Rupert Murdoch’s Hacks

/45 Comments/in , /by

How interesting that Rupert Murdoch’s empire was the subject of not one, but two, hacking stories this weekend.

You probably heard how, in the US, someone hacked Fox News’ Twitter account in the middle of the night leading into Fourth of July. Shortly thereafter, that thread posted a series of three tweets reporting that Obama had been assassinated. The Secret Service is investigating that hack.

Good thing this didn’t happen on a news day when markets were open.

Meanwhile, in the UK, the Guardian reported the most heinous detail yet in its years-long investigation into how News of the World has hacked people’s cell phones as a news-gathering tool: they hacked the cell phone voice mail of a 13-year old girl, Milly Dowler, who had been abducted. Because they deleted some of the voice mails on the phone after it had filled up, her family believed that she was still alive. The hack may have confused investigators and destroyed evidence in the case.

Then, with the help of its own full-time private investigator, Glenn Mulcaire, the News of the World started illegally intercepting mobile phone messages. Scotland Yard is now investigating evidence that the paper hacked directly into the voicemail of the missing girl’s own phone. As her friends and parents called and left messages imploring Milly to get in touch with them, the News of the World was listening and recording their every private word.

But the journalists at the News of the World then encountered a problem. Milly’s voicemail box filled up and would accept no more messages. Apparently thirsty for more information from more voicemails, the paper intervened – and deleted the messages that had been left in the first few days after her disappearance. According to one source, this had a devastating effect: when her friends and family called again and discovered that her voicemail had been cleared, they concluded that this must have been done by Milly herself and, therefore, that she must still be alive. But she was not. The interference created false hope and extra agony for those who were misled by it.

[snip]

The deletion of the messages also caused difficulties for the police by confusing the picture when they had few leads to pursue. It also potentially destroyed valuable evidence.

Most damning, though, is that NoW informed the police investigating the kidnapping they had hacked the girl’s cell phone–and possibly their own. But neither the police, nor Scotland Yard in its subsequent investigation of NoW’s hacking, did anything against the tabloid for this hack.

This is interesting not just because it expresses shows how NoW’s hacking had real human consequences on people beyond celebrities. But also because it highlights, again, how inadequate initial investigations of this scandal were–and may remain.

Politicians in the UK are now squabbling over whether this should impact Murdoch’s attempt to acquire the rest of BSkyB.

 

The WikiLeaks Suit against Visa and MasterCard

/95 Comments/in /by

You may have heard that WikiLeaks is suing Visa and MasterCard for refusing to process donations to it.

That’s not actually the case. Forbes has gotten a copy of the complaint, and as it lays out, an Icelandic company called DataCell is suing, and it’s suing in Europe, not the US. DataCell is basically a hosting service for WikiLeaks and “businesses, NGOs, humanitarian organisations and others.” It had contracted with two payment services companies, Teller and Korta, on October 18, 2010, with the explicit intention of accepting donations for WL. But on December 7 (not long after the WL cables started coming out), they terminated those services. But that affects both WL and any other clients DataCell might have. And according to an explanation from Teller, no payment services company will contract with DataCell, even if it doesn’t work with WL.

[A]ccording to Teller’s explanations acquiring firms in Europe are not about to be allowed by MC and Visa to open merchant agreements with DataCell, irrespective of whether the company would service Sunshine press/Wikileaks as a payment facilitator or not.

And that’s true even though DataCell has nothing more than business relationship with WL.

There are no ownership or “board or management” connections between DataCell and the Sunshine Press Foundation, the corporate part of Wikileaks. The relationship between DataCell and Sunshine Press/Wikileaks is a pure business relationship.

DataCell also notes that Visa and MasterCard have sustained relationships with other media outlets that have published WL content.

Of note, Teller is also the company that has admitted that WL had broken none of Visa’s rules or Iceland’s laws.

Teller has found no signs indicating that Sunshine Press acts in contravention of Visa rules or national legislation in Iceland. Neither Teller nor Visa licence holders may enter into any agreement with Sunshine Press on the possessing of Visa payments, until this has been approved by Visa Europe. Teller now awaits Visa Europe’s approval.

