The Cyber Attacks are coming, the Cyber Attacks are coming!

If you Google the words “cyber attacks” you will get 164 million results. So where is our government on defending you and me against this growing peril? According to experts like John Jorgenson, CEO and founding partner of  the Sylint Group, our government is woefully behind the times in capability and capacity to deal with the threat of cyber attacks let alone the cyber warfare being conducted on a global scale by nation states such as China, Russia, North Korea and Iran.

Today the cry across America is the cyber attacks are coming, the cyber attacks are coming! But no one is taking action. No one that is except those few who, like Jorgenson, truly understand the catastrophic nature of the threat.

The most recent cyber attack was against our federal court system. Politico’s Tony Romm reports, “Unidentified hackers took aim at the federal court system Friday [January 24, 2014], blocking access to its public website while preventing lawyers and litigants from filing legal documents online. The incident affected uscourts.gov the federal court’s public hub, as well as most if not all federal court sites — not to mention the federal court system’s electronic filing system and its access page, PACER, a spokesman for the Administrative Office of the U.S. Courts said Friday.” The site remained down when this column was posted.

john jorgenson

John Jorgensen, CEO and a founding partner of the Sylint Group.

Jorgenson notes, “Since President Obama created a White House ‘cyber czar‘ position in 2009 there have been six appointed and then leave the position. The reason is a lack of support and funding for the program.”

In an email Jorgenson states, “The Cyber Czar count is difficult to do because of the people who temporarily held the post and the ‘Cyber Czar’ post being identified with the Obama Administration and DHS both. It is not easy to find the names of those who resigned. The press makes it out that there has been only one Cyber Czar under Obama, Schmidt. You have to really search to find the others.” The players since President Obama first took office are:

  • Rod Beckstrom – Resigned/Replaced, White House
  • Melissa Hathaway – Resigned. Hathaway was said to have been temporary, White House. But was she temporary because she resigned so quickly after making negative comments about the administration?
  • Howard Schmidt – Retired (Stated at RSA, 2010 or 2011, that there is no Cyber Warfare), White House.
  • Unknown – There was talk of a woman who took Schmidt’s place but soon resigned and Schmidt stayed on, White House.
  • Mark Weatherford – DHS / resigned.
  • Bruce McConnell – DHS / Temporary.
  • Michael Daniel – Current, White House.

“At issue is that a post as important as this, has had enormous turnover and turmoil, and we are only five years into the administration ‘leadership’. Nothing of substance to protect commercial industry, the countries infrastructure, or the citizen has come out of the White House. From the attacks being made on the United States on the Cyber Battlefield our advisories are taking Cyber Warfare seriously while we can’t find a credible Field Marshall let alone decide what needs to be done,” notes Jorgenson.

John Kelly from HowStuffWorks.com wrote, “In 2009, U.S. Defense Secretary Robert Gates declared that the U.S. ‘is under cyber-attack virtually all the time, every day’ [source: Farrell]. He wasn’t joking. That year, computer spies gained access to files about the Pentagon’s $300 billion Joint Strike Fighter project, intruders breached the Air Force’s air-traffic-control system, Chinese hackers penetrated computers at Google, and Russian cyber-thieves stole tens of millions of dollars from Citibank.”

On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command, United States Cyber Command (USCYBERCOM). Full Operational Capability (FOC) was achieved Oct. 31, 2010. The command is located at Fort Meade, Maryland.

NextGov.com reports, “In the 2014 National Defense Authorization Act passed by House lawmakers last week, Congress required the Defense Department appoint a high level Principal Cyber Advisor with a broad oversight portfolio that includes offensive and defensive cyber missions, resources, personnel, acquisition and technology. A Senate vote on the bill is expected this week. The new cyber advisor will have ‘overall supervision’ of all Defense cyber operations and will oversee a team that will integrate the cyber expertise of the four services, combatant commands and Defense agencies.”

Jorgenson believes that “major government systems have been compromised, including the US electrical grid.” Jorgenson stated that other systems such as health care, hospitals and our food supply systems are targets of cyber attacks. These attacks are dangerous because according to Jorgenson, “they place malware on corporate and government computer systems with the intent of controlling manufacturing, distribution and information system processes.”

The danger is real, clear and present. However, it appears the federal government and Congress is less concerned with the threat as it is with making political points over the dysfunctional HeathCare.gov website. Which by the way has been compromised!

