Posts

Iran waging ‘cyber warfare’ to ‘disrupt communication of dissidents’ and ‘promote terrorism’ worldwide

A NEW wave of “cyber warfare” is using “mass surveillance” to “actively disrupt the communication of protesters and dissidents” in Iran and “promote terrorism” across the globe, an explosive document has claimed.

This is precisely why Islamic supremacists must never be appeased nor tolerated. They are fascist and expansionist, and while the abuse to which they subject their own people is atrocious enough,  these abuses do not stop at their borders.

“Revealed: How Iran wages ‘CYBER TERRORISM’ to secretly spy on MILLIONS and incite ‘CHAOS,’” by Sam Stevenson, Express, December 28, 2018:

A NEW wave of “cyber warfare” is using “mass surveillance” to “actively disrupt the communication of protesters and dissidents” in Iran and “promote terrorism” across the globe, an explosive document has claimed.

The paper was compiled by the official Iranian resistance movement, the National Council of Resistance of Iran (NCRI). It makes damning assertions which implicate the Islamic Revolutionary Guard Corps (IRGC) in waging “cyber warfare to preserve the theocracy”. NCRI representative Hossein Abedini has spoken to Express.co.uk about his group’s findings.

Furious Iranians, making use of cyber technology to disseminate their message, have been part of a popular uprising that erupted in Tehran in December 2017.

But now the theocratic regime – led by Iran’s IRGC and the Ministry of Intelligence and Security (MOIS) – is using “cyber attacks” to suppress its people, the Iranian Resistance document seen by Express.co.uk claims.

It explains: “Millions of Iranians have access to the internet and more than 48 million own smartphones.

“Iran’s young and restless population has become increasingly ‘tech-savvy’ over the years to evade the regime’s controls and censorship.

“The continuous cyber resistance by the public has driven the regime to route internet traffic through one of the state-controlled systems, making it very difficult for any subscriber to evade state-sponsored cyber repression.”

The ominous paper argues the Iranian regime is among very few governments in the world where “its testbed of cyber attacks and strategies is its own citizens”.

It contends this approach is “in line with Tehran’s longstanding worldview of instilling fear and repression at home, while promoting terrorism, Islamic fundamentalism and chaos abroad”.

The document claims the regime uses malicious malware and spyware embedded within smartphone applications (apps) to “secretly spy” on its people….

EDITORS NOTE: This column with images originally appeared on Jihad Watch. It is republished with permission. The featured photo is by Alireza Heydarifard on Unsplash.

Kosovo Muslim arrested for hacking U.S. Military files for the Islamic State

“A statement from the U.S. Department of Justice said Mr Ferizi, known by his moniker ‘Th3Dir3ctorY’, hacked into a U.S. company’s systems in order to take the personal details of 1,351 U.S. military and government staff.” The repercussions of that theft could be felt for quite some time.

“Malaysia arrests Kosovo man for ‘hacking US files for IS,’” BBC, October 16, 2015 (thanks to Lookmann):

A Kosovan man has been arrested in Malaysia for allegedly hacking into a computer database and providing information on US security officials to the so-called Islamic State group.

The man, who is in his 20s, was detained on 15 September, Malaysian police said in a statement on Thursday.

Separately, the US identified him as Ardit Ferizi, thought to head a hacker group called Kosova Hacker’s Security (KHS).

Mr Ferizi will be extradited to the US.

A statement from the US Department of Justice said Mr Ferizi, known by his moniker “Th3Dir3ctorY”, hacked into a US company’s systems in order to take the personal details of 1,351 US military and government staff.

He will be charged with computer hacking and identity theft, and faces up to 35 years in jail, the statement added….

Between June and August this year, Mr Ferizi is alleged to have passed the data on to IS member Junaid Hussain, also known as Abu Hussain al-Britani, who later posted the details online along with a threat to target the officials….

Malaysia has arrested more than 100 people this year, suspected of links to IS, including ten people in August – six of them members of Malaysia’s security forces.

