New York Times National Security Correspondent David Sanger sees cyber-espionage as a whole new “field of conflict” on the global stage — and that the U.S. isn’t having an open discussion about it:

"The Obama administration has pressed more leak investigations, conducted more leak investigations, launched formal inquiries, or in some cases, criminal cases, than all previous [administrations] combined. And these investigations all have a chilling effect on later stories that you do even if the later stories are on completely different subjects.

I think there’s a lot more concern inside the U.S. government right now about being found to be talking to reporters, even if you’re talking about something that is unclassified. … It’s understandably difficult to get American officials to talk about their plans for potential cyberattacks of cyberdefenses. I understand that, but it’s also very difficult to get officials to talk about our policy about using these cyberweapons as a tool of American power. And that’s what worries me, because in a healthy democracy, I think the American citizens have to be at least informed of — and maybe participate in the debate about — how we want to use these weapons since we are vulnerable to them ourselves.”


Same as it Ever Was

Browsing through Time Magazine’s covers archive is an exercise in deja vu all over again.

Shown above are Internet-related covers from 1993 to 1996. Looking back years later, the memes and themes of our general interest technology reporting remain about the same. 

The Internet and those who spend a lot of time on it produces a weird, “other” culture. Porn’s an issue. So too cyberwar. Who controls the Internet? It’s been a question for some time now. 

Contemporary equivalents of the above covers?

Images: Selected Time Magazine covers, 1993-1996. Select to embiggen.


What does the future of war look like? I spoke to former deputy secretary of state James Steinberg to find out.

By T.C. Sottek on December 29, 2013 10:29 am

According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency’s elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA’s TAO group is able to divert shipping deliveries to its own “secret workshops” in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access.

While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it’s a unique look at the agency’s collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it’s a USB “hardware implant” that secretly provides the NSA with remote access to the compromised machine.

This tool, among others, is available to NSA agents through what Der Spiegel describes as a mail-order spy catalog. The report indicates that the catalog offers backdoors into the hardware and software of the most prominent technology makers, including Cisco, Juniper Networks, Dell, Seagate, Western Digital, Maxtor, Samsung, and Huawei. Many of the targets are American companies. The report indicates that the NSA can even exploit error reports from Microsoft’s Windows operating system; by intercepting the error reports and determining what’s wrong with a target’s computer, the NSA can then attack it with Trojans or other malware.

In response to Der Spiegel's report, Cisco senior vice president John Stewart wrote that “we are deeply concerned with anything that may impact the integrity of our products or our customers' networks,” and that the company does “not work with any government to weaken our products for exploitation.” Other US companies have fired back against reports of NSA tampering in recent months, including Microsoft, which labeled the agency an “advanced persistent threat” over its efforts to secretly collect private user data within the internal networks of Google and Yahoo.

The Der Spiegel report, which gives a broad look at TAO operations, also highlights the NSA’s cooperation with other intelligence agencies to conduct Hollywood-style raids. Unlike most of the NSA’s operations which allow for remote access to targets, Der Spiegel notes that the TAO’s programs often require physical access to targets. To gain physical access, the NSA reportedly works with the CIA and FBI on sensitive missions that sometimes include flying NSA agents on FBI jets to plant wiretaps. “This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour’s work,” the report notes.

The NSA currently faces pressure from the public, Congress, federal courts, and privacy advocates over its expansive spying programs. Those programs, which include bulk telephone surveillance of American citizens, are said by critics to violate constitutional protections against unreasonable searches, and were uncovered earlier this year by whistleblower Edward Snowden. Beyond the programs that scoop up data on American citizens, Snowden’s documents have also given a much closer look at how the spy agency conducts other surveillance operations, including tapping the phones of high-level foreign leaders.

For many of us, the mysterious world of cyberspace can often seem daunting and unfathomable. Yet, with the threat of cyberterrorism and cyberwar fast approaching on the horizon, understanding this new domain has become even more critical. It turns out that cyberspace isn’t quite as difficult to understand as we might think.

From P.W. Singer and Allan Friedman’s Cybersecurity and Cyberwar: What Everyone Needs to Know

Image credit: P.W. Singer, Allan Friedman, and Jordan Clayton. Used with permission. 


Stuxnet: Anatomy of a Computer Virus

Stuxnet has been called the world’s first weapon made entirely out of code. It is responsible for damaging Iran’s uranium enrichment infrastructure and effectively halting the country’s nuclear program.

This infographic explores the ramifications of Stuxnet. It was created by Patrick Clair for HungryBeast, a TV program on Australia’s ABC1.

Run Time - 3:21.

We Talked to the Syrian Electronic Army About Yesterday’s Hacks of the New York Times and Twitter 

VICE: How did you gain access to the DNS of the companies you targeted? And why did you go after Twitter—aren’t there many people on Twitter against potential US intervention?
We hit Melbourne IT and gained access to all the company domains, however we attacked Twitter after they closed our account 15 time and we did warned them.

Last time we spoke, you said the Syrian Electronic Army had no contact with the Syrian government. Is that still the case?
We contacted the Syrian government lately to deliver the databases of,, and

And why would these websites be important to the Syrian government?
Huge numbers of terrorists use Viber and Tango for contacting (communication).