All of which is the basis for DataCell’s argument that by refusing to let any of its payment services companies in Europe to provide services to DataCell, Visa and MasterCard have violated Europe’s competition laws. It argues that they have used their monopoly position–Visa has 68% of the market and Mastercard has 28%–to prevent DataCell from competing in Europe.

Now, I have no idea how this suit will fare legally.

But I’m interested in what it does rhetorically. Effectively, DataCell has been treated like companies that provide material support for terrorism (without being listed in any list of entities that do so); either through US intervention or via voluntary actions from Visa and MasterCard, they have singled out DataCell to put out of business because of its tie to WL. And it has done so in a market that is none too impressed with US claims about WL’s dangerousness, nor with US bigfooting Europe on data issues.

Effectively, it calls attention to the way that Visa and MasterCard abuse their monopoly position to do the bidding of the US.

We’ll see how that goes over with European consumers.

Did Thomas Drake Get iJustice?

/in , /by

There’s an interesting discussion at the end of Josh Gerstein’s article on the Drake plea agreement. He points out that after Judge Bennett ruled that the government needed more descriptive substitutions for some of its exhibits, DOJ did not appeal the decision.

Experts said it was unlikely that Bennett’s rulings accounted entirely for the government’s sudden willingness to accept a sharply reduced charge. In a court filing Friday, prosecutors said “the government respectfully disagrees with the Court’s rulings” regarding what information Drake was entitled to use in his defense.

“In light of the Court’s ruling, which would mean that highly classified information would appear, without substitution, in exhibits made publicly available, the NSA has concluded that such disclosure would harm national security,” prosecutors wrote.

In cases involving classified evidence, the government has the right to pursue a pre-trial appeal challenging a judge’s rulings about what evidence the defense can present and any “substitutions” used to camouflage secret information.

Despite its disagreement with Bennett, who was appointed to the bench by Bush, the Justice Department did not challenge the judge’s rulings and instead commenced jury selection for the trial.

He also describes Jesselyn Radack, who in her role at Government Accountability Project, had supported Drake in his whistleblower stance, saying,

Radack told reporters that when [prosecutor William] Welch initiated plea talks a week ago he said he was doing so at [DOJ Criminal Division head Lanny] Breuer’s urging. She attributed the government’s flexible stance in part to sympathetic media coverage Drake received in recent weeks from The New Yorker and “60 Minutes,” among others.

Now, I have no idea whether Radack was close enough to the DOJ side of things to be able to judge their motivation. But I am struck that Lanny Breuer instructed Welch to seek a plea deal. And if Radack’s timing is correct, then DOJ started seeking a plea deal on the same day that Bennett ruled on the CIPA substitutions, but before DOJ actually withdrew its exhibits.

Radack attributes DOJ’s changed stance to reporters’ coverage of Drake’s case (ironically, in fact, to New Yorker and 60 Minutes pieces that almost certainly contained far more classified information in them than Drake was alleged to have kept).

But POGO’s Danielle Brian recalls that she raised Drake’s treatment with President Obama back in March.

I knew my topic was likely to be sensitive. I began by thanking the President for his strong support of whistleblower protections, and noted that it was not for lack of effort on the part of the White House that the legislation didn’t pass at the end of the last Congress.

I noted, however, that the current aggressive prosecution of national security whistleblowers is undermining this legacy. That we need to create safe channels for disclosure of wrongdoing in national security agencies. That we need to work harder to shrink the amount of over-classified materials that unnecessarily prompt leak prosecutions.The President shifted in his seat and leaned forward. He said he wanted to engage on this topic because this may be where we have some differences. He said he doesn’t want to protect the people who leak to the media war plans that could impact the troops. He differentiated these leaks from those whistleblowers exposing a contractor getting paid for work they are not performing. I was careful not to interrupt the President, but waited until he was done. I pointed out that few, if any, in our community would disagree with his distinction—but that in reality the current prosecutions are not of those high-level officials who regularly leak to the press to advance their policy agendas. Instead, the Department of Justice (DOJ) is prosecuting exactly the kind of whistleblower he described, for example one from the National Security Agency.

The President then did something that I think was remarkable. He said this is an incredibly difficult area and he wants to work through how to do a better job in handling it.

And Brian also mentioned something I thought of, too: Thomas Drake’s chance encounter with Eric Holder at the Apple store where he works.

