Tag: cyberwarfare

Reciprocity – Making Progress

future-city-1Hey all. Just wanted to let people know that I’m still around. And as luck would have it, I’ve found myself with some free time; free time that I’ve put towards creative writing again! In the past two weeks in fact, I have come up with a lot of new ideas for both Oscar Mike and (more importantly) Reciprocity. On this latter project, I’ve spent the past few days working through the half-written spots, and now I have a full five chapters done.

More importantly, I have revised the overall plot yet again. The last time I did this (not that long ago), I chose to change the nature of the antagonist to that of a Chinese ex-pat who was a former member of Unit 61398 – the People’s Liberation Army’s cyber warfare division. His name was Shen, and his plot involved a string of kidnapping, double-dealing, and cyber-terrorism that threatened to change the global geopolitical balance.

I liked this idea because I felt that after a good deal of research, the focus of the story should be on post-communist China, where a great deal of social confusion and economic turmoil was leading to the emergence of a semi-fascist state. In a pattern that is reminiscent to modern-day Russia, Shen sought to take advantage of these changes in order to unleash a massive cyber attack.

The downtown district of Shanghai. One of many locations in the story.
The downtown business district of Shanghai. One of many locations in the story.

This would have the effect of completely preoccupying the west, disabling the US Pacific Fleet, and allowing China’s new government to occupy Taiwan and the South China Sea, thus asserting their territorial sovereignty over the region. While this was interesting (at least to me), it still fell short. What I really wanted was an antagonist in the story that would make the focus be all about the two greatest issues we will be facing in the not-too-distant future.

These issues are none other than climate change, which will result in more in the way of droughts, wildfires, flooding, coastal storms, tornadoes, and diminishing resources; and technological progress, which will result in the pace of change and getting faster and faster to the point of total unpredictability.

For awhile, I’ve been writing about these subjects, and they were supposed to be the centerpiece of the story. So here’s the new plot, in a nutshell: The year, same as always, is 2030. A technological magnate’s child disappears while slumming in the Pacific Northwest in what appears to be an act of kidnapping. However, his disappearance is in fact orchestrated as part of a complex cyber intrusion designed to steal company data.

InternettrafficThe man leading this theft – who is known only as Zeke – intends to leverage this data in mainland China, where a former member of Unit 61398, now himself a technological magnate, is in possession of a quantum-based cyber virus of last resort, a weapon that was created for a war that never happened. This virus is known as “Baoying”, which in Chinese, loosely translates to Reciprocity.

Zeke knows about this weapon because he spent years developing contacts around the world, bringing together gun runners, terrorists, socialist and anarchist militias, and Chinese ex-pats that reaches from Central Asia and the Middle East all the way to South America and the South Pacific. Though separated by ideological differences, these organizations are united in wanting to see an end to the status quo.

Zeke, however, has his own agenda. A one-time member of the technological magnates he is now using as pawns, he saw so much of the world and witnessed atrocities firsthand. He also witnessed how the privilege of developed countries is paid for in the blood of others. After a scandal in which he publicly aired all of his companies many shady dealings, his partners crucified him and cast him to the fringes of society.

^In an age where the richer nations are facing the prospect of limitless energy, quantum computing, abundant resources and post-mortality while other states are failing due to displacement and mass starvation, Zeke is hoping to level the playing field once and for all. He is a genius and a man moved by a personal sense of justice. But most of all, he is a man dealing with terrible demons and some deep trauma that he can’t begin to suppress.

This kind of plot, I think, works so much better. The antagonist seems much more socially relevant, the story more focused on the big issues I like to explore, and it all seems a little less hawkish than a story where the Chinese are essentially the bad guys. But most of all, I envisioned a climactic scene where the antagonist – while explaining his motivations – says something like this:

I want a future I can control. I want a future where I have a choice. I am sick of unpredictability, or chaos and confusion. I’m sick of people being left behind, and our world being torn apart. Tomorrow, everyone will find themselves on common footing. Tomorrow, we will begin thinking towards our common future.

Try getting something like that out of a former communist who just wants to see his country win a war! Well, that’s the idea as I see it right now. What do you think? Sound good?

Reciprocity – The Deets

self-aware-colonyHey again, all. I find myself with some spare time for the first time in awhile. So I thought I might take a moment to share an idea I’ve been working with, in a bit more detail. Last post I made, I talked about the bare bones of a story I am working on known as Reciprocity, the successor to the story known as Apocrypha. But as it turns out, there are a lot of details to that story idea that I still want to share and get people’s opinion on.

You might say this is a story that I am particularly serious about. Should it work out, it would be my break from both space-opera sci-fi and zombie fiction. A foray into the world of hard-hitting social commentary and speculative science fiction.

The Story:
So the year is 2030. The world is reeling from the effects of widespread drought, wildfires, coastal storms, flooding, and population displacement. At the same time, a revolution is taking place in terms of computing, robotics, biomachinery, and artificial intelligence. As a result, the world’s population finds itself being pulled in two different directions – between a future of scarcity and the promise of plenty.

space-solar-headSpace exploration continues as private aerospace and space agencies all race to put boots on Mars, a settlement on the Moon, and lay claim to the resources of the Solar System. India, China, the US, the EU, Russia, Argentina, Brazil, and Iran are all taking part now – using robotic probes and rovers to telexplore the System and prospect asteroids. Humanity’s future as an interplanetary species seems all but guaranteed at this point.