Tell us more about the recent website attacks. They are much more advanced than your previous ones.
We have many types of attacks and we use a certain type depending on the target and how secure it is.

Who do you feel is responsible for the chemical attacks?
Of course the terrorist groups like AlNusra and the FSA, as commanded by the USA to be the means and justification to strike Syria militarily.

What evidence do you have to support your view?
The Syrian army won’t/wouldn’t use chemical weapons, and a military official has stated that this is political suicide. In addition, the fast progress by the Syrian army in Al-Ghouta.

Read the whole interview

I love anonymous

“The hacktivist group Anonymous is angry at Israel, and not just for launching deadly airstrikes on Gaza. Members say the Israeli government “crossed a line in the sand” when it threatened to sever internet and other telecommunications in Gaza.

… In a tweet, the collective condemned Israel, saying it has broken 65 UN resolutions with no consequences. It then compared the situation to Iraq, which was “invaded, bombed, and destroyed” for breaking two resolutions.

Anonymous’ online statement warned the Israeli government: “Like all the other evil governments that have faced our rage, you will not survive it unscathed.”

The statement then turned into a message of support for the people of Gaza saying that “We will do everything in our power to hinder the evil forces of the IDF arrayed against you.

Know that Anonymous stands with you in this fight. We will use all our resources to make certain you stay connected to the internet and remain able to transmit your experiences to the world,” the statement said.

And it seems their words are being matched with actions.

Anonymous has put together a “Gaza Care Package,” which contains instructions in Arabic and English to assist Palestinians in the event that the Israeli government threatens their internet connection.

The package also includes information on evading IDF surveillance, along with first aid information.

The collective encouraged Palestinians to download and share the package with others. Those behind the project have vowed to expand and improve the document in coming days.

“No matter how dark it may seem, no matter how alone and abandoned you may feel – know that tens of thousands of us in Anonymous are with you and working tirelessly around the clock to bring you every aid and assistance that we can,” the statement said.”


This Week in War. A Friday round-up of what happened and what’s been written in the world of war and military/security affairs this week. It’s a mix of news reports, policy briefs, blog posts and longform journalism.

Photo: Feb 24. A boy walks down a shelled out street in Baba Amro, Homs. The building on the right is where photographer William Daniels stayed with other journalists, including Marie Colvin and Rémi Ochlik. William Daniels - Panos for TIME.

In case you were wondering, here’s how infamous Iran-infrastructure-damaging bug Stuxnet worked. And to answer your question, the U.S. was involved in what was intended as an act of cyberwar … but the virus (which only got its name after it broke out online) was never intended it to break out onto the larger Internet. But Stuxnet, which broke out in 2010, is old news. A newer virus, Flame, is currently causing major online trauma in the Middle East.

Modern cryptosystems rely on “keys” as the secret way of coding or decoding information on which trust is built. “Symmetric encryption” relies on sharing the same key with other trusted parties. I encrypt data with the same key that you use to decrypt it. It is like us both sharing the same key for a bank lockbox.

But what if we have never met each other? How will we exchange these secret keys securely? “Asymmetric cryptography” solves this problem. The idea is to separate a secret key into a public key, which is shared with everyone, and a private key that remains secret. The two keys are generated such that something that is encrypted with a public key is decrypted with the corresponding private key, and vice versa. This figure illustrates how public cryptology works to protect both the confidentiality and the integrity of a message.

From P.W. Singer and Allan Friedman’s Cybersecurity and Cyberwar: What Everyone Needs to Know.

Image credit: P.W. Singer, Allan Friedman, and Jordan Clayton. Used with permission. 

US cyberwar virus aimed at Iran, infects Chevron accidentally 

November 9, 2012

America’s cyberwar is already seeing collateral damage, and it’s hitting the country’s own billion-dollar companies. Oil giants Chevron say the Stuxnet computer virus made by the US to target Iran infected their systems as well.

California-based Chevron, a Fortune 500 company that’s among the biggest corporations in the world, admits this week that they discovered the Stuxnet worm on their systems back in 2010. Up until now, Chevron managed to make their finding a well-kept secret, and their disclosure published by the Wall Street Journal on Thursday marks the first time a US company has come clean about being infected by the virus intended for Iran’s nuclear enrichment program. Mark Koelmel of the company’s earth sciences department says that they are likely to not be the last, though.

“We’re finding it in our systems and so are other companies,” says Koelmel. “So now we have to deal with this.”

Koelmel claims that the virus did not have any adverse effects on his company, which generated a quarter of a trillion dollars in revenue during 2011. As soon as Chevron identified the infection, it was taken care of immediately, he says. Other accidental targets might not be so lucky though, and the computer worm’s complex coding means it might be a while before anyone else becomes aware of the damage.

“I don’t think the US government even realized how far it had spread,” Koelmel adds.

Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. Only as recently as this June, however, American officials with direct knowledge of the worm went public with Uncle Sam’s involvement.

In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. Coupled with another malicious program named Flame and perhaps many more, Stuxnet was waged against Iran as part of an initiative given the codename “Olympic Games.” Rather than solely stealing intelligence through use of computer coding, the endeavor was believed to be the first cyberattack that intended to cause actual hard damage.