Former National Security Agency (NSA) official Thomas Drake, who is being prosecuted under the Espionage Act for allegedly “retaining” allegedly “classified” information (deemed so AFTER the evidence was seized from his house and subject to a Forced Classification Review), was busy at work at the Apple Store.  Attorney General Eric Holder was at the iPhone table.

Drake said,

Attorney General Holder [Holder looks up]–I’m Thomas Drake, the former National Security Agency official who’s been in the news.

Holder looked directly at him. Drake then asked,

Do you know why they have come after me?

Holder answered,

Yes, I do.

Drake asked,

But do you know the rest of the story?

Holder looked away, and then just left the store with his small entourage, including his security detail.

That encounter appears to have happened in late May.

Mind you, it shouldn’t take personal encounters like this for the Administration to realize it was going to look really stupid trying to convict a guy for keeping two unclassified documents in his email archive. But in the same way that it took PJ Crowley asking the President about Bradley Manning, did it take Thomas Drake asking Eric Holder about his own case to make that case to the Administration?

ACLU FOIAs WikiLeaks Cables

/in , /by

Back in April, the ACLU FOIAed a bunch of State Department cables that had been released via WikiLeaks. The State Department made no response. So now the ACLU is suing to get the cables.

The suit is interesting for several reasons. First, check out which cables ACLU has FOIAed:

The requested cables relate to the United States’ diplomatic response to foreign investigations of United States abduction, interrogation, detention, and rendition practices; efforts by the Federal government to prosecute or release former and current Guantanamo detainees; the United States’ use of unmanned aerial vehicles; and the diplomatic efforts surrounding President Obama’s decision to oppose the release of photographs depicting U.S. interrogations of persons suspected of terrorism.

The ACLU is focusing on cables that cut to the heart of America’s hypocrisy on human rights and international law.

As the suit suggests, it wants the government to have to confirm or deny whether the discussions depicted in the cables actually happened.

In spite of the urgent national interest and extensive media coverage surrounding the alleged diplomatic cables, at the time this FOIA request was made, DOS had not yet informed the American people whether the disclosed documents referred to actual federal government activity. Nor has it done so to date.

Mind you, we know they really happened–but by releasing the cables through FOIA, the State Department will have to admit it. And if they have to admit it, it will become harder to keep quashing these investigations.

(As luck would have it, the European Parliament yesterday just passed a resolution that “Calls on the EU and Member States authorities, as well as the US authorities, to ensure that full, fair, effective, independent and impartial inquiries and investigations are carried out into human rights violations and crimes under international, European and national law, and to bring to justice those responsible, including in the framework of the CIA extraordinary renditions and secret prisons programme;”)

Plus, this suit will be an interesting parallel proceeding to the government’s plodding formulation of guidelines that will allow Gitmo defense lawyers some access to the Gitmo Documents that describe their clients.

Finally, there’s one other interesting wrinkle here. Many of these documents seemingly should have been turned over in the ACLU’s (and CCR’s) previous FOIAs on torture and rendition. So will this FOIA suit force the State Department to admit whether it was blowing off a FOIA in the past?

Here’s the actual request from April. The cables they’ve requested are below:

SPAIN STILL INTERESTED IN GUANTANAMO DETAINEES, BUT NOT OPTIMISTIC ABOUT CONVICTION

SPAIN: PROSECUTOR WEIGHS GTMO CRIMINAL CASE VS. FORMER USG OFFICIALS

SPAIN: ATTORNEY GENERAL RECOMMENDS COURT NOT PURSUE GTMO CRIMINAL CASE VS. FORMER USG OFFICIALS

GARZON OPENS SECOND INVESTIGATION INTO ALLEGED U.S. TORTURE OF TERRORISM DETAINEES

GOT ASKS EUROPEANS NOT TO TAKE TUNISIAN GUANTANAMO DETAINEES

SUBJECT: REQUEST FOR EXPLANATION OF RETURNED DETAINEE ARM DISABILITY

COUNSELOR, CSIS DIRECTOR DISCUSS CT THREATS, PAKISTAN, AFGHANISTAN, IRAN

TO HELL AND BACK: GITMO EX-DETAINEE STUMPS IN LUXEMBOURG

FRENCH JUDGE SAYS C/T FOCUS IS ON “JIHADISTS TO IRAQ”