Meanwhile, a new global balance of power is shaping up. While the US and the EU struggle with food and fuel shortages, Russia remains firmly in the grips of quasi-fascist interests, having spurned the idea of globalization and amicable relations with NATO and the EU in favor of its Collective Security Treaty, which in recent years has expanded to include Iran, Afghanistan and Pakistan.

shanghai_towerMeanwhile, China is going through a period of transition. After the fall of Communism in 2023, the Chinese state is lurching between the forces of reform and ultra-nationalism, and no one is sure which side it will fall on. The economy has largely recovered, but the divide between rich and poor is all too apparent. And given the sense of listless frustration and angst, there is fear that a skilled politician could exploit it all too well.

It’s an era of uncertainty, high hopes and renewed Cold War.

The MacGuffin:
The central item of the story is a cybervirus known as Baoying, a quantum-decryption algorithm that was designed by Unit 61398 in the early 2020’s to take down America’s quantum networks in the event of open war. When the Party fell from power, the Unit was dissolved and the virus itself was destroyed. However, rumors persisted that one or more copies still exist…

MatrixBackgroundNotable Characters:
For this ensemble to work, it had to represent a good cross-section of the world that will be, with all its national, social and economic boundaries represented. And so I came up with the following people, individuals who find themselves on different sides of what’s right, and are all their own mix of good, bad, and ambiguous.

William Harding: A privileged high school senior with an big of a drug problem who lives in Port Coquitlam, just outside of the Pacific Northwest megalopolis of Cascadia. Like many people his age, he carries all his personal computing in the form of implants. However, a kidnapping and a close brush with death suddenly expand his worldview. Being at the mercy of others and deprived of his hardware, he realizes that his lifestyle have shielded him from the real world.

Amy Dixon: A young refugee who has moved to Cascadia from the American South. Her socioeconomic status places her and her family at the fringes of society, and she is determined to change their fortunes by plying her talents and being the first in her family to get a comprehensive education.

Climate_ChangeFernie Dixon: Amy’s brother, a twenty-something year-old man who lives away from her and claims to be a software developer. In reality, he is a member of the local Aryan Brotherhood, one of many gangs that run rampant in the outlying districts of the city. Not a true believer like his “brothers”, he seeks money and power so he can give his sister the opportunities he knows she deserves.

Shen Zhou: A former Lieutenant in the People’s Liberation Army and member of Unit 61398 during the Cyberwars of the late teens. After the fall of Communism, he did not ingratiate himself to the new government and was accused of spying for foreign interests. As  result, he left the country to pursue his own agenda, which places him in the cross hairs of both the new regime and western governments.

artificial-intelligenceArthur Banks: A major industrialist and part-owner of Harding Enterprises, a high-tech multinational that specializes in quantum computing and the development of artificial intelligence. For years, Banks and his associates have been working on a project known as QuaSI – a Quantum-based Sentient Intelligence that would revolutionize the world and usher in the Technological Singularity.

Rhianna Sanchez: Commander of Joint Task Force 2, an elite unit attached to National Security Agency’s Cyberwarfare Division. For years, she and her task force have been charged with locating terror cells that are engaged in private cyberwarfare with the US and its allies. And Shen Zhou, a suspected terrorist with many troubling connections, gets on their radar after a mysterious kidnapping and high-profile cyberintrusion coincide.

And that about covers the particulars. Naturally, there are a lot of other details, but I haven’t got all day and neither do you fine folks 😉 In any case, the idea is in the queue and its getting updated regularly. But I don’t plan to have it finished until I’ve polished off Oscar Mike, Arrivals, and a bunch of other projects first!

Rebooting An Idea – Reciprocity

future-city3For awhile now, I’ve been tinkering with a story idea known as Apocrypha. It first came to me back in 2009 when I decided to move away from space opera and into more hard science fiction. I even decided to relaunch the idea a few months back, which would be the second time I decided to reboot the idea. And now, I’m rebooting it yet again, but with one major change.

Basically, I’ve re-conceived the plot to focus on a world set in 2030, where China’s Communist system has collapsed, Russia continues to exist as a semi-fascist state, the internet of things is in full swing, and several different forces are competing for control over which direction the future takes. Some want to rehash old rivalries, while others want to bring about a revolution in computing that will dissolve all boundaries.

shanghai_towerThe name of the new story is Reciprocity, which is taken from the Chinese concept of Bao Ying. I chose this as a name because while researching Chinese ancestral religion, I came across a central theme which states that the fate of all human beings is determined by cosmic reciprocity.

The concept of Bao Ying is also expressed as follows in various Zhou-Dynasty texts:

On the doer of good, heaven sends down all blessings, and on the doer of evil, he sends down all calamities.

This belief incorporates two separate elements:

  1. Ming yun: which loosely translated, means personal destiny. Whereas ming is “life” or “right”, the word yun defines “circumstance” and “individual choice”. In the Chinese ancestral faith, it is perceived as something both fixed (bound by fate) and flexible (implying choice and free will).
  2. Yuan fen: which means “fateful coincidence”, describing good and bad possibilities and potential relationships. Here too, the elements of fate and choice intersect, with good and bad casualties being assigned usually to one or the other.