Time to Amend the Florida Constitution to stop the NSA?

A column on World Net Daily has come to my attention. It deals with legislative proposals in the states of Missouri and Kansas changing their constitutions to protect the privacy, and liberty, of their citizens electronic communications and data. The following are excerpts from the column. Perhaps it is time for Florida to consider amending its constitution in the same way?

The National Security Agency may be able to spy on citizens by collecting data about their telephone calls and Internet usage, but at least two states are developing a strategy that would leave the data largely unusable without a warrant.

The newly revealed practices of the NSA to monitor all telephone calls made by American citizens could even be found in violation of the Missouri state constitution.

Several court cases that could eventually reach the U.S. Supreme Court have been filed since former NSA contractor Edward Snowden leaked information about the program.

Lawmakers in several states, however, aren’t waiting.

According to the Tenth Amendment Center, lawmakers in Missouri are proposing to amend their state constitution. Their plan would add “and electronic communications and data” to the provision that provides privacy and security for residents.

If changed by voters, it would read:

“That the people shall be secure in their persons, papers, homes [and], effects, and electronic communications and data, from unreasonable searches and seizures; and no warrant to search any place, or seize any person or thing, or access electronic data or communication, shall issue without describing the place to be searched, or the person or thing to be seized, or the data or communication to be accessed, as nearly as may be; nor without probable cause, supported by written oath or affirmation.”

The Joint Resolution, pending before the state Senate, proposes allowing Missouri voters to decide next November whether or not to amend their constitution.

In Kansas, Rep. Brett Hildabrand, R-Shawnee, pre filed a bill that would “ban all state agencies and local governments in the state from possessing data ‘held by a third-party in a system of record’ and would prohibit any such information from being ‘subject to discovery, subpoena or other means of legal compulsion for its release to any person or entity or be admissible in evidence in any judicial or administrative proceeding.’”

The access the data, under the bill, government would be required to obtain “express informed consent” or a warrant.

Read more.

Disneyland moves towards a Police State?

Jacob Sloan from DisInfo.com reports, “Who says the Panopticon has to be gloomy? Children will be thrilled to find that Mickey Mouse already knows everything about them.” ANIMAL New York writes:

In an effort to give its theme park patrons a more customized, interactive experience, Disney is adopting the tactics of law enforcement agencies everywhere: giving out wristbands embedded with tracking devices and information about the people wearing them.

Uses for the wristbands, dubbed “MyMagic+,” range from the pedestrian–like tracking purchases and attractions visited, presumably to serve up targeted advertisements–to the surreal. If a child wearing a MyMagic+ band approaches a Cinderella mascot, for example, Cinderella could be automatically informed of the child’s information, so she can greet him or her by name. Fortunately, the devices are strictly optional for now.

“We want to take experiences that are more passive and make them as interactive as possible,” said Bruce Vaughn, Disney Imagineering’s chief creative executive. “Moving from, ‘Cool, look at that talking bird,’ to ‘Wow, amazing, that bird is talking directly to me.”

The Disney World website states:

MyMagic+ will allow you to take control of your Walt Disney World vacation like never before.

You can personalize your experience … and even your MagicBand. Best yet, you’ll have the confidence of locking in incredible Disney experiences—while having the flexibility to make updates as your plans change.

There’s never been an easier way to experience a Walt Disney World vacation that’s all yours. Stay tuned for more Disney magic yet to be revealed!

There is no indication that visitors may opt out of wearing MyMagic+ wristbands.

 

“Electronic Army Of the Caucasus Emirate” threatens Cyber War against Russia

On December 27, 2013, the website posted a video titled “Appeal by the Anonymous Caucasus #OpPayBackForSotchi2014.” The “Anonymous Caucasus” describes itself as the “electronic army of the Caucasus Emirate” and has a website and accounts on Twitter and Facebook. In this video it warns the Russian government to stop its “activities” in Sochi (presumably the preparations for the Winter Olympics), otherwise the group will launch a cyber war against it in retaliation for the “Circassian genocide” of 1864,” reports MEMRI.

The video, which is two minutes and 31 seconds in duration, shows still images of signs in English that read: “Putin, don’t build your credibility on Circassian graves”; “Sochi 2014 – the hidden genocide”; “You’ll be skiing on the mass graves”; “2014 Sochi Olympic winter games – Circassian genocide 150 anniversary”.