TWO EX-GTMO DETAINEES CHARGED WITH TERRORIST CONSPIRACY BUT ONE ORDERED RELEASED ON BAIL

DOD INTEL FLIGHTS: FCO CLARIFIES

EMERGING CONSTRAINTS ON U.S. MILITARY TRANSITS AT SHANNON

PORTUGUESE FM OFFERS TO RESIGN IF CIA FLIGHT ALLEGATIONS PROVE TRUE

GENERAL PETRAEUS’ MEETING WITH SALEH ON SECURITY ASSISTANCE, AQAP STRIKES

GILANI TO CODEL SNOWE: HELP US HIT TARGETS

USDP EDELMAN’S OCTOBER 15 MEETINGS IN LONDON

SPECIAL ADVISOR HOLBROOKE’S MEETING WITH SAUDI ASSISTANT INTERIOR MINISTER PRINCE MOHAMMED BIN NAYEF

SWISS COUNTERTERRORISM OVERVIEW – SCENESETTER FOR FBI DIRECTOR MUELLER

GOS “HEADS UP”: SWISS FEDERAL PROSECUTOR TO ANNOUNCE FINDINGS ON OVERFLIGHT INVESTIGATION

SECDEF MEETING WITH ITALIAN PRIME MINISTER SILVIO BERLUSCONI, FEBRUARY 6, 201…

NETHERLANDS: TOUR D’HORIZON WITH FOREIGN MINISTER BOT

AL-MASRI CASE — CHANCELLERY AWARE OF USG CONCERNS

Have WSJ and Al Jazeera Already Ceded the Espionage Debate?

/in , /by

EFF has a report on the terms of service WSJ and AJ offer leakers using their WikiLeaks competitor sites. I had already heard that WSJ offered almost no technical security (which EFF describes), but it turns out neither offer much in the way of confidentiality guarantees.

Despite promising anonymity, security and confidentiality, [Al Jazeera Transparency Unit] can “share personally identifiable information in response to a law enforcement agency’s request, or where we believe it is necessary.” [WSJ’s] SafeHouse’s terms of service reserve the right “to disclose any information about you to law enforcement authorities” without notice, then goes even further, reserving the right to disclose information to any “requesting third party,” not only to comply with the law but also to “protect the property or rights of Dow Jones or any affiliated companies” or to “safeguard the interests of others.” As one commentator put it bluntly, this is “insanely broad.” Neither SafeHouse or AJTU bother telling users how they determine when they’ll disclose information, or who’s in charge of the decision.

[snip]

By uploading to SafeHouse, you represent that your actions “will not violate any law, or the rights of any person.” By uploading to AJTU, you represent that you “have the full legal right, power and authority” to give them ownership of the material, and that the material doesn’t “infringe upon or violate the right of privacy or right of publicity of, or constitute a libel or slander against, or violate any common law or any other right of, any person or entity.”

[snip]

SafeHouse offers users three upload options: standard, anonymous, and confidential. The “standard” SafeHouse upload “makes no representations regarding confidentiality.” Neither does the “anonymous” upload which, as Appelbaum pointed out, couldn’t technically provide it anyway. For “confidential” submissions, a user must first send the WSJ a confidentiality request. The request itself, unsurprisingly, is neither confidential nor anonymous. And until the individual user works out a specific agreement with the paper, nothing is confidential.

Similarly, AJTU makes clear that “AJTU has no obligation to maintain the confidentiality of any information, in whatever form, contained in any submission.” Worse, AJTU’s website by default plants a trackable cookie on your web browser which allows them “to provide restricted information to third parties.” So much for anonymity!

I’m fascinated by this not just because they obviously won’t provide a real alternative to WL, but because of what they say about the evolving gatekeeper relationship of news outlets.

Keep in mind that both these outlets make curious candidates for a WL competitor.