Both concepts are linked, because what appears on the surface to be chance events (for better or worse), are part of the deeper rhythm that shapes personal life based on how destiny is directed. Given the fact that I thought the story should focus on China, this concept spoke to me.

cyber_virusOriginally, Apocrypha was all about a group of apocalyptic terrorists who have ties to various anti-modernist, anti-western groups who try to use a Chinese cyber-virus named Hǔnluàn (Chinese for chaos) to accomplish their goals. However, this idea wasn’t panning out in a few ways. Mainly, the antagonists didn’t seem believable to me, especially where their motivations are concerned.

But after talking it over with a friend and neighbor, I came to realize that the real focus of the story was China – or rather, how the aftermath of Maoism would affect the country and the global balance of power. In this sense, the antagonists were much more believable if they themselves were Chinese ex-pats, people who were unhappy with the current world order and wanted to change it.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsBorrowing from Russia’s post-Communist experience, I basically foresee China going through many of the same problems in the near future. First, the state would find itself under a great deal of pressure due to ongoing demands for reform, pro-democracy protests, and the memory of Tienanmen Square. And I also imagine the health effects of air pollution and cancer farms would also add to the resistance.

But by the 2020s, I expect that the country will also be reeling from the effects of drought, famine, and the destruction of water tables. And then there would be the collapse of the economy caused by the implosion of the real estate bubble – a very likely possibility – which would end the Party’s long history of buying loyalty with economic growth. At that point, the Party would officially fall under the weight of its own corruption, bankruptcy and failure.

phoenix-towers-worlds-tallest-wuhan-china-designboom-01Ten years later, China would find itself in a state of serious change and facing an ambiguous future. On the one hand, it would remain a major power economically and militarily, but would still be suffering from lingering environmental damage and uneven development. As a result, it would find itself vulnerable to quasi-fascist politicians looking to exploit people’s uncertainty and funnel it towards a revisionist agenda.

I think you’ll agree, this idea makes way more sense than its predecessor. What’s more, it would give me a chance to cover a big angle I was looking at, which was the involvement of former members of the People’s Liberation Army Cyberwarfare Division (aka. Unit 61398). Assuming that said people were out a job in the not-too-distant future, they would be seriously upset and willing to help in a malicious plot.

What do you think? Too political? Or does it have potential?

Cyberwars: Latest Snowden Leaks

FRANCE-US-EU-SURVEILLANCE-SNOWDENThe case against the NSA’s program of cyberwarfare and espionage has become somewhat like an onion. With every new revelation, the matter becomes more stinking and fetid. Certainly, the first release of classified NSA documents – which dealt with the US’s ongoing cyberwarfare against China and other nations – was damaging to the agency’s image. But it has been the subsequent publication of documents that deal with domestic surveillance that have been the most damning.

According to Snowden, he was motivated to leak this information because of the troubling case of hypocrisy inherent in the NSA programs. And in the lastest leak, Snowden has now confirmed that at least five Muslim-Americans – including prominent lawyers, a civil rights leader and academics – were the subject of years’ worth of surveillance by both the FBI and the National Security Agency.

under_surveillance_full_v2Among the targets were Nihad Awad, the executive director of the Council on American-Islamic Relations – the top Muslim-American civil rights organization in the United States – and Faisal Galil, a longtime Republican operative and former Bush Administration official who worked for the Department of Homeland Security and held a top-secret security clearance during the time he was under surveillance.

Also among the American targets was Asim Ghafoor, an attorney for the al-Haramain Islamic Foundation who who has represented clients in terrorism-related cases . He is also the man who famously discovered in 2004 that he and his clients were under surveillance after the Treasury Department mistakenly released to him a document listing calls he’d made to his clients.

wire_tappingOther targets include Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University and Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights. All of the targets appear to have been singled out because of their Muslim backgrounds and their activities either defending Muslim clients or on behalf of various causes.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”—short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to suspect of an American of being engaged in or abetting terrorism, espionage, or sabotage against the US.

FILE PHOTO NSA Compiles Massive Database Of Private Phone CallsThe authorizations must be regularly renewed by the court for the surveillance to remain in effect, usually every 90 days for U.S. citizens. In none of these cases were the individuals singled out for surveillance because they were suspected of committing or planning a crime. And six years after the period the document covers, none of them has been charged with any crime related to the surveillance.

Greenwald says the revelations offer a more detailed look at who the government is targeting. Although there are some Americans on the list who have been accused of terrorism, the five highlighted in The Intercept piece have all led what appear to be law-abiding lives. As Greenwald explained:

This is the first time that there’s a human face on who the targets are of their most intrusive type of surveillance. [H]ere you really get to see who these people are who are the people worthy of their most invasive scrutiny. I think it’s important for people to judge—are these really terrorists or are these people who seem to be targeted for their political dissidence and their political activism?

 

faisal_gillAll of these five individuals identified in the article has gone on record to vehemently deny any involvement in terrorism or espionage. Outside of their ancestry, there appears to be no justification whatsoever for the surveillance. Faisal Gill, whose AOL and Yahoo! email accounts were monitored while he was a Republican candidate for the Virginia House of Delegates, had this to say when interview by The Intercept:

I just don’t know why. I’ve done everything in my life to be patriotic. I served in the Navy, served in the government, was active in my community—I’ve done everything that a good citizen, in my opinion, should do.