“Previous cyberattacks had effects limited to other computers,” Michael Hayden, the former chief of the CIA, explained to the Times earlier this year. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction.”

On the record, the federal government maintains ignorance on the subject of Stuxnet. With American companies perhaps soon coming out of the woodwork to discuss how they were hit, though, the White House may have to finally admit that they’ve had direct involvement.

After the Times published their expose in June, Senator Dianne Feinstein, chairwoman of Intelligence Committee, called for an investigation to track down how the media was first made aware of America’s involvement in Olympic Games.

"I am deeply disturbed by the continuing leaks of classified information to the media, most recently regarding alleged cyber efforts targeting Iran’s nuclear program,” Feinstein said through a statement at the time. “I made it clear that disclosures of this type endanger American lives and undermine America’s national security."

When Feinstein spoke to DC’s The Hill newspaper, she said, “the leak about the attack on Iran’s nuclear program could ‘to some extent’ provide justification for copycat attacks against the United States.” According to the chairwoman, “This is like an avalanche. It is very detrimental and, candidly, I found it very concerning. There’s no question that this kind of thing hurts our country.”

Just last month, a shadowy Iranian-based hacking group called The Qassam Cyber Fighters took credit for launching a cyberattack on the servers of Capital One Financial Corp. and BB&T Corp., two of the biggest names in the American banking industry. Days earlier, Google informed some of its American users that they may be targeted in a state-sponsored cyberattack from abroad, and computer experts insist that these assaults will only intensify over time.

“We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities,” CrowdStrike Security President George Kurtz told the Times.

Speaking of the accidental impact Stuxnet could soon have in the US, Chevron’s Koelmel tells the Journal, “I think the downside of what they did is going to be far worse than what they actually accomplished.”


The Gaza Strip Cyberwar

As military strikes between Israel and Gaza continued with the deaths of 11 Palestinian civilians on Sunday, a complicated internet battlefront has appeared. A virtual info-war is just beginning, and it exists on multiple fronts. There is an unprecedentedly transparent wave of social media propaganda by both sides, a fairly predictable backlash of Israeli website defacement from Anonymous, and an effort to bring open internet access for civilians affected by the strikes from a group called Telecomix.

On Wednesday, the IDF released an infographic-filled video describing the methods the IDF uses (phone calls and precision strikes) to minimize civilian casualties. The IDF is also live-tweeting the strikes on Gaza using their shiny new Twitter account, @IDFSpokesperson. The Twitter feed for Al Qassam, the military branch of Hamas, has responded by tweeting numerous photos of dead children killed by Israeli strikes. These photos are a very effective and graphic response to the monochromatic circles Israel is using in their videos to say they’re not killing anyone who doesn’t deserve it.

Besides this public social media conflict between governments—which is shockingly savvy and direct—the hacker group Anonymous is also taking action through a campaign they’re calling #OpIsrael. According to AnonymousIsrael threatened to cut out electricity and the internet in Gazathough that has not been confirmed by any news source. Anonymous responded to this supposed threat, and to the bombings in Gaza, with one of their trademark public service announcements on YouTube. The resulting offensive from Anonymous led to the temporary shutdowns and defacements of hundreds of Israeli websites, including the Bank of Jerusalem.

I was greeted with this defacement page on a website for the Israeli Tourism Board yesterday.

While most sources are claiming the number of Israeli websites taken down is between 663 and 700, Israel’s Finance Minister has said that the government has “deflected 44 million cyber attacks on government websites” and called this wave of attacks a “second front” in this conflict. Besides website defacements and takedowns, Anonymous leaked a document containing thousands of email addresses and passwords supposedly belonging to IDF operatives and Israeli government officials. Attached to the leaked document, the Anonymous leaker added: “this is/will turn into a cyber war.”

Anonymous has also been distributing a “care package” to the citizens of Gaza. The package, named “OpIsrael.Care.Package.v2.0” contains a press release, first aid instructions in English and Arabic, a technical guide with information on how to circumvent authoritarian internet shut-downs (like the one in Egypt during their Arab Spring), a proxy that can be used to hide the IP address and location of your computer, as well as a small image file of the Anonymous crest.

After running the documents through Google Translate, it’s clear that the information inside of the care package is designed to help civilians get online and spread information in the event of an Internet shutdown. The documents describe how to activate Twitter via text messaging in case the internet is inactive, advises people to use fax machines, make their own WiFi antennas out of spare aluminum, and to print out their email contacts in case they lose access to their virtual address book. It also encourages people to use the Telecomix dial-up network.


A Real-Time Map of Global Cyberattacks

Cyberattacks are happening constantly across the globe, and now you can see what that looks in real-time with this map by the Honeynet Project that shows so many attacks, it looks and feels like it’s straight out of an apocalyptic war movie.

Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in. The data comes from the members of Honeynet Project’s network of honeypot sensors that choose to publish the attacks. Not all of members of the project, which has more than 40 chapters around the world, chose to push data, which is why more red dots show up in Europe. 

» via The Atlantic