What? 100 people in modern, moderate Malaysia misunderstood Islam so drastically as to adhere to the Islamic State?

RELATED ARTICLES:

“Palestinian” Muslim rioters set Joseph’s Tomb on fire

51% of U.S. Muslims want Sharia; 60% of young Muslims more loyal to Islam than to U.S.

Kerry: U.S. Obligated to Prevent Israeli Sabotage of Iran’s Nuclear Program

Armin Rosen in a Business Insider article wrote about Florida’s US Senator Marco Rubio’s provocative question that generated a troubling response from Secretary Kerry at yesterday’s testy Senate Foreign Relations Hearing on the Joint Comprehensive Plan of Action (JCPOA) on Iran’s nuclear program. It had to do with the dilemma facing the Administration about a commitment by the world powers to defend the Iranian nuclear program against attack.

Rubio raised the hypothetical of what would be the U.S. obligation under a provision found in an Annex III to the agreement, if Israel might undertake a possible cyber attack.  An attack akin to the malworm, Stuxnet that disabled Iran’s enrichment centrifuges temporarily setting back their nuclear program.

Senator Marco Rubio (R-FL) questions U.S. Secretary of State John Kerry, Treasury Secretary Jack Lew, and Energy Secretary Ernest Moniz (not pictured) before the Senate Foreign Relations Committee in Washington July 23, 2015.   REUTERS/Gary Cameron

Senator Marco Rubio (R-FL) at Senate Foreign Relations Committee Hearing July 23, 2015. Source:  Reuters-Gary Cameron.

The Business Insider article laid out the quandary:

Republican presidential candidate and US Sen. Marco Rubio (R-Florida) asked about a provision of the agreement that seems to obligate the US and its negotiating partners to help protect Iranian nuclear sites against potential outside attack.

According to Annex III, the agreement’s section on “civil nuclear cooperation,” the signatories commit to “co-operation through training and workshops to strengthen Iran’s ability to protect against, and respond to nuclear security threats, including sabotage, as well as to enable effective and sustainable nuclear security and physical protection systems.

This provision of the deal doesn’t mention any countries by name. But Rubio wondered if this was included in the deal because of Iranian concerns related to a specific US ally.

“If Israel decides it doesn’t like this deal and it wants to sabotage an Iranian nuke program or facility, does this deal that we have just signed obligate us to help Iran defend itself against Israeli sabotage or for that matter the sabotage of any other country in the world?” Rubio asked.

[Secretary of Energy] Moniz replied that “all of our options and those of our allies and friends would remain in place” after the deal goes into effect.

Kerry then jumped in to explain the provision’s specific purpose: “To be able to have longer-term guarantees as we enter a world in which cyberwarfare is increasingly a concern for everybody that if you are going to have a nuclear capacity, you clearly want to be able to make sure that those are adequately protected.”

Rubio posed the key question to Kerry:

If Israel conducts a cyber attack against the Iranian nuclear program are we obligated to help them defend themselves against an Israel cyber attack?

Kerry responded:

I don’t see any way possible that we would be in conflict with Israel with respect to what we might want to do there and we just have to wait until we get until that point,” Kerry said, cryptically — “that point” referring to a future time at which Israel believes it’s necessary to sabotage Iran’s nuclear program. It seems that at that juncture, the US would have to determine whose side to take.

The background of this troubling JCPOA provision was explored in our July 14, 2015 1330 amWEBY interview with Omri Ceren of The Israel Project and Shoshana Bryen of The Jewish Policy Center to be published as an article in the August edition of the New English Review.

Note this exchange between Mike Bates of WEBY and Bryen:

sbryen-804443500

Shoshana Bryen of The Jewish Policy Center.

Bates:  Shoshana.  Because with a deal in place, Iran will be free to covertly develop nuclear weapons without consequence.  …However, if the day comes when Israel has valid reasons to believe that a nuclear weapon is in the hands of the Iranians, or is imminently so, Israel is going to have no choice but to act unilaterally.  When they do, they will be excoriated and vilified.  … I think this makes it more dangerous, because the military option, as I see it, Shoshana, is off the table.