Ghafoor was also of the opinion that profiling had everything to do with him being targeted for electronic surveillance. When told that no non-Muslim attorneys who defended terror suspects had been identified on the list, he replied:

I believe that they tapped me because my name is Asim Abdur Rahman Ghafoor, my parents are from India. I travelled to Saudi Arabia as a young man, and I do the pilgrimage. Yes, absolutely I believe that had something to do with it.

https://i0.wp.com/media.nj.com/ledgerupdates_impact/photo/2012/06/muslim-lawsuitjpg-88e364e9b8e195f4.jpgCivil liberties groups have expressed anger that the five appear to have been targeted largely for having Muslim backgrounds. One such group is the Muslim Advocates, which released the following statement shortly after the story was published:

This report confirms the worst fears of American Muslims: the federal government has targeted Americans, even those who have served their country in the military and government, simply because of their faith or religious heritage. Muslim Advocates calls on the President and Congress to take steps immediately to reform the NSA surveillance program to uphold basic privacy rights and civil liberties that the Constitution guarantees to every American, regardless of faith.

The new revelations confirm for the first time that the government targeted U.S. attorneys, sometimes without warrants. Crucially, the revelations also give targets of the domestic surveillance legal standing to sue. Snowden indicated to Greenwald last year that he included the target list in the cache of leaked documents because he wanted people who had been under such surveillance to have evidence to challenge the spying in court.

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in BerlinIn the past, journalists and attorneys have tried to challenge the constitutionality of the government’s surveillance activities in court. But since the defendants did not have proof that they in particular had been targeted, the courts were forced to rule that they did not have standing. The spreadsheet, however, provides evidence of targeted surveillance for those who have now been identified.

In short, this latest revelation has provided Americans, and not just those of Muslim descent, with the means to hold the NSA and the FBI accountable for the first time. Since the historic episode known as the “war on terror” began, revelations have led to challenges and promises for reform. But in all cases, the crucial issue of whether or not these programs would be allowed to continue has been carefully sidestepped.

cyber_security2Whether it was the failure of FISA reform to reign in domestic wiretapping and data mining, or the Obama administrations endorsement of “transparent” surveillance, it seems obvious clear that an administrative solution was not in the works. But opening the way for successive lawsuits for wrongful surveillance might just prove to be more effective.

What is certain, though, is that the battle between civil liberties and surveillance in the “Digital Age” is nowhere close to being resolved. As the daily volume of data sent around the world continues to grow – from terabytes to petabytes to exabytes – there will continually be a need for monitors to watch for sinister things. And as long as they are willing to push the boundaries in the name of security, there will continue to be challenges.

Sources: wired.com, firstlook.org

Cyberwars: Watching the US and China in Real-Time

norse-hacking-map-640x353Since the dawn of the internet age, there has been no shortage of stories about hackers, malware-peddling malcontents, online scams and identity theft. Add to that the growing consensus that wars in the future will be fought online through “cyberwarfare divisions”, and you can understand why such positive statements once made about the internet – like how it would bring the world together and create “a global village” – would seem incredibly naive now.

However, despite the prevalence of hacking and cyberwarfare-related fear, very few people have actually experienced what it is like. After all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows global hacking attempts in real-time. And of course, the ongoing battle between US and Chinese forces accounts for much of it.

norse-china-usa-hacking-smallerThe real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers – essentially a juicy-looking target that turns out to be a trap -maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (the port used for Windows file sharing) is still one of the top targets , but DNS, SSH, and HTTP are all very popular too. CrazzyNet and Black Ice – two common Windows backdoor programs often used by script kiddies and criminals – is also sure to pop up.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsOn occasion, the map is likely to show a big burst of coordinated attacks coming from China and directed towards the US. And while it is difficult to blame these attacks directly on the Chinese government (as they are adept at routing their attacks through other servers) government and independent researchers are confident the majority of these attacks are being directed by the People’s Liberation Army’s Unit 61398 – aka. the PLA’s cyberwarfare division.

A lot of hacks originate in the US, too, but their targets are much more varied. And in cases where Chinese facilities (or other nations that are nominally identified as hostile to the US) you can bet that the US Cyber Command at Fort Meade is behind the lot of them. But the map is still limited in that it uses Norse’s own honeypot operations to identify these attacks, and it therefore cannot be said with absolute certainty that real attacks happen in the same fashion.

nsa_aerialBut a general picture of the size and shape of global hacking and cyberwarfare can be divined by looking at the stats. Back in 2012, the US DOD reported that it was the target of 10 million cyber attacks per day. Likewise, the National Nuclear Security Administration says it saw 10 million attacks per day in 2012. In 2013, BP’s CEO said it sees 50,000 cyber attacks per day, and the UK reported around 120,000 attacks per day back in 2011.

While the extent and purpose of these attacks certainly varies, it is pretty clear that hacking and cyberwarfare is a global problem and something that governments, corporations, and institutions need to pay attention to. Last year, the Obama administration’s announced that it would not sit idly by in the face of stepped up attacks from China. However, the subsequent testimony and document leaks by Snowden showed that the US has been conducting its own attacks the entire time (and even beforehand).