For its part, WSJ would be unable to sustain its unique market position if it routinely offered corporate whistleblowers–particularly from the finance industry–a way to leak confidentially. Its demand that leakers represent that they have not violated the rights of any person, its warning that it might share information on leakers with requesting third parties, and its intent to safeguard the interests of others all sounds like WSJ is more interested in its corporate advertisers and the security of their information than protecting whistleblowers. Indeed, you might even say this is more of an ambivalent information service WSJ offers, potentially luring (say) Bank of America leakers who might otherwise leak to WL, possibly for stories, but possibly also to share with BoA.

Then there’s al Jazeera. Particularly since it is not US-based, and given its tie with the Qatari government, one would assume that they such a site would be closely monitored. The US has a long history of persecution of AJ, including imprisoning and killing journalists. Perhaps it’s not surprising how few protections it offers.

And all that’s before you consider the fact that the US government is trying to prosecute WL for espionage. Murdoch is in the middle of a spying scandal in the UK; AJ journalists have been treated, unfairly, as terrorists. That makes both somewhat vulnerable. And the USG has declared an entity that publishes anonymous leakers to be spy organizations, not something either WSJ or AJ need.

Which is why I find it so interesting that these two outlets, while claiming to do the same thing as WL did, fall so far short of attempting to offer true anonymity to their sources. Here, the protection accorded leakers is actually less than a traditional journalist would offer. It’s as if they’re ceding the US government argument that anonymous leaks are so much worse than the leaks from the powerful so often featured in outlets like WSJ.

Or perhaps they’re just trying to reinforce their traditional gatekeeper role while attempting to undercut the competition?

Updated for syntax and to fix WSJ/Murdoch conflation.

FBI’s Hacker-Informants

/in , /by

The Guardian uses an eye-popping stat from a hacker journalist–that a quarter of all hackers are FBI moles–to cement a a story about the FBI infiltrating hacker groups.

The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers, a Guardian investigation has established.

Cyber policing units have had such success in forcing online criminals to co-operate with their investigations through the threat of long prison sentences that they have managed to create an army of informants deep inside the hacking community.

[snip]

So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the federal authorities to be their eyes and ears. “Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation,” Corley told the Guardian.

The number is eye-popping. But there are two details about the story I want to note. First, it suggests that the FBI is recruiting its hacker-informants after catching them hacking. Oddly, though they consider Adrian Lamo among the hackers-moles they describe (indeed, the only one they name), they don’t question whether he just turned Bradley Manning in, or whether he was a more formal informant. Moreover, they don’t note that drug abuse, not hacking, would have been the potential crime Lamo committed in the weeks preceding his turning Manning in.

Also, note what kind of recruiting the story doesn’t address? DOD recruiting. Are all these hackers going straight from FBI to work in DOD’s cyberwars? Or is DOD recruiting a different set of hackers?

The Cyberwar Campaign against Jihadi Literature and WikiLeaks

/in , /by

Ellen Nakashima has a piece following up on the WSJ story previewing DOD’s cyberwar (which I posted on here). Before you read it, though, I wanted to suggest another reason we may be seeing this policy early (in addition to the hacking of all the defense contractors, now including L-3; and note, Nakashima references this legislation at the end of her article).

Last Thursday, the Defense Authorization bill passed the House. It retains Section 962, to which the Administration objected, which reads,

SEC. 962. MILITARY ACTIVITIES IN CYBERSPACE.

(a) AFFIRMATION.—Congress affirms that the Secretary of Defense is authorized to conduct military activities in cyberspace.

(b) AUTHORITY DESCRIBED.—The authority referred to in subsection (a) includes the authority to carry out a clandestine operation in cyberspace—

(1) in support of a military operation pursuant to the Authorization for Use of Military Force (50 U.S.C. 1541 note; Public Law 107–40) against a target located outside of the United States; or

(2) to defend against a cyber attack against an asset of the Department of Defense.

(c) BRIEFINGS ON ACTIVITIES.—Not later than 120 days after the date of the enactment of this Act, and quarterly thereafter, the Secretary of Defense shall provide a briefing to the Committees on Armed Services of the House of Representatives and the Senate on covered military cyberspace activities that the Department of Defense carried out during the preceding quarter.

(d) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to limit the authority of the Secretary of Defense to conduct military activities in cyberspace.

So as you read Nakashima, remember that the Obama Administration objected to a section that authorized cyberwar in two circumstances–in support of an AUMF against a target outside of the US and in defense against a cyber attack on a DOD asset–and required quarterly briefings.