 Bryen:  I’m not sure it wasn’t always off the table.  Starting in the Bush Administration,the United States and Israel had a divergence of opinion about how to deal with Iran’s nuclear program. The Bush administration was in favor of sanctions and believed in squeezing them to death.  They were not in favor of military activity.   The Israelis always had believed that military action was best done in conjunction with the United States. Once they began to understand that there was no way, that even their good friend George W. Bush was not going to help them do this.   The military option became less viable.  You have to think about it from the point of view of a small country, Israel, and a large country, Iran, which has air defenses. Iran will now have better air defenses, because the Russians have sold them better air defenses.  The Iranians had more time to bury and harden their facilities.  They’ve had more time to dig them under populated places.  If you have to drop a bomb on something, the collateral damage there will be very heavy. I’m not sure that there was a great military option, to begin with.  However, you are right to the extent that if there was a facility you felt was absolutely crucial, I believe Israel could destroy it.

Omri Ceren

Omri Ceren, The Israel Project.

Note the following exchange between Bates and Ceren:

Bates:   I’m more concerned about the 8 million people living in Israel; the 300 millionpeople in the United States.  I’m concerned that Iran has been given a pathway to a bomb that is unobstructed.  This takes the military option off the table.  Even if Israel believes their existential threat is imminent, they can hardly attack militarily to stop it.  …I think the concessions are so much bigger than that.  Am I wrong, Omri?

Ceren:  Let me say that Shoshana’s answer was very compelling…Which is the military option was never Israel’s main option.  Sabotage and subterfuge were Israel’s real options, which is why it is so concerning that this deal puts the Iranian nuclear program under international sponsorship.There is an annex to the deal that says the EU-3 and their partners will teach them how to harden their nuclear assets against sabotage.  Specifically, against nuclear sabotage. In effect we’re protecting them,as they build up their program.  Forget protecting them in the last five minutes from Israeli action.  Thisdeal protects them from Israeli action throughout the entire lifetime of the deal

These exchanges between Senator Rubio and Secretary Kerry at yesterday’s Senate Foreign Relations Hearing and the excerpted WEBY interview exchanges with both Bryen and Ceren in the forthcoming New English Review article demonstrate how the JCPOA constrains both the US and Israel’s options to deal with the Iran nuclear threat. All due to the concessions made by Kerry and the negotiating team at both Lausanne and in Vienna. It explains why the Republican majority in both Houses of Congress and even some minority Democrats oppose the nuclear pact with Iran. Further, why Israel PM Netanyahu called the Nuclear pact with Iran a very bad deal in his speech on March 3,2015 before a Joint Meeting of Congress. We commend Republican Senator Rubio for asking the tough question that forced Secretary Kerry’s verification of how bad this deal is.

EDITORS NOTE: This column originally appeared in the New English Review. The featured image is of Secretary of State Kerry with Treasury Secretary Jack Lew, and Energy Secretary Moniz, Senate Foreign Relations Committee Hearing, July 23, 2015. Source: AP/Andrew Harnik.

CYBER ATTACK: China Steals 21 Million Federal Employee’s Personal Information

Archuleta_Katherine

OPM Director Katherine Archuleta

The Associated Press reports, “Hackers stole Social Security numbers, health histories and other highly sensitive data from more than 21 million people, the Obama administration said Thursday, acknowledging that the breach of U.S. government computer systems was far more severe than previously disclosed. The scope of the data breach — believed to be the biggest in U.S. history — has grown dramatically since the government first disclosed earlier this year that hackers had gotten into the Office of Personnel Management’s personnel database and stolen records for about 4.2 million people.”

