnerabilities? WTF?

China’s Infrastructure Vulnerable to Cyber Attack

Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security.

The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.

See also:
SCADA Vulnerabilities Patched in Two Industrial Control Software from China
Chinese Weapon Systems Vulnerable To SCADA Hack
US warns China software risk to public infrastructure
US Warns of Problems in Chinese SCADA Software
Software bugs discovered in Chinese-made applications
China’s weapons systems have exploitable software bugs
Department Of Homeland Security Cites China Vulnerability
Exclusive: China software bug makes infrastructure vulnerable
US reveals Stuxnet-style vuln in Chinese SCADA ‘ware
Critical vulnerability in industrial control software

China is not our friend, why are we feeding the hand that bites us? Why aren’t we keeping these discovered Chinese vulnerabilities to ourselves in case we might actually need to use them in the event of escalated hostilities with China?

/and just when did the DHS become the CDHS, Chinese Department of Homeland Security, protecting the homeland of a hostile country?

Mexican Pirates In Texas?

Welcome to Homeland Security in the age of Obama and Janet Napolitano.

Pirates plying the waves of Falcon Lake

Heavily armed Mexican freshwater pirates have been shaking down U.S. boaters on Falcon Lake, a reservoir and bass fishing haven that straddles the Rio Grande.
At least three such incidents have been reported since April 30, the latest on Sunday, according to a Texas Department of Public Safety warning issued Tuesday that linked the muggings to northern Mexico’s increasing lawlessness.

According to descriptions of the incidents, the robbers — in at least one case posing as Mexican federal law enforcement officers — searched fishermen’s boats for guns and drugs, then demanded cash at gunpoint.

One of the incidents reportedly occurred on the U.S. side of the lake.

“The robbers are believed to be members of a drug trafficking organization or members of an enforcer group linked to a drug trafficking organization who are … using AK-47s or AR-15 rifles to threaten their victims,” the DPS statement said. “They appear to be using local Mexican fishermen to operate the boats to get close to American fishermen.”

See also:
Pirates terrorize boaters on Texas lake
Cartel Pirates Sailing Falcon Lake, Tx.
Falcon Lake Pirates
DPS warning: Pirates shaking down Falcon Lake boaters
Law Enforcement Agencies Urging Caution on Falcon Lake 5/18/10
Fishermen warned of armed robberies at Falcon Lake
DPS warns about ‘pirate’ attacks on fisherman
Fishermen warned about Falcon Lake dangers
Zapata officials say U.S. side of lake is safe

Who needs secure borders anyway?

/nothing to see here, move along, don’t worry, the country is in the very best of hands

Department Of Homeland Firearms Insecurity

Brought to you by the people in charge of keeping us safe.

DHS officers lost guns in restrooms, bowling alleys, cars

In the first such accounting, Homeland Security officers lost nearly 200 weapons in bowling alleys, restrooms, unlocked cars and other unsecure areas from fall 2005 through 2008, USA TODAY’s Thomas Frank reports. At least 15 guns ended up in the hands of gang members, criminals, drug users and teenagers.

The report, by Inspector General Richard Skinner, said most weapons were never found. They included hand guns, shotguns and military rifles.

He documented 289 missing firearms, though some were lost after Hurricane Katrina and others were stolen from safes.

DHS has disciplined some offenders and beefed up training.

CNN writes that 179 guns — 74% of the total — were lost “because officers did not properly secure them,” the report said

Read the IG report:

DHS Controls Over Firearms

See also:
Homeland Security reports losing guns
Report: Officers lose 243 Homeland Security guns
Report tracks lost firearms at DHS
Homeland Security Lost Dozens of Guns, According to Internal Report
Homeland Security fails to secure its guns
Homeland Security Officers Lost Hundreds of Firearms
Homeland Security loses 243 guns, report says
Do DHS agents know where their guns are?
Homeland Security Agents Keep Losing Their Guns

Well hey, I feel safe, don’t you?

/don’t worry, the country is in the very best of hands

The Cyberwar Rages 24/7

Corporations’ cyber security under widespread attack, survey finds

Around the world, corporations’ computer networks and control systems are under “repeated cyberattack, often from high-level adversaries like foreign nation-states,” according to a new global survey of information technology executives.