OK, now go read Nakashima.

Within the context of the Defense Authorization, a few points of DOD’s campaign to describe what they believe their cyberwar policy to be stick out. First, it envisions preparatory actions–basically spying on a presumably non-belligerent adversary’s infrastructure to map out how DOD would launch a cyberattack if the time came.

The framework clarifies, for instance, that the military needs presidential authorization to penetrate a foreign computer network and leave a cyber-virus that can be activated later. The military does not need such approval, however, to penetrate foreign networks for a variety of other activities. These include studying the cyber-capabilities of adversaries or examining how power plants or other networks operate. Military cyber-warriors can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said.

In other words, DOD is indicating that it will engage in cyberwar activities outside of those authorized by Congress, activities which I’m sure they’re claiming fall under their “preparing the battlefield” giant loophole they use to engage in spywork.

Then there’s this:

Last year, for instance, U.S. intelligence officials learned of plans by an al-Qaeda affiliate to publish an online jihadist magazine in English called Inspire, according to numerous current and senior U.S. officials. And to some of those skilled in the emerging new world of cyber-warfare, Inspire seemed a natural target.

The head of the newly formed U.S. Cyber Command, Gen. Keith Alexander, argued that blocking the magazine was a legitimate counterterrorism target and would help protect U.S. troops overseas. But the CIA pushed back, arguing that it would expose sources and methods and disrupt an important source of intelligence. The proposal also rekindled a long-standing interagency struggle over whether disrupting a terrorist Web site overseas was a traditional military activity or a covert activity — and hence the prerogative of the CIA.

The CIA won out, and the proposal was rejected. But as the debate was underway within the U.S. government, British government cyber-warriors were moving forward with a plan.

As Nakashima goes onto explain, the British attack on Inspire managed to delay the publication of a bomb-making article in the magazine for two weeks. But it did eventually get published.

The Inspire story is fascinating not just because it reveals the ongoing turf war between DOD and CIA–and makes clear Mac Thornberry intends to let DOD win these battles.

But also, consider the cyberattack-which-shall-not-be-named: someone’s successful effort to ensure WikiLeaks couldn’t publish the State Department cables from a US server. The Inspire story makes it clear DOD is thinking in terms of take-downs of speech, which is precisely what the WL hack was.

And since WL was ultimately a compromise of DOD’s networks, it would solidly fall under the congressionally-defined defense “against a cyber attack against an asset of the Department of Defense.”

That is, it seems that Thornberry has authorized DOD to do things like hack WL. Congress seems to be in the business of helping the government exercise prior restraint.

That First Amendment sure was nice when we had it!

Though there’s just one weird aspect to this: DOD didn’t launch a cyberattack on WL when it compromised DOD resources: the Afghan and Iraq cables. Rather, it waited until all the DOD materials were already out, and then (we assume though don’t know) started attacking free speech to protect the State Department’s assets.

Anyway, all that prior restraint isn’t good enough, it seems, and the Administration is going to campaign for more lenient guidelines allowing DOD to wade through other countries’ infrastructure to figure out how to cyberattack them when the time comes.

I guess they can’t very well complain about the Lockheed and L-3 hacks then.

About the Lockheed Martin Hack

/in , , , /by

As first started leaking last week, Lockheed Martin seems to have been hacked.

Last weekend was bad for a very large U. S. defense contractor that uses SecureID tokens from RSA to provide two-factor authentication for remote VPN access to their corporate networks. Late on Sunday all remote access to the internal corporate network was disabled. All workers were told was that it would be down for at least a week. Folks who regularly telecommute were asked to come into nearby offices to work. Then earlier today (Wednesday) came word that everybody with RSA SecureID tokens would be getting new tokens over the next several weeks. Also, everybody on the network (over 100,000 people) would be asked to reset their passwords, which means admin files have probably been compromised.

What seems to have happened is hackers used information gotten in the RSA Data Security hack to try to break Lockheed’s own security–basically, Lockheed noticed that hackers were trying to use the keys they stole in March to open a bunch of locks at Lockheed. Lockheed appears to have discovered the effort and in response, started shutting down remote access on parts of its network.

