Can You Hack It?

Calling all hackers, do you pack what it takes?

NSA is looking for a few good hackers

The National Security Agency has a challenge for hackers who think they’re hot stuff: Prove it by working on the “hardest problems on Earth.”

Computer hacker skills are in great demand in the U.S. government to fight the cyberwars that pose a growing national security threat — and they are in short supply.

For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.

The NSA is among the keen suitors. The spy agency plays offense and defense in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies.

See also:
NSA Wants to Hire Hackers at DefCon
US gov’t building hacker army for cyber war
U.S. government hankers for hackers
U.S. Federal Agencies Look to Hire Hackers at Defcon; Cyber Criminals Offer Services to the Public
US government agencies scouting for computer hackers: report
Federal Agencies to Recruit Hackers at Defcon
R u h4X0R? n33d @ jo8? NSA wants you (locked up in a cubicle, not a cell)
The NSA Wants More Hackers for Their ‘Collection of Geeks’
Welcome to the National Security Agency – NSA/CSS
National Security Agency
Defcon
DEF CON

Would you rather work for them or be hunted down by them? If you’re good enough, it probably pays pretty well and beats sitting in a prison cell.

/don’t forget to bring your white hat

Pushing The Cyberwarfare Envelope

A computer worm so sophisticated that it attacks specific targets in specific countries, gee I wonder who would be capable of developing something that advanced?

Stuxnet Compromise at Iranian Nuclear Plant May Be By Design

Iran has confirmed that more than 30,000 PCs have been infected by the Stuxnet worm in that country, including some at the Bushehr nuclear power plant. The nature of the Stuxnet worm and the infiltration of Iranian nuclear facilities has led to speculation about whether the worm was developed by the United States or its allies expressly for that purpose.

The Pentagon response to the implication is the standard cagey reply given for just about anything related to national security or military engagements. Fox News reports that, “Pentagon Spokesman Col. David Lapan said Monday the Department of Defense can “neither confirm nor deny” reports that it launched this attack.”

McAfee AVERT Labs has a thorough analysis of the Stuxnet worm which explains the threat in detail. “Stuxnet is a highly complex virus targeting Siemens’ SCADA software. The threat exploits a previously unpatched vulnerability in Siemens SIMATIC WinCC/STEP 7 (CVE-2010-2772) and four vulnerabilities in Microsoft Windows, two of which have been patched at this time (CVE-2010-2568, CVE-2010-2729). It also utilizes a rootkit to conceal its presence, as well as 2 different stolen digital certificates.”

Another interesting tidbit from McAfee supporting the speculation that Iran may have been the intended target of Stuxnet is that the initial discovery seemed to be primarily focused in the Middle East.

Speaking on the subject of whether the threat may have been specifically crafted for Iran, Randy Abrams, director of technical education at ESET said, “It appears that it is possible that Stuxnet may have been responsible for problems in Iran’s nuclear program over the past year, however that is speculation and it is unlikely that the Iranian government is going to say if that was the case. It is even possible that it was the case and they don’t know it.”

Abrams added, “It is entirely possible that Stuxnet was created by the United States working alone or in conjunction with allies. The fact that it is possible does not indicate it is true however. There have been a number of recent defections in Iran. It is also possible that this was an internal attack. There is still a legitimate question as to whether or not Iran was actually the target.”

See also:
Stuxnet Update
Iranian power plant infected by Stuxnet, allegedly undamaged
Iran admits Stuxnet worm infected PCs at nuclear reactor
Pentagon Silent on Iranian Nuke Virus
Stuxnet Worm Affects 30,000 Computers in Iran
Stuxnet worm assault on Iranian nuclear facilities’ computers may be Western cyber attack: experts
Computer worm infects Iran’s nuclear station
Stuxnet: Future of warfare? Or just lax security?
Stuxnet – a new age in cyber warfare says Eugene Kaspersky
Has the West declared cyber war on Iran?
Web virus aimed at nuclear work, says Tehran
Report: Stuxnet Worm Attacks Iran, Who is Behind It?
US, Israel behind cyber-attack on Iran?

Well, diplomacy sure as hell isn’t working and no one really wants to launch airstrikes against the Iranian nuclear facilities, especially fraidy cat Obama. So, maybe this is a third option, use the Iranians’ own computers to remotely destroy their nuclear related equipment, perfect, if it actually works. I know I’ve got my fingers crossed. Go U.S. or go Israel or go whoever is responsible for this brilliant plan!

