James Clapper: Islamic State could infiltrate U.S., West through migrants fleeing from Syria
- Get link
- Other Apps
America's top spy said Wednesday that U.S. intelligence officials have a "huge concern" about Islamic State's ability to infiltrate waves of Syrian war refugees flowing into Europe and potentially the United States as pressure mounts on Western nations to take in a growing number of people fleeing the conflict in ...
Hillary Clinton joked that Russian president Vladimir Putin’s ability to effectively decide when he was in office had a “certain attraction to it” during a question-and-answer session Wednesday at the Brookings Institution.
“I don’t admire very much about Mr. Putin, but the idea you could stand up and say, ‘I will be your next president,’ that does have a certain attraction to it,” Clinton said, drawing laughter from the audience.
Clinton leads Democratic polls in her second bid for the presidency, but in the wake of the private email scandal she just apologized for, she has seen her standing slip. Sen. Bernie Sanders (I., Vt.) has surged in the key early states of Iowa and New Hampshire and Vice President Joe Biden is strongly considering jumping into the race.
Clinton’s quip about Putin called to mind the Saturday Night Live impersonation of her as a power-hungry politician who insisted to “citizens” that “you will elect me, I will be your leader.”
Clinton made the remarks after her speech defending the Iran nuclear deal at Brookings. Part of the discussion delved into the “reset” she oversaw while secretary of state, which has been seen as a failure with the collapse of U.S.-Russian relations since President Obama took office. Besides the joke about Putin’s hold on power, she also spoke more seriously about Russia, according to Politico:
On a more serious note, Clinton said that she is “in the category of people who wanted to do more in reaction to the annexation of Crimea” last year. Russia’s objective “is to stymie, to confront, to undermine American power whenever and wherever they can,” she added in response to how the United States could control Putin’s aggression on the European continent.
Read the whole story
· · ·
I personally believe the NSA's systems for bulk surveillance represent a direct attack on the Internet and everyone who uses it. The mere presence of these systems is a threat to democracy, only mitigated by the intense level of professionalism demonstrated by the NSA (a subject for a future essay).
But at the same time, if I was in charge of the NSA I would have, without hesitation, built the same systems. These systems are reasonably easy to understand, as the underlying technology of Internet Surveillance is effectively equivalent to both Network Intrusion Detection (NIDS) and Chinese-style Internet censorship.
Why would I build them? For, simply put, this approach works for the NSA's objectives.
The idea behind Internet surveillance is not about looking for "needles in a haystack" but rather providing a capability to "pull threads": starting with some initial piece of interest, such as a phone number, a name, a keyword, a webpage visit, or a hunch, the analyst then seeks to follow the digital history. But for this flow to work, the systems must already bulk record all the history that may possibly matter.
The primary systems start with an initial filter, either performed by the cooperating ISP or the NSA's own equipment. This filter eliminates the large, uninteresting bulk flows, such as streaming videos, which occupy a huge amount of the network traffic but provide effectively no actionable intelligence. The rest gets ingested into the primary acquisition systems.
The data feed then goes into a load balancer, which spreads the traffic across a cluster of computers, with probably 10 machines for each 10 Gbps network connection. These systems perform an initial reassembly and decide whether it is another uninteresting bulk flow or deserves further analysis. Everything that passes this filter is both recorded (with a retention time of roughly 5 days) and passed through a "metadata" analysis pass.
The term "metadata" is both precise and misleading. It is misleading if one thinks of metadata underSmith v Maryland (the court decision that says phone metadata has less privacy protection because it is information freely given to the phone company): there is no expectation that the network would record or even care about this information. Instead, it is "content derived metadata", small pieces of information extracted from the network flow itself such as the subject of an email or who is the author of a Word document. Calling it "metadata" is only correct from a technical, not legal perspective.