And such is the nature of war, regardless of the context or the weapons used. States rattle their swords claiming they will not tolerate aggression, but there is always a fine line between maintaining one’s defenses and escalating a situation to the point that mutual destruction becomes inevitable. Perhaps the people who are currently fighting this alleged cyberwar should look to the past – specifically to the First World War and the Cold War – to see just how effective “arms races” are!

Source: extremetech.com, map.ipviking.com

Cyberwars: ACLU and NSA ex-Director to Debate Tomorrow!

keith-alexander-nsa-flickrIn what is sure to be a barn-burner of a debate, the former head of the National Security Agency – General Keith Alexander – will be participating tomorrow in a with ACLU Executive Director Anthony Romero. The televised, surveillance-themed debate, will take place tomorrow –  June 30th, 10:30am Eastern Time – on MSNBC. The subject: whether or not the NSA’s vast surveillance and data mining programs are making American’s safer.

While many would prefer that the current head of the NSA be involved in the debate, General Alexander is a far better spokesperson for the controversial programs that have been the subject of so much controversy. After all, “Emperor Alexander” – as his subordinates called him – is the man most directly responsible for the current disposition of the  NSA’s cyber surveillance and warfare program.Who better to debate their merit with the head of the ACLU – an organization dedicated to the preservation of personal freedom?

Edward-Snowden-660x367And according to classified documents leaked by Edward Snowden, General Alexander’s influence and power within the halls of government knew no bounds during his tenure. A four-star Army general with active units under his command, he was also the head of the National Security Agency, chief of the Central Security Service, and the commander of the US Cyber Command. It is this last position and the power it wields that has raised the greatest consternation amongst civil-libertarians and privacy advocates.

Keith Alexander is responsible for building this place up between 2005 and 2013, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe. According to Alexander, this threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his.

NSA_fort_meadeIn a recent security conference held in Canada before the Canadian Security Intelligence Service (CSIS), Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

And it is because of such freedom to monitor people’s daily activities that movements like the February 11th “The Day We Fight Back” movement – an international cause that embraced 360 organizations in 70 countries that were dedicated to ending mass surveillance – have been mounted, demanding reform.

us_supremecourtIn addition, a series of recent ruling from the US Supreme Court have begun to put the kibosh on the surveillance programs that Alexander spent eight years building up. With everything from cell phone tracking to cell phone taps, a precedent is being set that is likely to outlaw all of the NSA domestic surveillance. But no matter what, the role of Snowden’s testimony in securing this landmark event cannot be underestimated.

In fact, in a recent interview, the ACLU’s Anthony Romero acknowledged a great debt to Snowden and claimed that the debate would not be happening without him. As he put it:

I think Edward Snowden has done this country a service… regardless of whether or not what he did was legal or illegal, whether or not we think the sedition laws or the espionage laws that are being used to possibly prosecute Snowden are too broad, the fact is that he has kick-started a debate that we did not have. This debate was anemic. Everyone was asleep at the switch.

One can only imagine what outcome this debate will have. But we can rest assured that some of the more predictable talking points will include the necessities emerging out of the War on Terror, the rise of the information revolution, and the dangers of Big Brother Government, as well as the NSA’s failure to prevent such attacks as the Boston Marathon Bombing, the Benghazi Embassy bombing, and a slew of other terrorist incidents that took place during Alexander’s tenure.

Do I sound biased? Well perhaps that’s because I am. Go ACLU, stick to Emperor Alexander!

Sources: engadget.com, democracynow.org

Cyberwars: The Heartbleed Bug and Web Security

heartbleed-iconA little over two years ago, a tiny piece of code was introduced to the internet that contained a bug. This bug was known as Heartbleed, and in the two years it has taken for the world to recognize its existence, it has caused quite a few headaches. In addition to allowing cybercriminals to steal passwords and usernames from Yahoo, it has also allowed people to steal from online bank accounts, infiltrate governments institutions (such as Revenue Canada), and generally undermine confidence in the internet.

What’s more, in an age of cyberwarfare and domestic surveillance, its appearance would give conspiracy theorists a field day. And since it was first disclosed a month to the day ago, some rather interesting theories as to how the NSA and China have been exploiting this to spy on people have surfaced. But more on that later. First off, some explanation as to what Heartbleed is, where it came from, and how people can protect themselves from it, seems in order.

cyber_securityFirst off, Heartbleed is not a virus or a type of malware in the traditional sense, though it can be exploited by malware and cybercriminals to achieve similar results. Basically, it is a security bug or programming error in popular versions of OpenSSL, a software code that encrypts and protects the privacy of your password, banking information and any other sensitive data you provide in the course of checking your email or doing a little online banking.

Though it was only made public a month ago, the origins of the bug go back just over two years – to New Year’s Eve 2011, to be exact. It was at this time that Stephen Henson, one of the collaborators on the OpenSSL Project, received the code from Robin Seggelmann – a respected academic who’s an expert in internet protocols. Henson reviewed the code – an update for the OpenSSL internet security protocol — and by the time he and his colleagues were ringing in the New Year, he had added it to a software repository used by sites across the web.