Lockheed Martin, the Pentagon’s No. 1 supplier, is experiencing a major disruption to its computer systems that could be related to a problem with network security, a defense official and two sources familiar with the issue said on Thursday.

Lockheed, the biggest provider of information technology to the U.S. government, is grappling with “major internal computer network problems,” said one of the sources who was not authorized to publicly discuss the matter.

[snip]

The slowdown began on Sunday after security experts for the company detected an intrusion to the network, according to technology blogger Robert Cringely. He said it involved the use of SecurID tokens that employees use to access Lockheed’s internal network from outside its firewall,

[snip]

Loren Thompson, chief operating officer of the Lexington Institute, and a consultant to Lockheed, said the company monitored every node on its vast global computer network from a large operations center in a Maryland suburb near Washington, D.C.

“If it sees signs that the network is being compromised by outsiders it will shut down whole sectors of the network to protect information,” Thompson said.

He said Lockheed had advanced networking monitoring tools that gave it a “much better understanding of their systems’ status than most other organizations, including the Department of Defense.”

In other words, Lockheed may have prevented a much bigger breach into their own systems. But the assumption of many is that other companies might not have noticed what Lockheed did. Stories on this hack all feature a list of other defense contractors–like Boeing and Raytheon and Northrup Grumman–who “decline to comment,” which might mean they’re scrambling to address the same problem Lockheed is, only trying to do so without all the bad PR.

Now, most observers of this hack have suggested that the hackers–who might work for a state actors or some other sophisticated crime group–were after Lockheed’s war toy information (which partly explains why you’d ask Lockheed’s aerospace competitors if they’d been hacked too). But remember that Lockheed does a lot for the government besides build planes. Of particular note, they’re a huge NSA contractor. Maybe the hackers were after info on jet fighters, or maybe they were after the data and data collection programs our own government hides from its own citizens.

Which is all a reminder that, amidst the sound and fury directed at WikiLeaks (which after all shared important information with citizens who deserved to know it), there’s a whole lot more hacking we don’t learn the results of, hacking that either might result in others adopting our lethal technologies, or in third parties stealing the data we’re not even allowed to know.

Now, granted, Lockheed has far far better security than DOD’s SIPRNet does. At least they’re trying to protect their data. But it’s not clear they–or their counterparts–are entirely successful.

The Army’s “Sticky Note” SIPRNet Security

/in /by

No wonder the US Army was allegedly bested in the WikiLeaks leak by a Lady Gaga CD.

In addition to all the other gaping security problems with the classified network, there were apparently widely accessible SIPRNet computers with passwords written out on sticky notes on the computers.

A Guardian investigation focusing on soldiers who worked with Manning in Iraq has also discovered there was virtually no computer and intelligence security at Manning’s station in Iraq, Forward Operating Base Hammer. According to eyewitnesses, the security was so lax that many of the 300 soldiers on the base had access to the computer room where Manning worked, and passwords to access the intelligence computers were stuck on “sticky notes” on the laptop screens.

Rank and file soldiers would watch grisly “kill mission” footage as a kind of entertainment on computers with access to the sensitive network of US diplomatic and military communications known as SIPRNet.

Jacob Sullivan, 28, of Phoenix, Arizona, a former chemical, biological, radiological and nuclear specialist, was stationed at FOB Hammer in Manning’s unit.

“A lot of different people worked from that building and in pretty much every room there was a SIPRNet computer attached to a private soldier or a specialist,” Sullivan said

“On the computers that I saw there was a [sticky label] either on the computer or next to the computer with the information to log on. I was never given permission to log on so I never used it but there were a lot of people who did.”

He added: “If you saw a laptop with a red wire coming out of it, you knew it was a SIPRNet. I would be there by myself and the laptops [would] be sitting there with passwords. Everyone would write their passwords down on sticky notes and set it by their computer. [There] wasn’t a lot of security going on so no wonder something like this transpired.”

Hey DOD? You gotta be trying to keep stuff secret if you’re going to claim it’s secret. If the password to get to the secrets is floating around on Post It notes, you really can’t argue that you were actively trying to keep this stuff secret.