The metadata-extraction process begins by reassembling the network traffic and applying code to generate metadata "fingerprints” . Some metadata is generic, such as "request is for this URL", "all HTTP headers in a request", "sender of an email", "this request is from an iPhone", or "this is avBulletin Private Message". Such fingerprints define generally useful information which may or may not be relevant for an analyst.
But the fingerprints can be more powerful, such as "does the email body contain one of these predefined keywords", "what is the username embedded in this particular website", "is there a reference to a .onion URL", "is there a message body encrypted with 'Mojahaden Secrets'?". The results of all these fingerprints goes into a MySQL database on the wiretap system.
In order to access this data, an analyst has a "federated search” interface: on a central site, the analyst specifies a query to run over the metadata stored on some or all of the wiretaps. This approach handles the "flood of data" problem, instead of moving all the data to the analyst, the analyst's searches go to the data.
Some data still ends up centralized. When the taps see particular tracking cookies (from advertisements or social networks), the presence seems to be recorded in a central "big data"datastore that retains data for a year. Another analysis process looks at usernames embedded in web pages, creating a mapping of "login cookie to user" for various sites. Finally this datastore also includes "cookie correlation", linking tracking and login cookies: if two different cookies (such as ones from Yahoo and Double-click) are seen from the same system as part of the same pageview, the database records that the two tracking cookies refer to the same browser. This database effectively acts as a global identification and tracking system: for every user, what IPs did they use at what time and what are their tracking cookies.
Finally, the NSA systems supports "attack by name". The analyst can specify a target's tracking cookies and, when a different wiretap sees a request, this special tap arranges for another computer to "shoot" an exploit into the target's traffic, directly compromising the target.
This approach works. For example, finding all Jihobbiests is a single-query away: "Show all vBulletin private messages with a Mojahaden Secrets encrypted payload". The analyst can then access the "full take" for any given address to understand a target's activity, such as retrieving email sent from the target’s computer or viewing his web surfing. This can also help find an associated tracking cookie, which is a thread of information which reveals the target’s address usage history. If the target failed to use a VPN, this now gives the target’s movements around the world.
Perhaps the most powerful option is for the analyst to create another fingerprint rule, which the analyst can apply to both future traffic and all previously recoded traffic. So, for example, extract all Microsoft Office documents authored by the target, no matter where they were seen in the world.
The uses extend way beyond terrorism. It was this basic flow, used to identify and then exploit network administrators, that enabled the NSA and GCHQ to penetrate Belgacom. The same flow, with a fingerprint for trade related keywords in email bodies, allowed New Zealand's GCSB tointercept WTO vote-related emails. And it enabled a chat-room intercept of an Anonymous member, indicating a URL visit, to identify that person, find their Facebook account, and map their online activities. On a more theoretical level, it almost certainly enabled the NSA to know the perpetrators behind the Sony hack, and offers a unique ability to analyze communication networks encrypted with PGP.
From a pure effectiveness viewpoint, I can’t think of a better concept. It enables attributing traffic to individuals, efficiently isolating any items of interest, following threads of information, retrospective analysis, and targeted exploitation. The biggest problem from an effectiveness standpoint is probably secrecy. The NSA's flow could easily support many more US government interests if this flow (and therefore effectively all derived data) wasn't segregated into TS//SCI compartments.
Unfortunately, there exists a huge flaw: it is not particularly difficult to implement. Any foreign power that can install a tap can run this style of analysis. In my next article, I'll discuss my own experience building a hobby version of an NSA-style surveillance suite, and thus why the US needs to take the lead in "going dark": protecting network traffic against bulk surveillance and targeted attack. For others can do unto us as we have already done unto them.
Read the whole story
· · · ·
Why Are Universities Hacked? by Carrie Cordero
The Los Angeles Times reports that information concerning 80,000 students across eight Cal State campuses who took a mandatory online course on sexual harassment, which was provided by an outside vendor, was allegedly hacked. According to the report:
Information such as passwords used to log into the class, as well as sign-in names, campus-issued email addresses, gender, race, relationship status and sexual identity were exposed.Personally identifying information such as Social Security, credit card and driver's license numbers was not compromised…[.]