Hackers-With-An-AgendaWhat’s interesting about the bug, which is named for the “heartbeat” part of the code that it affects, is that it is not a virus or piece of malware in the traditional sense. What it does is allow people the ability to read the memory of systems that are protected by the bug-affected code, which accounts for two-thirds of the internet. That way, cybercriminals can get the keys they need to decode and read the encrypted data they want.

The bug was independently discovered recently by Codenomicon – a Finnish web security firm – and Google Security researcher Neel Mehta. Since information about its discovery was disclosed on April 7th, 2014, The official name for the vulnerability is CVE-2014-0160.it is estimated that some 17 percent (around half a million) of the Internet’s secure web servers that were certified by trusted authorities have been made vulnerable.

cyberwarfare1Several institutions have also come forward in that time to declare that they were subject to attack. For instance, The Canada Revenue Agency that they were accessed through the exploit of the bug during a 6-hour period on April 8th and reported the theft of Social Insurance Numbers belonging to 900 taxpayers. When the attack was discovered, the agency shut down its web site and extended the taxpayer filing deadline from April 30 to May 5.

The agency also said it would provide anyone affected with credit protection services at no cost, and it appears that the guilty parties were apprehended. This was announced on April 16, when the RCMP claimed that they had charged an engineering student in relation to the theft with “unauthorized use of a computer” and “mischief in relation to data”. In another incident, the UK parenting site Mumsnet had several user accounts hijacked, and its CEO was impersonated.

nsa_aerialAnother consequence of the bug is the impetus it has given to conspiracy theorists who believe it may be part of a government-sanctioned ploy. Given recent revelations about the NSA’s extensive efforts to eavesdrop on internet activity and engage in cyberwarfare, this is hardly a surprise. Nor would it be the first time, as anyone who recalls the case made for the NIST SP800-90 Dual Ec Prng program – a pseudorandom number generator is used extensively in cryptography – acting as a “backdoor” for the NSA to exploit.

In that, and this latest bout of speculation, it is believed that the vulnerability in the encryption itself may have been intentionally created to allow spy agencies to steal the private keys that vulnerable web sites use to encrypt your traffic to them. And cracking SSL to decrypt internet traffic has long been on the NSA’s wish list. Last September, the Guardian reported that the NSA and Britain’s GCHQ had “successfully cracked” much of the online encryption we rely on to secure email and other sensitive transactions and data.

Edward-Snowden-660x367According to documents the paper obtained from Snowden, GCHQ had specifically been working to develop ways into the encrypted traffic of Google, Yahoo, Facebook, and Hotmail to decrypt traffic in near-real time; and in 2010, there was documentation that suggested that they might have succeeded. Although this was two years before the Heartbleed vulnerability existed, it does serve to highlight the agency’s efforts to get at encrypted traffic.

For some time now, security experts have speculated about whether the NSA cracked SSL communications; and if so, how the agency might have accomplished the feat. But now, the existence of Heartbleed raises the possibility that in some cases, the NSA might not have needed to crack SSL at all. Instead, it’s possible the agency simply used the vulnerability to obtain the private keys of web-based companies to decrypt their traffic.

hackers_securityThough security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL, the encryption protocol trusted by so many to protect their data. And beyond abuse by government sources, the bug is also worrisome because it could possibly be used by hackers to steal usernames and passwords for sensitive services like banking, ecommerce, and email. In short, it empowers individual troublemakers everywhere by ensuring that the locks on our information can be exploited by anyone who knows how to do it.

Matt Blaze, a cryptographer and computer security professor at the University of Pennsylvania, claims that “It really is the worst and most widespread vulnerability in SSL that has come out.” The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug “catastrophic”, and Forbes cybersecurity columnist Joseph Steinberg event went as far as to say that:

Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.

opensslRegardless, Heartbleed does point to a much larger problem with the design of the internet. Some of its most important pieces are controlled by just a handful of people, many of whom aren’t paid well — or aren’t paid at all. In short, Heartbleed has shown that more oversight is needed to protect the internet’s underlying infrastructure. And the sad truth is that open source software — which underpins vast swathes of the net — has a serious sustainability problem.

Another problem is money, in that important projects just aren’t getting enough of it. Whereas well-known projects such as Linux, Mozilla, and the Apache web server enjoy hundreds of millions of dollars in annual funding, projects like the OpenSSL Software Foundation – which are forced to raise money for the project’s software development – have never raised more than $1 million in a year. To top it all off, there are issues when it comes to the open source ecosystem itself.

Cyber-WarTypically, projects start when developers need to fix a particular problem; and when they open source their solution, it’s instantly available to everyone. If the problem they address is common, the software can become wildly popular overnight. As a result, some projects never get the full attention from developers they deserve. Steve Marquess, one of the OpenSSL foundation’s partners, believes that part of the problem is that whereas people can see and touch their web browsers and Linux, they are out of touch with the cryptographic library.

In the end, the only real solutions is in informing the public. Since internet security affects us all, and the processes by which we secure our information is entrusted to too few hands, then the immediate solution is to widen the scope of inquiry and involvement. It also wouldn’t hurt to commit additional resources to the process of monitoring and securing the web, thereby ensuring that spy agencies and private individuals are not exercising too much or control over it, or able to do clandestine things with it.

In the meantime, the researchers from Codenomicon have set up a website with more detailed information. Click here to access it and see what you can do to protect yourself.

