Aid And Comfort To The Enemy

Let’s see, China launches cyberattacks and conducts internet espionage against the United States 24/7/365 and our U.S. Department of Homeland Security is warning China about their vulnerabilities? WTF?

China’s Infrastructure Vulnerable to Cyber Attack

Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security.

The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.

See also:
SCADA Vulnerabilities Patched in Two Industrial Control Software from China
Chinese Weapon Systems Vulnerable To SCADA Hack
US warns China software risk to public infrastructure
US Warns of Problems in Chinese SCADA Software
Software bugs discovered in Chinese-made applications
China’s weapons systems have exploitable software bugs
Department Of Homeland Security Cites China Vulnerability
Exclusive: China software bug makes infrastructure vulnerable
US reveals Stuxnet-style vuln in Chinese SCADA ‘ware
Critical vulnerability in industrial control software

China is not our friend, why are we feeding the hand that bites us? Why aren’t we keeping these discovered Chinese vulnerabilities to ourselves in case we might actually need to use them in the event of escalated hostilities with China?

/and just when did the DHS become the CDHS, Chinese Department of Homeland Security, protecting the homeland of a hostile country?

Advertisements

When Do We Attack China?

This is a pretty bold threat, seeing as how the United States’ government, infrastructure, corporations, and individuals are being seriously cyberattacked ever second of every day.

Cyber Combat: Act of War

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.

The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.

See also:
Pentagon warns that cyber-attacks will be seen as ‘acts of war’
US Pentagon to treat cyber-attacks as ‘acts of war’
‘Cyber attacks are an act of war’: Pentagon to announce new rules of engagement against state sponsored hackers
US could respond to cyber-attack with conventional weapons
U.S. Government Says Cyber Attacks May Be Acts of War
Pentagon: Computer hacking can constitute an act of war
U.S. will treat cyber-attacks as act of war
Get Your Cyber War On
Acts of War in the Computer Age
The cyber arms race
Matt Gurney: U.S. military says a cyber attack means war. But with who?
The Pentagon Is Confused About How to Fight a Cyber War

So, with all the thousands of state sponsored cyberattacks unfolding 24/7/365, who are we going to attack first, China, Russia? There’s plenty of the usual suspects probing the United States’ cyberdefenses constantly, it’s hard to choose just one culprit. And what if we get the source of a cyberattack wrong? The exact origin of most of these exploits is extremely difficult to pin down. What if we mistakenly launch a missile strike on China for hacking damage that was actually caused by the Russian Mafia, how cool would that be? Probably not very cool at all.

/and, of course, when we announce a brinkmanship policy like this, and then immediately fail to back up our words with deeds, it become much more than just a joke, it manifests a profound, telltale show of national weakness

Running On Empty

Actually, we’re running beyond empty now. The United States can’t legally borrow any more money until Congress acts to raise the debt ceiling.

US government hits debt ceiling, lighting 11-week fuse

Treasury Secretary Timothy Geithner informed Congress on Monday that the United States has reached its legal debt limit, setting off a ticking time bomb that could explode in less than three months if lawmakers can’t bridge differences and allow more government borrowing.

In hitting the $14.3 trillion debt ceiling – the limit on how much the government can borrow – the Obama administration on Monday began temporarily halting payments to the retirement and federal pension accounts of federal workers and started borrowing from those funds, to be restored later.

Geithner sent a letter to Senate Majority Leader Harry Reid, D-Nev., warning that the government can move money around for about 11 weeks but if a new debt ceiling isn’t agreed to by Aug. 2, the U.S. government could effectively default on its obligations to its creditors. He warned of “catastrophic economic consequences for citizens” unless Congress raises the debt ceiling.

An increase of about $2 trillion is expected, enough to get the issue past the 2012 elections before Congress would have to lift it again.

Republicans who control the House of Representatives vow to link raising the debt ceiling to cuts in government spending of at least equal measure. In a combative statement Monday, House Speaker John Boehner, R-Ohio, upped the ante.

“As I have said numerous times, there will be no debt limit increase without serious budget reforms and significant spending cuts, cuts that are greater than any increase in the debt limit.” Boehner has called previously for $2 trillion in spending cuts as part of any deal to raise the debt ceiling.