The attacks include run-of-the-mill viruses and other “malware” that routinely strike corporate defenses, but also actions by “high-level” adversaries such as “organized crime, terrorists, or nation states,” a first-time global survey by the Center for Strategic and International Studies (CSIS) in Washington has found. More than half of the 600 IT managers surveyed, who operate critical infrastructure in 14 countries, reported that their systems have been hit by such “high-level” attacks, the survey concludes.

A large majority, 59 percent, said they believed that foreign governments or their affiliates had already been involved in such attacks or in efforts to infiltrate important infrastructure – such as refineries, electric utilities, and banks – in their countries.

Such attacks, the survey said, include sophisticated denial-of-service attacks, in which an attacker tries to so overwhelm a corporate network with requests that the network grinds to a halt.

But they also include efforts to infiltrate a company. Fifty-four percent of the IT executives said their companies’ networks had been targets of stealth attacks in which infiltration was the intent. In two-thirds of those cases, the IT managers surveyed said company operations had been harmed.

The IT managers also believed that these “stealthy” attacks were conducted by “nation states” targeting their proprietary data, says the survey’s main author, CSIS fellow Stewart Baker, in a phone interview. Mr. Baker is a cybersecurity expert formerly with the Department of Homeland Security and National Security Agency.

“It’s all the same kind of stuff – spear-phishing, malware, taking over the network and downloading-whatever-you-want kind of attack,” he says. “Over half of these executives believe they’ve been attacked with the kind of sophistication you’d expect from a nation state.”

The CSIS report describes such attacks as “stealthy infiltration” of a company’s networks by “a high-level adversary” akin to a “GhostNet,” or large spy ring featuring “individualized malware attacks that enabled hackers to infiltrate, control and download large amounts of data from computer networks.” The GhostNet attacks, which Canadian researchers attributed to Chinese state-run agencies, bear similarities to recent attacks on Google and other high-tech companies, Baker says. Google attributed attacks on it to entities in China.

Read the report:
In the Crossfire: Critical Infrastructure in the Age of Cyber War

See also:
In the Crossfire: Critical Infrastructure in the Age of Cyber War
Report: Critical Infrastructures Under Constant Cyberattack Globally
Utilities, Refineries and Banks Are Victims of Cyber Attacks, Report Says
Critical Infrastructure under Siege from Cyber Attacks
Critical Infrastructure Vulnerable To Attack
Critical Infrastructure Security a Mixed Bag, Report Finds
Report shows cyberattacks rampant; execs concerned
Key infrastructure often cyberattack target: survey
Critical infrastructure execs fear China
SCADA system, critical infrastructure security lacking, survey finds

Ironically, the more dependent we become on interconnected network technology, the more vulnerable we become too.

/so keep your fingers crossed and your computers patched against hacking and intrusion, at least you can do your part to avoid being part of the problem

Fighting Al Qaeda With Words On Paper And TV Talking Points

A true team effort at CYA damage control if there ever was one. Nine pages of PDF and a half hour of talking later . . . are we any safer?


Remarks by the President on Strengthening Intelligence and Aviation Security


Briefing by Homeland Security Secretary Napolitano, Assistant to the President for Counterterrorism and Homeland Security Brennan, and Press Secretary Gibbs

Summary of the White House Review of the December 25, 2009 Attempted Terrorist Attack

Attempted Terrorist Attack on December 25, 2009: Intelligence, Screening, and Watchlisting System Corrective Actions

Obama Orders Security Fix

President Barack Obama ordered his top intelligence chiefs Thursday to patch gaps in the way terrorism intelligence is distributed, analyzed and checked against watch lists used to identify potential attackers bound for the U.S.

It was his strongest and most detailed response to the Christmas Day attempt to blow up an airliner bound for Detroit. “We are at war,” the president said. “We are at war with al Qaeda.”

The White House also released details on how the alleged suspect, Umar Farouk Abdulmutallab, slipped through the intelligence net, used cash to purchase a one-way ticket and, carrying a bomb sewn into his underwear, boarded a Northwest Airlines flight with almost 300 passengers and crew.

A “series of human errors” included the “delayed dissemination of a finished intelligence report” that might have helped intelligence analysts connect the dots and prevent the attempted bombing, according to an unclassified version of the White House review of the attempted Christmas attack. The “finished report,” prepared by the Central Intelligence Agency, contained background on Mr. Abdulmutallab, officials said.