Cal State is not alone in being a major university targeted by hackers. Not even close. Earlier this summer I started keeping track of universities that had been victims of cyberattack and/or experienced data breaches. According to my unofficial, very preliminary (and still in progress) accounting based on press reports, over 40 colleges and universities have suffered breaches of confidential information in the past three years. The true number is likely much, much higher. The data stolen, and in some cases publicly exposed, includes information belonging to students, faculty, employees and even applicants.
The Cal State case highlights risks faced by academic institutions and nearly any other largeorganization that relies on vendors to provide services.
A few other recent examples demonstrate the variety and breadth of exposure that universities face:
- Penn State has been the victim of multiple sophisticated cyberattacks. According to a May 2015message from the university president that describes two attacks directed at its School of Engineering, Penn State was first notified by the FBI, and press reports attribute the attacks to China. The university’s College of Liberal Arts has also been targeted. The clean-up efforts involved disruption to campus technology services.
- Harvard has also experienced “an intrusion” on its systems, although attribution and the details of whether personal information has been exposed are unclear. Harvard was also one of many schools that were targeted by hacktivist group Team Ghostshell in 2012, which released student and employee data.
- Auburn experienced a particularly unusual data breach, apparently a result of a technical problem, not a malicious hack. Auburn had purchased the standardized test scores of high school students for marketing and outreach purposes. Personal information regarding those individuals – over 360,000 - was inadvertently publicly exposed on the university’s website.
So why are universities targeted or otherwise at risk for inadvertent data breaches? I think there are at least a few reasons:
One, universities collect and retain a lot of data about a lot of people: personally identifying information such as social security numbers, addresses, and email addresses. Student information also includes education information that is protected by federal statute. For employees, perhaps additional financial information such as retirement account numbers and bank account numbers. Perhaps student and employee health information. And for universities that operate medical and hospital systems, all of the accompanying personal health information that goes with that territory and is subject to a heightened regulatory environment.
Universities also do research. Some of that research may be U.S. government-funded. It may even be classified. Some of it may be scientific, cutting-edge, or otherwise interesting to foreign nations from an economic, intellectual property or international relations perspective.
Two, their information technology infrastructure and leadership structure may be university-centered, lessening the accountability for leaders and managers in the individual colleges, campuses or schools. If a school’s information technology system is controlled by and managed at the university level, then the individual information management and school leadership is likely to have both lessvisibility, as well as less responsibility for the protection of information for their particular student, faculty, employee and applicant information. Because of their decentralized leadership structure, as well as, in many academic environments, a tradition that includes governance by committees, I believe that universities face particular challenges in taking charge of evaluating their cybersecurity exposure and plans.
Three, universities are extremely budget conscious. Higher education is pinched by continually expanding costs and the need to control tuition. Universities at the higher end of academic standards for admission compete for qualified students, including students who can afford tuition that is out of reach of many students and families. Spending money on outside consulting, legal and technical support to put in place appropriate detection systems and meaningful incident response plans is often not a priority. There is likely a perception that not many young adults are really going to decide where to go to college based on the quality of a school’s information technology security and privacy practices.
Then again, maybe that's not so outrageous a suggestion after all. It goes without saying that today’s college and graduate students are sophisticated users of technology. And while perhaps they may not make a decision to enroll based on the quality of a school’s incident response plan and information technology practices, they may very well factor in a school’s technological sophistication and use of technology in teaching and learning in deciding where to enroll. A school that experiences a significant data breach may be forced to significantly interrupt faculty and student use of technology systems such as e-mail, data storage and course websites, while it cleans up the mess. When put in the context of the disruption that data breach may cause to the daily business of learning and teaching, universities might consider becoming more proactive in their approach to preventing, detecting and responding to data breaches.
Read the whole story
· · · ·
The chair of a council of prominent military leaders argued in testimony on Capitol Hill Wednesday that the Iranian nuclear deal could encourage U.S. allies in the Middle East to align themselves with other world powers such as Russia or China.