The message is delivered by an unseen announcer. The following are excerpts:

“Our message is addressed to the government of the Russian Federation and to all the supporters of the [Winter] Olympics in Sochi. You are spending millions of dollars to organize these games on the land of the Circassians, on the land where their entire people was cruelly annihilated, on the land of the 1864 genocide… 150 years have passed, but Russia has not recognized the genocide of the Circassian people, and continues to ignore the people who live on this land. But now Anonymous Caucasus has decided to carry out a new operation called “Pay Back For Sochi.” We will launch the largest cyber war [that ever was] against the Russian government.

You will pay for [the genocide]. You crossed the line of inhumanity by wanting to hold your games on the land of our ancestors. Our army is now stronger than it was yesterday and [even] a minute ago, and our activity will increase. We support all the peoples of the Caucasus [in the struggle] against our enemy and enemy of Islam – [namely] Russia. Stop your activities in the Sochi region and we will stop ours… [If you don’t], we will attack you, we will destroy you. We will get our own way and you will not stop us. We are the Anonymous Caucasus. We neither forgive nor forget…”

Read more here.

EDITORS NOTE: In the mid-19th century large numbers of Circassians were expelled from the northwest Caucasus following the Russian conquest of the area. An unknown number of deportees died during the expulsions.

Danger: Your coffee maker may be spying on you!

In August Adam Levin from ABC News reported, “For Americans concerned about their privacy, the NSA data grabs are daunting, but what about the data grabs happening inside your own home, perpetrated not by the government, but by your coffee machine?”

Levin notes, “Consider every appliance and every piece of home electronics that you own. Does it gather data about how you use it? Does it connect to the Internet? If so, it could be used to spy on you. Your mobile devices, your TV, and now various other types of home appliances can be wired into a network that can track you. If those networks are hacked, information about your habits and behaviors could be available to people with nefarious goals. The same technological innovation that empowers us also makes us vulnerable to those who would exploit such advances against us.”

Levin list nine categories of ordinary home appliances that are now capable of collecting data on you including: your television, your cable box, dishwasher, toaster, your lights, your heat/AC and coffee maker.

Steve Watson in March 2012 on InfoWars.com stated, “CIA director David Petraeus has said that the rise of new “smart” gadgets means that Americans are effectively bugging their own homes, saving US spy agencies a job when it identifies any “persons of interest”.

“Speaking at a summit for In-Q-Tel, the CIA’s technology investment operation, Petraeus made the comments when discussing new technologies which aim to add processors and web connections to previously ‘dumb’ home appliances such as fridges, ovens and lighting systems,” writes Watson.

“‘Transformational’ is an overused word, but I do believe it properly applies to these technologies,” Petraeus enthused, “particularly to their effect on clandestine tradecraft.”

“Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters — all connected to the next-generation internet using abundant, low-cost, and high-power computing,” Petraeus said.

Simon Sharwood in his column “DON’T BREW THAT CUPPA! Your kettle could be a SPAMBOT” reports, “Russian authorities have claimed that household appliances imported from China contain tiny computers that seek out open WiFi networks and then get to work sending spam and distributing malware. St Petersburg news outlet Rosbalt reported last week that local authorities had examined kettles and irons and found “20 to 30 pieces of Chinese home appliance ‘spy’ microchips” that “sends some data to the foreign server”.

Finally Watson states, “Petraeus’ comments come in the same week that one of the biggest microchip companies in the world, ARM, unveiled new processors that are designed to give practically every household appliance an internet connection, in order that they can be remote controlled and operate in tandem with applications.

When you get your next appliance better check your privacy at you door.

RELATED COLUMN: Your Car Could be ‘Spying’ on You! US Report Reveals Carmakers are Collecting Data about Drivers’ Travel Habits

Is Rumored Saudi – Israeli Collaboration on a “Super Stuxnet” Iranian Disinformation?

Photo source: FARS News Agency

There is lots of chatter in the media and on the internet speculating on a possible Israeli Saudi entente to sabotage Iran’s nuclear program with a Super Stuxnet malware.  That speculation was triggered by an Iranian FARS agency report on November 30, 2013  concerning  a supposed alliance of convenience between the Jewish nation and the Wahhabist Saudi Kingdom, “Riyadh, Tel Aviv Cooperating to Sabotage Iran’s N. Program.”.  The report focused on  possible of  development a coordinated sabotage effort aimed at delaying and ultimately destroying Shiite Iran’s achievement of nuclear breakout.  Some seasoned observers considered this part of an elaborate Iranian disinformation campaign in the wake of the November 24th P5+1 deal struck with Iran in Geneva.