/all your nuclear related computers are belong to us!

North Korea And Friends Want To Play Computer Games

I can only hope we’re winning this game and not playing nice while doing it.

U.S., South Korea Targeted in Swarm Of Internet Attacks

U.S. and South Korean authorities yesterday were investigating the source of attacks on at least 35 government and commercial Web sites in the two countries, officials said.

In the United States, the attacks primarily targeted Internet sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers. But The Washington Post’s site was also affected.

South Korea’s main spy agency, the National Intelligence Service, said in a statement that it thought the attacks were carried out “at the level of a certain organization or state” but did not elaborate. The South Korean news agency Yonhap and the JoongAng Daily, a major newspaper in Seoul, reported that intelligence officials had told South Korean lawmakers that North Korea or its sympathizers were prime suspects. A spokesman for the intelligence service said that it could not confirm the report.

The attacks were described as a “distributed denial of service,” a relatively unsophisticated form of hacking in which personal computers are commanded to overwhelm certain Web sites with a blizzard of data. The effort did not involve the theft of sensitive information or the disabling of crucial operational systems, government and security experts said. But they noted that it was widespread, resilient and aimed at government sites.

Earlier this year, a number of South Korean news organizations reported that North Korea was running a cyberwarfare unit targeting military networks in South Korea and the United States. And North Korea, along with other countries, is known to be looking into U.S. cybersecurity capabilities and vulnerabilities, said Daniel T. Kuehl, an expert on information warfare at National Defense University.

See also:
US and S Korea fall victim to cyber-attack
US officials eye North Korea in cyber attack
North Korea a suspect in cyber attacks in US
North Korea may be behind White House cyberattack
Cyber Attack Finds More Targets
The U.S.-South Korea Cyberattack: How Did It Happen?
How a Brute-Force Cyberattack Works
National Intelligence Service
National Intelligence Service (South Korea)
National Defense University
National Defense University
Why Are We Not Stomping North Korea’s Guts Out?

Gee, with all their belligerent shenanigans lately, you’d think North Korea was really anxious to get their asses kicked.

/the question is, will we oblige them?

Hacking Back At The Chinese And Russians, The White Hat Cavalry

Gates Creates Cyber-Defense Command

Defense Secretary Robert M. Gates issued an order yesterday establishing a command that will defend military networks against computer attacks and develop offensive cyber-weapons, but he also directed that the structure be ready to help safeguard civilian systems.

In a memo to senior military leaders, Gates said he will recommend that President Obama designate that the new command be led by the director of the National Security Agency, the world’s largest electronic intelligence-gathering agency. The current NSA director, Lt. Gen. Keith B. Alexander, is expected to be awarded a fourth star and to lead the cyber-command.

Gates or his deputy had been expected to announce the command in a speech a week ago. Analysts said making the announcement by memo is in keeping with the Pentagon’s effort to tamp down concerns that the Defense Department and the NSA will dominate efforts to protect the nation’s computer networks.

“Is it going to be the dominant player by default because the Department of Homeland Security is weak and this new unit will be strong?” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “That’s a legitimate question, and I think DoD will resist having that happen. But there are issues of authorities that haven’t been cleared up. What authorities does DoD have to do things outside the dot-mil space?”

The command will be set up as part of the U.S. Strategic Command, which is responsible for commanding operations in nuclear and computer warfare. Gates directed that the command be launched by this October and be fully operational by October 2010.

In a speech last week, Deputy Defense Secretary William Lynn stressed that the command’s mission would be to defend military networks. However, he said, “it would be inefficient — indeed, irresponsible — to not somehow leverage the unrivaled technical expertise and talent that resides at the National Security Agency” to protect the federal civilian networks, as long as it is done in a way that protects civil liberties.