See also:
US hits $14 trillion debt limit
US Hits Debt Ceiling, But Treasury Market Rules Out Default For Now
Deja Vu, But No Disaster: U.S. Government Hits Debt Ceiling
U.S. Hits Debt Limit, Sky Doesn’t Fall
U.S. hit debt limit today
Treasury Tapping Federal Retirement Accounts to Stave Off Default
Turbo Tim Raids Pension Plans
With Debt Limit Maxed Out, Lawmakers Hold Firm On Remedy
Rep. Jordan: U.S. won’t default if debt ceiling isn’t raised
U.S. National Debt Clock

Well, we hit the debt ceiling and, despite all the Democrat Chicken Little hysteria, the Sun didn’t explode, the seas didn’t boil, and the markets didn’t plunge thousands of points. Go figure.

/all I can say is that the Republicans had better stand firm and hold their ground this time and hold out for concrete, verifiable spending cuts that at least equal the amount of any debt limit increase

Do You Own A Sony HackStation?

You’ve probably already noticed that your Sony PlayStation won’t connect to the online network, but do you know that hackers probably stole all your personal data, including your credit card number, too?

User data stolen in Sony PlayStation Network hack attack

Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony’s related Qriocity network.

See also:
Sony Warns Online Hacker May Have Stolen Credit Card Data
Sony’s PlayStation Network and Qriocity hacked
77million PlayStation accounts hacked
Breach at Sony may include profiles
Massive data breach suspected in Sony PlayStation hacker attack
Sony: Card details may be compromised
Millions of PlayStation user’s information hacked
PlayStation Network hacked, data stolen: how badly is Sony hurt?
Sony’s PlayStation Network Hacked, User Data Stolen
Sony Explains Delayed Response to Hacked PSN Accounts
Sony’s PlayStation Network Is Hacked

With 77 million potential victims, this could wind up being the largest data theft in history. If you own a PlaySyation, make sure you keep an eye on your credit card account for any unusual activity and change your passwords and probably as much other PlayStation Network account information as you can as soon as the system goes back online.

/and watch out for phishing attacks, if Sony contacts you, make damn sure it’s actually Sony

A Tragedy Of Errors

What a shame, the CIA was warned ahead of time. Heads should roll, but no one is being punished. Since Leon Panetta can’t bring himself to mete out any discipline for seven preventable deaths, he should at least lead by example and resign.

CIA ‘was warned about bomber of Afghan base’

An internal inquiry into the attack at the Khost base on December 30, which caused the CIA’s worst loss of life in 27 years, found a string of communications breakdowns, Leon Panetta, the director of the agency, said yesterday.

Most notably it discovered that a US agent in Amman, the Jordanian capital, was given a warning by a Jordanian intelligence officer about the bomber, Humam Khalil Abu-Mulal al-Balawi.

However, he dismissed the tip-off because he suspected the Jordanian officer was acting out of jealousy of a colleague’s close relationship with Balawi, the inquiry found.

Balawai, 36, was introduced to the US by Jordanian intelligence after pretending to be an al-Qaeda defector willing to co-operate. He supplied the Americans with information from Pakistan and eventually a meeting at the base was arranged.

After being taken inside the base, however, he detonated a suicide vest while standing among a group of CIA officers.

The CIA inquiry found there had been serious security lapses at the base, Mr Panetta said. Balawi was not screened at the perimeter, and the large group of officers gathered to greet him because he was considered a reliable source.

The Jordanian officer even warned the American that Balawi “may be trying to lure us into an ambush,” Mr Panetta said.

The report also found that Balawai had not been sufficiently vetted from the start and that agency staff at the base lacked experience of working in war zones.

. . .

Mr Panetta said that he would not fire or discipline any officials involved, including the agent in Jordan who did not pass on the warning about Balawi.

See also:
Message from the Director: Lessons from Khowst
CIA Finds Widespread Security ‘Shortcomings’ Led to Afghan Attack That Killed 7 Agents
CIA admits errors led to Afghanistan bombing
US spies failed to vet insider who bombed Afghan base
Report: Key information on CIA base bomber wasn’t relayed
CIA acknowledges “missteps” led to officers’ deaths
Bomber who killed seven at CIA base ‘was not vetted’
CIA officer failed to warn bosses before Afghan base attack
Jordan Warned CIA About Bomber Of Afghan Base – Official
CIA Releases Report on Deadly Afghanistan Bombing
CIA Didn’t Vet Double-Crossing Suicide BomberBad OPSEC

Well, hopefully the CIA has learned some valuable lessons from this incident so that nothing like it ever happens again.

/however, with Panetta in charge, I’m skeptical