Here is what FARS reported that gave rise to the speculations:

“Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel’s Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on November 24 to increase the two sides’ cooperation in intelligence and sabotage operations against Iran’s nuclear program,” an informed source close to the Saudi secret service told FNA on Saturday.

“One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet (a comprehensive US-Israeli program designed to disrupt Iran’s nuclear technology) to spy on and destroy the software structure of Iran’s nuclear program,” the source who asked for anonymity due to the sensitivity of his information added.

[…]

Bandar himself had also earlier met Bardo in Jordan’s Aqaba port city, a meeting which elicited outrage from Saudi Arabia’s Crown Prince Salman bin Abdulaziz who had already advised the Saudi spy chief to run indirect and clandestine consultations with the Israeli regime on strategic issues in the Middle East. In the wake of the secret talks, Prince Salman ordered the prosecution of the spymaster.

In addition to the Iranian disinformation campaign directed at exposing a possible Israeli -Saudi entente aimed at conducting cyber warfare against Iran’s  nuclear program there were other defensive moves by the US played out in Washington, Jerusalem and Bahrain this week.

President Obama and Secretary of State Kerry began an intense public relations campaign this past week. That began Wednesday evening with a final Hanukkah candle lighting ceremony in the White House. That event featured a Holocaust survivor lighting the final blaze of candles for the eighth evening of the Jewish holiday. This provided an opportunity for President Obama  to make a pitch to the American Jewish community that the interim deal would grant time for negotiations to perfect a permanent one  blocking Iran from achieving a nuclear breakout threatening Israel’ s existence. On Thursday in Jerusalem, Secretary of State Kerry briefed Israeli PM Netanyahu on the P5+1 interim deal that the latter had roundly criticized as an “historical mistake”.

According to the Washington Post, Kerry was suggesting that Netanyahu provide some ‘breathing room’ to permit the Geneva deal to proceed to a definitive final agreement forestalling Iran’s nuclear weapons development. Netanyahu’s objections were that the current negotiations track  would not lead to dismantling Iran’s nuclear program, let alone prevent it from achieving a nuclear capability.  Kerry was trying to prevent Netanyahu from emboldening bi- partisan Congressional allies in Washington from rushing to judgment and passing strengthened sanctions.  As this weekend began, another voice in  Administration’s PR campaign for the P5+1 interim deal  with Iran was heard.  Pentagon chief Chuck Hagel, in his remarks, today, at the Manama Dialogue with the Gulf Cooperating Council States  suggested that a military option was a complement to the current diplomatic track with a nuclear Iran. Further, that arms and other support would still flow to America’s querulous allies in the Gulf. That may have sent a message to Netanyahu in Jerusalem that Israeli consideration of a unilateral action against Iran’s nuclear program was unwarranted.

Serious questions have arisen about unresolved arrangements and issues in the P5+1 deal. Jonathan Schanzer of the Washington, DC Foundation for Defense of Democracies noted some glaring examples in a CNN report, “US and Iran See Nuclear Deal Differently”.

On the Arak heavy water reactor:

According to the White House Fact Sheet, this means that “Iran has committed to no further advances of its activities at Arak and to halt progress on its plutonium track.”

[. . .]

According to Reuters, however, Iran could “build components off-site to install later.”  According to the Iranian Eghtesad Online website, Iranian Foreign Minister Javad Zarif told the Majles that while “no new nuclear fuel will be produced and no new installations will be installed… that “building and construction will continue because currently we are at this stage in Arak.”

On Iran’s rights to continue nuclear enrichment:

U.S. officials claim the Geneva deal does not recognize Iran’s right to enrich uranium. Iranian officials claim it does. According to Zarif, “Iran enjoys that right and it is important to recognize that right. This recognition is there [in the agreement].” Similarly, Iran’s Deputy Foreign Minister Seyyed Abbas Araghchi tweeted in Farsi, “Our enrichment program has been formally recognized.”

Iranian President Hassan Rouhani also boasted that the “nuclear rights of the people of Iran and their right to enrichment was acknowledged by global powers.”Rouhani later declared that “enrichment, which is one part of our nuclear right, will continue, it is continuing today and it will continue tomorrow and our enrichment will never stop and this is our red line.”