See also:
Military Command Is Created for Cyber Security
Pentagon approves creation of cyber command
Defense Secretary Orders Cyberspace Command
Gates approves creation of new cyber command
US Creates Military Cyber Command to Defend Computer Networks
Pentagon: New cyber command focuses on military network
US sets up anti-computer-hacking unit
Cyberspace: The New Battlefield
Welcome to the National Security Agency – NSA/CSS
National Security Agency
National Security Agency
U.S. Strategic Command
Strategic Command
United States Strategic Command
Air Force Cyber Command
Air Force Cyber Command (Provisional)
Navy Cyber Defense Operations Command (NCDOC)
Welcome to Fort George G. Meade
Fort George G. Meade
Center for Strategic and International Studies ( CSIS )
Center for Strategic and International Studies

/since you insist on [expletive deleted] with our networks, we’ll [expletive deleted] with yours, and we’re better at it

One Leg Of Our Nuclear Triad Almost Lost In A Fogbank

For want of polystyrene foam, albeit highly specialized polystyrene foam . . .

Nuclear-Warhead Upgrade Delayed; Government Labs Forgot How to Make Parts

The Department of Defense and the National Nuclear Security Administration had to wait more than a year to refurbish aging nuclear warheads — partly because they had forgotten how to make a crucial component, a government report states.

Regarding a classified material codenamed “Fogbank,” a Government Accountability Office report released this month states that “NNSA had lost knowledge of how to manufacture the material because it had kept few records of the process when the material was made in the 1980s and almost all staff with expertise on production had retired or left the agency.”

So the effort to refurbish and upgrade W76 warheads, which top the U.S. Navy’s (and the British Royal Navy’s) submarine-launched Trident missiles, had to be put on hold while experts scoured old records and finally figured out how to manufacture the stuff once again.

According to the Sunday Herald of Glasgow, Scotland, Fogbank is “thought by some weapons experts to be a foam used between the fission and fusion stages of a thermonuclear [hydrogen] bomb.”

The National Nuclear Security Administration is a semi-autonomous agency within the Department of Energy. It is responsible for the manufacture and upkeep of the nation’s nuclear weapons.

A new facility was built at the Y-12 National Security Complex near Oak Ridge, Tenn., to begin production of Fogbank once again, but was delayed by poor planning, cost overruns and an failed effort to find an alternative to Fogbank.

Refurbished W76 Warhead Enters U.S. Nuclear Weapon Stockpile

The first refurbished W76 nuclear warhead has been accepted into the U.S. nuclear weapon stockpile by the Navy, according to a senior official at the Department of Energy’s National Nuclear Security Administration (NNSA). This culminates a ten year effort to ensure that the aging warhead, already years beyond its original intended life, can continue to be a reliable part of the U.S. nuclear deterrent.

“This is another great example of the unsurpassed expertise throughout NNSA’s national security enterprise,” said William Ostendorff, NNSA’s principal deputy administrator. “It becomes more and more challenging each time we extend the life of our nuclear weapons. I am proud that our dedicated scientists and engineers were able to once again meet this unique responsibility.”

Most nuclear weapons in the U.S. stockpile were produced anywhere from 30 to 40 years ago, and no new nuclear weapons have been produced since the end of the Cold War. Integrated into the Department of the Navy’s Trident II “D5” Strategic Weapon System, the first W76 entered the stockpile in 1978.

Of course, this is just a symptom of a much larger problem, all our nuclear warheads are many decades old and their reliability is becoming a serious issue.

Sure, the DOD and DOE have been pushing inventory modernization and replacement for what seems like forever, but guess what? The Democrats have blocked it every step of the way. And, rest assured, Obama doesn’t want anything to do with anything that contains the word nuclear, not nuclear power plants and especially not nuclear weapons. No Nukes . . . For US

See also:
How the US forgot how to make Trident missiles
Audit: Problems at Y-12
NNSA and DOD Need to More Effectively Manage the Stockpile Life Extension Program
Trident missiles delayed by mystery ingredient
Teller-Ulam design
W76-0/Mk4 / W76-1/Mk4A
Trident II D-5 Fleet Ballistic Missile
SSBN-726 Ohio-Class FBM Submarines
Y-12 National Security Complex
National Nuclear Security Administration
Department of Energy
Department of Defense
Government Accountability Office

The bottom line is that the United States needs to get serious as to whether or not it wants to maintain a credible nuclear deterrent, the kind of nuclear deterrent that has prevented a thermonuclear exchange for over 60 years now. Yes, this country has other issues and problems that weigh more heavily at the average citizen’s kitchen table.

/just remember, without national security we have absolutely nothing and all the rest means diddley squat