Sources: cbc.ca, wired.com, (2), heartbleed.com

Cyberwars: Russia’s Cyber-Weapons Hit Ukraine

cyber_privacyAccording to Ukraine’s security services, the situation in the Crimea is escalating in ways that have nothing to do with the deployment of military forces or the enacting of sanctions. It seems that members of the country’s parliament, regardless of political affiliation, are being targeted by cyberattacks. While no shots have been fired and no official declarations have been made, this revelation shows that the crisis has entered a new phase – one of cyberwarfare!

The attacks began two days ago, when members of Ukraine’s parliament, regardless of their party affiliation, saw their mobile communications blocked by equipment in Russia-controlled Crimea. According to Ukrainian security officials, the phone access has been blocked thanks to equipment installed “at the entrance to (telecom) Ukrtelecom in Crimea.” Ukraine’s security teams are now working on restoring service to the parliament members, though it’s not clear when the blockade will be removed.

cyberattackSince that time, other cyber weapons have been detected, the latest of which is known as Snake (aka. “Ouroboros” after a serpent drawn from Greek mythology). This virus, which interestingly enough has the characteristics of both a product of the intelligence services and the military – it can both surveil and physically destroy computer networks – has been wrecking havoc on Ukrainian government systems.

By targeting the Ukrainian government with Ouroboros, the Russians are able to effectively engage in an aggressive, kinetic act without actually declaring war. This is due to the fact that in the digital age, cyber attacks fall into the category of being largely accepted as part of how countries exercise power. Much like how in the Cold War – where there were unspoken rules of what powers could do – these acts fall short of what is considered outright aggression.

cold_warHowever, this will not last forever. If certain capabilities of Ouroboros go live, then it will remain to be seen how the Ukraine reacts. And if the Russians deploy cyber weapons with network-destroying capabilities into other countries, there might well be one country that reacts as though the launch of a cyber weapon is no different than the launch of a missile. It all comes down to perception, and whether or not all sides see fit to limit themselves to cyber attacks.

cybergrenadeUltimately, the Cold War remained cold due to the fact that all sides were able to maintain an agreed upon set of rules. As long as no one stood to gain from the outbreak of full-scale war – due to the proliferation of nukes and the prospect of “mutually assured destruction” – everyone could expect to do what was in their own best interests. The absence of such a set of rules and treaties governing cyber weapons has not yet led to open hostilities, but it remains to be seen if they will hold.

One can only hope a modern day Russia, and Ukraine for that matter, can be expected to do what’s in their best interests as well and avoid an open state of war.

Sources: news.cnet.com, huffingtonpost.com

Cyberwars: NSA Building Quantum Computer

D-Wave's 128-qubit quantum processorAs documents that illustrate the NSA’s clandestine behavior continue to be leaked, the extents to which the agency has been going to gain supremacy over cyberspace are becoming ever more clear. Thanks to a new series of documents released by Snowden, it now seems that these efforts included two programs who’s purpose was to create a ““useful quantum computer” that would be capable of breaking all known forms of classical encryption.

According to the documents, which were published by The Washington Post earlier this month, there are at least two programs that deal with quantum computers and their use in breaking classical encryption — “Penetrating Hard Targets” and “Owning the Net.” The first program is funded to the tune of $79.7 million and includes efforts to build “a cryptologically useful quantum computer” that can:

sustain and enhance research operations at NSA/CSS Washington locations, including the Laboratory for Physical Sciences facility in College Park, MD.

nsa_aerialThe second program, Owning the Net, deals with developing new methods of intercepting communications, including the use of quantum computers to break encryption. Given the fact that quanutm machinery is considered the next great leap in computer science, offering unprecedented speed and the ability to conduct operations at many times the efficiency of normal computers, this should not come as a surprise.

Such a computer would give the NSA unprecedented access to encrypted files and communications, enadling them to break any protective cypher, access anyone’s data with ease, and mount cyber attacks with impunity. But a working model would also vital for defensive purposes. Much in the same way that the Cold War involved ongoing escalation between nuclear armament production, cybersecurity wars are also subject to constant one-upmanship.

quantum-computers-The-Next-GenerationIn short, if China, Russia, or some other potentially hostile power were to obtain a quantum computer before the US, all of its encrypted information would be laid bare. Under the circumstances, and given their mandate to protect the US’s infrastructure, data and people from harm, the NSA would much rather they come into possesion of one first. Hence why so much attention is dedicated to the issue, since whoever builds the worlds first quantum computer will enjoy full-court dominance for a time.

The mathematical, cryptographical, and quantum mechanical communities have long known that quantum computing should be able to crack classical encryption very easily. To crack RSA, the world’s prevailing cryptosystem, you need to be able to factor prime numbers — a task that is very difficult with a normal, classical-physics CPU, but might be very easy for a quantum computer. But of course, the emphasis is still very much on the word might, as no one has built a fully functioning multi-qubit quantum computer yet.

quantum-entanglement1As for when that might be, no one can say for sure. But the smart money is apparently anticipating one soon, since researchers are getting to the point where coherence on a single qubit-level is becoming feasible, allowing them to move on to the trickier subject of stringing multiple fully-entangled qubits together, as well as the necessary error checking/fault tolerance measures that go along with multi-qubit setups.