Retired Air Force Gen. Chuck Wald, who co-chairs the Iran Strategy Council at the Jewish Institute for National Security Affairs, testified before the House Committee on Foreign Affairs on the implications of the nuclear agreement being pushed by the Obama administration.
Wald, who served as deputy commander of United States European Command, explained that the agreement “undermines U.S. credibility” from the perspective of both allies and enemies in the Middle East by making U.S. commitment to alliances appear “weakened.”
This in turn, Wald said, could prompt allies to “seek protection elsewhere” and enemies to “feel emboldened” against the United States.
“Some U.S. allies have made clear they believe this deal will not prevent a nuclear Iran and, that by proceeding with the [agreement], the United States is disrupting the regional balance of power and endangering them,” Wald said. “Other regional partners have noted that the deal empowers Iran to redouble its destabilizing regional activities, making the Middle East a more dangerous place. ”
“There is anger—even a sense of betrayal—among U.S. allies in the region,” the retired general added, pointing to expressions of concern about the deal from Israel and other allies.
Wald said that giving the impression that the United States was faltering in its commitment was “dangerous,” suggesting that it could encourage America’s allies to act alone against Iran or to seek help from Russia or China.
“This could mean taking matters into their own hands, as Israel previously has done or Saudi Arabia decided to do earlier this year by unilaterally launching an air campaign against Iranian-backed rebels in Yemen. Such actions, if not backed by the overwhelming force of the U.S. military, could spark reprisals that spiral into wider regional conflict,” Wald told House lawmakers.
“Alternatively, our regional allies might seek other guarantors of their security,” he continued. “Whether this means accepting Iranian hegemony or allying with other powers—such as Russia or China—the result would be detrimental to U.S. influence and interests in the region.”
Wald said that allies could decide to terminate cooperation with the United States, making it impossible for the United States to “project power in the Middle East.”
“Basing and overflight rights are critical to maintaining and deploying a deterrent force,” Wald said. “The perception that we are no longer committed to our allies’ security could risk the revocation of those rights and spark a vicious cycle of destabilization.”
Wald also suggested that U.S. credibility has already been undermined by defense cuts under the Obama administration over the last several years. The U.S. Army plans to cut 40,000 more troops over the next two years, losses that would become even more dramatic under sequestration.
Wald testified alongside another member of the Iran Strategy Council, retired Adm. John Bird, both of them spotlighting a recent report from the council indicating that the nuclear deal would make war more likely.
In contrast, the Obama administration has insisted that the nuclear deal is an alternative to military conflict with Iran.
The retired military officials’ testimony comes as congressional lawmakers make their final decisions regarding the nuclear agreement. Congress is expected to vote on the JCPOA sometime beforeSept. 17.
While multiple Democrats have voiced opposition to the deal, President Obama on Tuesday managed to recruit enough support to avoid having to veto a resolution rejecting the agreement.
The deal remains unpopular with the public. Only 21 percent of Americans support it, according toPew Research Center data released Tuesday.
Read the whole story
· · ·
SOLOTI, Russia (Reuters) - Russia has started to build a huge military base housing ammunition depots and barracks for several thousand soldiers near the Ukrainian border, a project that suggests the Kremlin is digging in for a prolonged stand-off with Kiev.
Next Page of Stories
Loading...
Page 2
SOLOTI, Russia (Reuters) - Russia has started to build a huge military base housing ammunition depots and barracks for several thousand soldiers near the Ukrainian border, a project that suggests the Kremlin is digging in for a prolonged stand-off with Kiev.
By Gabriela Baczynska, Tom Perry, Laila Bassam and Phil Stewart
Nicknamed 'naked guy', pictured, in a nod to 'ugly naked guy' from the American sitcom, the man has been baring all to staff at the office on Trinity Way, Salford, for the last three months.
- Get link
- Other Apps
Comments
Post a Comment