On the reality of Sanctions relief under the P5+1 deal:

According to the White House Fact Sheet, Iran will receive approximately $7 billion in sanctions relief over six months. However, according to Araghchi, the Geneva deal will provide Iran with access to $15 billion over that time. Iranian officials have further reportedly claimed that the United States has unfrozen $8 billion in Iranian assets thus far. The math on the deal remains somewhat fuzzy in Washington.

President Obama stated that the “broader architecture of sanctions will remain in place and we will continue to enforce them vigorously.” Rouhani, however, claimed that “cracks in the sanctions organization have begun…and as time passes, the space between these cracks will increase.” And in other remarks, the ever-smiling Rouhani boasted that “we broke the structure of sanctions.”

The lack of transparency and appeasement at Geneva has aroused concerns in Washington, in Jerusalem and Riyadh. Thus giving rise to the speculations about an Israeli- Saudi Entente tilting towards covert sabotage of Iran’s nuclear program.  There are several cautionary notes. The first is the rumored accusations by the Administration that Israel may have leaked information about the Stuxnet malware joint development program with the US begun during the Bush Administration. Israel has contended it was the other way around.

The FARS report was clearly meant to widen the divide between the Administration and the Saudis. The Saudis are angry over the Administration  failures to actively support the Sunni Islamist opposition in the Syrian civil war.

There is also the sense that broad spectrum use of Malware like Stuxnet may incur  “collateral damage”.  Eugene Kaspersky,  principal at the Russian anti-virus Kaspersky Institute,  recently commented at an Australian conference that, “Stuxnet – the famous worm widely credited with crippling the Iranian nuclear weapons program for several years – also infected the internal network of a Russian nuclear plant. Unspecified malware has even reached the International Space Station”.

That point was amplified in a post by Luigi Pagnani,  Editor in Chief  of Cyber Defense Magazine in the on-line journal, Security Affairs, “Israel and Saudi Arabia aHudare plotting a cyber weapon worse than Stuxnet”.   We have edited his conclusions, as follows:

Israel and Saudi Arabia consider Iran an enemy to destroy.  Progress in the Iranian nuclear program is not acceptable to both governments and represents a dangerous threat.

The creation of cyber weapons is no less dangerous than the Iranian nuclear program.  The diffusion of such malware could cause serious damage to a critical infrastructure with unpredictable results, not to exclude the possibility of  directly affecting civilian populations.

It is absolutely necessary that there be development of a legal framework for using a cyber weapon with rules of engagement. A cyber weapon could have effects similar to a nuclear bomb.

The quixotic nature of the rumored Saudi – Israeli Entente endeavoring to disable if not stop ran’s quest for nuclear hegemony is problematic. Walter Russell Mead in a Wall Street Journal op ed, “A Riyadh-Jerusalem Entente”, elaborates on the dynamics of this suggested entente.   He notes in conclusion:

The two temporary allies could settle a few other scores. They could work jointly against Hezbollah and Hamas, perhaps with Egyptian help returning Fatah to power in Gaza. From Syria to Iran, the Kurds might suddenly find they’ve got more money and that their relations with their Sunni Arab neighbors might improve.

Those who think the Israelis and Saudis will have to accept whatever treatment the Americans dish out may be right. But if access to Saudi facilities changes the calculations about what Israeli strikes against Iran can accomplish, the two countries have some careful thinking to do. It would be an error for American policy makers to assume that allies who feel jilted will sit quietly.

The rumored momentary alliance between Zionists and Sunni Supremacist exemplifies the “enemy of my enemy” doctrine rising to the fore. It is only a temporary pact of convenience, at best. In Islamic doctrine it would likely be equivalent to the Treaty of Hudaibaya.  Israel is the convincing dominant techno-military power in the region.  It is able to undertake a possible sabotage program while the Saudis have the money and the pathways to perfect a meaningful threat.  If a victory occurs, courtesy of the alleged Saudi-Israeli entente, a big if, then the Islamic fundamentalists will still retreat to their primal doctrine of hatred toward its Jewish saviors. Saviors who lie frustratingly beyond the control of Wahhabist religious political doctrine. A doctrine of totalitarianism that like Fascism and Communism will crumble and ultimately fail. In this instance it will fail because regional Sunni tribal loyalties coupled with Islamic doctrine will inevitably trump civil polity and modernization.

EDITORS NOTE: This column originally appeared on The New English Review.