See also:
U.S. was more focused on al-Qaeda’s plans abroad than for homeland, report on airline bomb plot finds
Obama Releases Security Review of Attempted Bombing
White House releases intelligence review of attempted Christmas attack
Travelers react to Obama’s security review
Obama Orders Improvements in Security Policies
U.S. learned intelligence on airline attack suspect while he was en route
John Brennan: We failed on Christmas Day terrorist intelligence
What Surprised Brennan, Napolitano In Wake of Flight 253 Attack
The Daily Wrap: What We Learned About the Intelligence Failure
Factbox: Christmas Day bombing plot: Who knew what, when?

Personally, releasing nine pages of reports to the public and putting the Three Stooges on the TV to apologize and make excuses, while entertaining, doesn’t impress or reassure me and certainly does nothing to make Americans any safer. Until the government can actually keep terrorists off of commercial aircraft, it’ll still be primarily up to the flying public to stomp on the al Qaeda operatives when they try and explode their underwear. Talk is cheap, just do it.

/instead of wasting everybody’s time covering your ass with damage control on the TV, spend that time killing a few al Qaeda or at least trying to disrupt their networks and plots

Looking Forward To 2010

/Michael Ramirez

And You Think The TSA Sucks Now?

No unions for air safety workers

As 2009 comes to a blessed close, let us pause and give thanks to Sen. Jim DeMint, the South Carolina Republican who placed a legislative hold on President Obama’s nomination of Erroll Southers to head the Transportation Security Administration. DeMint won’t withdraw his hold until Southers answers a simple question — does he think TSA employees should be allowed to collectively bargain with the government on workplace rules and procedures? To date, Southers has declined to give a definitive response to DeMint’s question, even though it’s importance was highlighted by the attempted Christmas Day massacre of nearly 300 people aboard Northwest Airlines Flight 253 by Umar Farouk Abdulmutallab. The 23-year-old Nigerian Muslim terrorist boarded the Detroit-bound flight despite having explosives sewn into his knickers.

Southers’ silence hasn’t prevented others from greeting his nomination warmly, most notably John Gage, president of the American Federation of Government Employees. When Southers nomination was announced by the Obama White House, Gage said “the question of bargaining rights at TSA is not a matter of ‘if’ but ‘when.’ We are confident that the appointment of Mr. Southers as administrator will help put that matter to bed.”

Southers’ immediate boss as TSA administrator would be Department of Homeland Security Secretary Janet Napolitano, who is an enthusiastic supporter of collective bargaining for government employees in her department. When asked about this recently by DeMint during a Senate hearing, Napolitano responded “I do not think security and collective bargaining are mutually exclusive, nor do I think that collective bargaining cannot be accomplished by an agency, such as TSA, should the workers desire to be organized in such a fashion.”

These things should not have to be explained, but here are four common-sense reasons why collective bargaining would cripple the TSA:

á The TSA would lose its flexibility to move people and equipment and change protocols when it believes there is a terrorist threat to airliners.

á Collective bargaining would force TSA managers to share sensitive intelligence information with union negotiators every time new workplace procedures are needed, thus increasing the possibility of damaging leaks about those procedures.

á TSA managers would no longer be able to reward high-performing screeners or fire those unable or unwilling to perform their duties in an efficient manner. Being able to do so is critical to the TSA’s ability to defend American airline travelers against future terrorist attacks.

á Hundreds of TSA screeners would have to be diverted from the jobs they were hired to do in order to set up the negotiating infrastructure required by collective bargaining.

DeMint should keep his hold on Southers’ nomination in place until these issues are addressed in a public hearing.

See also:
DeMint blocks nomination of Obama’s TSA pick
Sen. DeMint Is Outraged That TSA Members Could Get Collective Bargaining Rights After Recent Terrorism Attempt on Airplane
Senate Democratic spokesman: Blocking of air safety chief ‘disgraceful’
Senate Majority Leader to Force Vote on Key TSA Nominee
Kristol: If Southers Matters, Recess Appoint Him
GOP Senator Says Dems Trying to Rush TSA Nominee
Sen. Harry Reid to force vote on TSA nominee
DeMint Defends Holding Up Confirmation of Erroll Southers as TSA Chief
Federal labor unions push back against senator’s TSA ‘hold’
Napolitano wants to unionize TSA employees despite safety concerns
Nomination of Southers for TSA becomes a union issue

Boy, am I sure glad I don’t need to fly regularly. I feel sorry for those of you who do.

/because, you know, TSA is so good now, you can bet they’ll be ten times better when they’re unionized with union work rules, just look at the auto industry!

Man Caused Disaster Calling

/Michael Ramirez