If Only They Had Listened to Thomas Drake, They Might Have Prevented CableGate

/in /by

I’m in the process of reading all the Siobhan Gorman stories for which Thomas Drake might have served as an anonymous source. And one of the ten or so articles for which he’s a possible source exposes the NSA’s failure on an issue at the heart of Bradley Manning’s ability to allegedly leak three major databases to WikiLeaks: adequate user authentication on the network.

The Drake indictment claims that Thomas Drake served as a source for “many” of the Siobhan Gorman articles she wrote about NSA between February 27, 2006 and November 28, 2007.

Thereafter, between on or about February 27, 2006 and on or about November 28, 2007, Reporter A published a series of newspaper articles about NSA, including articles that contained SIGINT information. Defendant DRAKE served as a source for many of these newspaper articles, including articles that contained SIGINT information.

One of her articles from that period, published July 2, 2006, describes how the delay in implementing a new encryption management system for NSA and DOD computers exposed those networks to hackers.

A National Security Agency program to protect secrets at the Defense Department and intelligence and other agencies is seven years behind schedule, triggering concerns that the data will be increasingly vulnerable to theft, according to intelligence officials and unclassified internal NSA documents obtained by The Sun.

[snip]

Encryption, which is an electronic lock, is among the most important of security tools, scrambling sensitive information so that it can ride securely in communications over the Internet or phone lines, and requiring a key to decipher.

Powerful encryption is necessary for protecting information that is beamed from soldiers on the battlefield or that guards data in computers at the NSA’s Fort Meade headquarters.

One of the three big things DOD claims it is doing to respond to WikiLeaks is to introduce smart cards for user credentials on SIPRNet.

DoD has begun to issue a Public Key Infrastructure (PKI)-based identity credential on a hardened smart card. This is very similar to the Common Access Card (CAC) we use on our unclassified network. We will complete issuing 500,000 cards to our SIPRNet users, along with card readers and software, by the end of 2012. This will provide very strong identification of the person accessing the network and requesting data. It will both deter bad behavior and require absolute identification of who is accessing data and managing that access.

In conjunction with this, all DoD organizations will configure their SIPRNet-based systems to use the PKI credentials to strongly authenticate end-users who are accessing information in the system. This provides the link between end users and the specific data they can access – not just network access. This should, based on our experience on the unclassified networks, be straightforward.

Which is precisely the kind of challenge one of Gorman’s named sources in the article addresses.

And as the demand grows for “smart” identification cards with computer chips that verify the card holder’s identity, so does the need for sophisticated ways to manage who is being assigned cards, so that the cards do not end up in the wrong hands, said Stephen Kent, a chief scientist at BBN Technologies who has chaired government panels on information security.

Now, we have no way of knowing whether Drake was one of the 18 sources Gorman used for the article. But a number of her sources seem to compare this clusterfuck with that of Trailblazer–the program Drake and others submitted an Inspector General’s complaint on.

Like other major NSA efforts – such as the failed Trailblazer program to rapidly sift out threat information, and the troubled Groundbreaker program aimed at upgrading the agency’s computer networks – an ever-changing game plan has caused many of the project’s problems, current and former senior intelligence officials said.

Following that passage, Gorman cites a “former senior intelligence official”–the description (the indictment alleges) Drake asked Gorman to use when she cited him.

One former senior intelligence official said that the NSA had unrealistic expectations from the start and repeatedly opted for delays to try to perfect the program. That left the government with aging security protections in the quest for security nirvana, the official said.

“NSA often will say, `Well, this is not totally secure, so you can’t use it,’ when the only alternative is nothing,” the former official said. “My worry is this push for perfect security is the enemy of good security.

And managing the implementation of a new key system sure sounds like something that the “Senior Change Leader” of NSA might be involved with.

Interestingly, the initial deadlines predicted in Gorman’s article–2012–seem to roughly match the deadlines DOD now gives for its smart cards (as well as the insider threat detection, the deadline for which Obama is trying to push back further, though that may be a different issue).

Again, all that’s not proof that Thomas Drake was warning in 2006 that if NSA didn’t fix its management problems, something like CableGate would happen (as well as the widespread hacking we know to be happening).

But 18 people were warning of it back in 2006.

Which is, I guess, DOJ feels the need to prosecute whistleblowers, to cover up embarrassing lapses like this.

image_print