But from what it’s published so far, the Laboratory for Physical Sciences – which is carrying out the NSA’s quantum computing work under contract – doesn’t seem to be leading the pack in terms of building a quantum computer. In this respect, it’s IBM with its superconducting waveguide-cavity qubits that appears to be closer to realizing a quantum computer, with other major IT firms and their own supcomputer models not far behind.

hackers_securityDespite what this recent set of leaks demonstrates then, the public should take comfort in knowing that the NSA is not ahead of the rest of the industry. In reality, something like a working quantum computer would be so hugely significant that it would be impossible for the NSA to develop it internally and keep it a secret. And by the time the NSA does have a working quantum computer to intercept all of our encrypted data, they won’t be the only ones, which would ensure they lacked dominance in this field.

So really, thess latest leaks ought to not worry people too much, and instead should put the NSAs ongoing struggle to control cyberspace in perspective. One might go so far as to say that the NSA is trying to remain relevant in an age where they are becoming increasingly outmatched. With billions of terabytes traversing the globe on any given day and trillions of devices and sensors creating a “second skin” of information over the globe, no one organization is capable of controlling or monitoring it all.

So to those in the habit of dredging up 1984 every time they hear about the latest NSA and domestic surveillance scandal, I say: Suck on it, Big Brother!

Source: wired.com

Cyberwars: America’s Secret Cyber Command

Cyber-WarRecent revelations provided by Edward Snowden have set many people’s teeth on edge. After years of controversy surrounding the use of domestic, warrantless surveillance, things have only gotten worse with the revelation of PRISM and the NSA’s collection of metadata. But as with all things relating to espionage and government secrets, plumbing the depths only seems to reveal greater depths and bigger secrets.

Case in point: the life and times of General Keith Alexander, the undisputed master of America’s cyberwars and intelligence gathering operations. A four-star Army general with active units under his command, he is also a member of the National Security Agency, chief of the Central Security Service, and commander of the US Cyber Command.

When discussing his reasons for going public, Snowden indicated that he was appalled by:

[The] hypocrisy of the U.S. government when it claims that it does not target civilian infrastructure, unlike its adversaries.

cyberwarfare2What he was referring to was ongoing accusations by the US government that sources within China – particularly Unit 61398, a hacking force within the PLA that is located in Shanghai – had been stealing terabytes from data from the US since 2006. As it turns out, the US has its own super-secret cyberwarfare division, one which exists as nominally independent from the NSA.

Located inside Fort Meade, Maryland, this top-secret installation is more of a self-contained city. Tens of thousands of people live here, a city of 50 buildings with its own post office, fire department, and police force and is surrounded by electrified fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion detectors, and watched by rotating cameras.

To block any telltale electromagnetic signals from escaping, the inner walls of the buildings are wrapped in protective copper shielding and the one-way windows are embedded with a fine copper mesh. Keith Alexander is responsible for building this place up for the past eight years, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe.

NSA_fort_meadeTo hear him tell it, the threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his. In a recent security conference held in Canada, Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

In this respect, he is not unlike Herbert Hoover, the overbearing bureaucrat who established the FBI and maintained a stranglehold over the nation’s law enforcement for years, even go so far as to blackmail multiple presidents.

cyberwarfareIn its tightly-controlled PR, the NSA has focused attention on the threat of cyberattack against the US, particularly against critical infrastructure like power plants and water systems, the susceptibility of the military’s command and control structure, the dependence of the economy on the internet. Defense against these threats is cited as the very reason for the NSA’s ongoing efforts and everything they do towards that end.

But there is a flip side to this equation that is rarely mentioned: which is the offensive capabilities the US military has been developing offensive capabilities. Using so-called cyber-kinetic attacks, Alexander and his forces now have the capability to physically destroy an adversary’s equipment and infrastructure, measures which he claims are crucial to 21st-century warfare as nuclear arms were in the 20th.

Their first attack was launched in the mid-2000s under the name of Stuxnet, a piece of malware that was created by the NSA, CIA and Israeli intelligence. According to Snowden, this virus – the first ever to be designed to destroy physical equipment – was aimed at Iran’s nuclear facility in Natanz. Once unleashed, this worm was able to damage about a thousand centrifuges used to enrich nuclear material.

stuxnet.schemeThe success of this sabotage came to light only in June 2010, when the malware spread to outside computers and spotted by independent security researchers. Despite headlines around the globe, officials in Washington have never openly acknowledged that the US was behind the attack. It wasn’t until 2012 that anonymous sources within the Obama administration took credit for it in interviews with The New York Times.

But of course, Stuxnet was only the beginning. Alexander’s agency has recruited thousands of computer experts, hackers, and engineering PhDs to expand US offensive capabilities in the digital realm over the years. And at a time when the CIA and other intelligence agencies are dealing with up to $4.4 billion in budget cuts, the Pentagon has requested $4.7 billion for “cyberspace operations”. In short, more attacks are likely in the works.

As Chris Cooper said in the seminal movie Syriana: “You dig a 6-foot hole, you’ll find three bodies. But you dig 12, and maybe you’ll find 40.” Eventually, you have to wonder if its time to ditch the shovel. The truth is so often an ugly, frightful, shocking and disturbing thing. And personally, I’ve always felt that rather than turn away, we should hold the people who make it so in strong contempt.

Source: wired.com