U.S. Senator Marco Rubio (R-FL), a member of the Senate Select Committee on Intelligence, issued the following statement regarding newly released details about the cyberattack against the Office of Personnel Management (OPM):

“OPM officials need to be held accountable and fired for what appears to be utter incompetence. While it is completely unacceptable that our federal databases containing such massive amounts of personal information on federal employees could be so vulnerable in the first place, it’s even more infuriating that this data was hacked seven months ago and the American people are only now being informed about it. This breach has jeopardized our national security because it has given our adversaries information about over 20 million people working for the federal government, including our military and personnel involved in sensitive intelligence functions as well as their families.

“The U.S. needs an offensive cyber capability that can serve as a strong deterrent against enemy state actors and cybercriminals, like those involved in this effort out of China. We also have much work to do to create the strongest possible cyber defenses to protect our government networks and ensure that the agencies handling important tasks such as security clearances are up to the challenge.

“But to be finding out about the extent of this December cyberattack only now is irresponsible and unacceptable. The American people, starting with the people who have had their data breached, deserve more candor, transparency and urgency from the Obama Administration. They’ve been sitting on this reality for seven months. People need to go, starting with the OPM director.”

Are Fake Virus Warnings a New Method to Disrupt Free Speech?

This has been driving me nuts: Avast, an Anti-Virus product that I have in the past recommended, has been flagging JihadWatch.org as having malware, with warnings such as “Infection Blocked,” “Avast WebShield has blocked a harmful web page or file,” and “A threat has been detected.” Of course, this is not true. There is no virus.

avastI first got notification of the issue last week. As it happens, I’ve seen it a couple of times before; in fact, AVG, another anti-virus company, followed Avast and also started flagging JihadWatch.org, but a simple email asking them to look again was sufficient to get them to correct their signatures and apologise for getting it wrong.

McAfee has no issue with Jihad Watch:

http://www.siteadvisor.com/sites/www.jihadwatch.org?ref=safe&locale=en-US

Neither does Norton:

https://safeweb.norton.com/report/show?url=www.jihadwatch.org

Or WOT:

https://www.mywot.com/en/scorecard/www.jihadwatch.org

Or any of the other 63 malware scanning sites listed here.

Avast has been sent dozens of complaints. Most received a response, although I did not. They even admit that there is no malware in a few of the responses. Here is one:

Hello X,

Thank you for contacting Avast.

…Once they stop using useless obfuscation, it will not be blocked (it is the obfuscation that is being detected, not the actual deobfuscated code!) .

Thank you

Best regards

Richard Šrank

Avast Technical Support Specialist

That “obfuscation” he is talking about is the Counter DDoS prevention code that JihadWatch.org uses. It’s essential to keep the site available, as we are literally seeing tens of millions of attacks every day. Obviously we need to stay one step ahead. Yet Avast is saying that we should remove that protective code, and then they will stop saying we have malware, even though they know we don’t have malware in the first place. Apart from the sheer lunacy of this demand, one has to question their honesty and competence in checking anything: if they can say something is unsafe when they know it isn’t and admit that they know, how can anyone be sure that when they say something is safe that it really is?

ddos-encodedb64Now about this code. I won’t post it here as text, as we know they will flag that also, but any competent developer can tell there is nothing malicious there. It’s no secret. It’s simple base64 encoding, easily decoded, not that it will mean much. The point is, it’s easy to see it’s not malicious. It’s easy for Avast to add a signature to their scanners even if they did see this scary “obfuscation.” Their choice of words is interesting: when script is “encoded” for good reason, as this is, we just call it “encoded,” not obfuscation, as developers can easily decode it to see the real code behind it, using any number of tools.

So is this sheer incompetence on Avast’s part or another method to disrupt free speech? I can’t tell, but in the meantime, please report these false positives to Avast at avast.com, choosing report false virus alert, and let any of your friends know that JihadWatch.org is not infected in any way. Those who encounter Avast’s virus alert should click ignore, which is sometimes an option, or switch to a more reliable Anti-Virus solution (it should be noted that although AVG got it wrong initially, they were quick to correct their mistake).

RELATED ARTICLES:

Strategies of Denial Revisited (Part I)

UK cops knew Muslim rape gangs were targeting schools 5 years ago, did nothing

Why Is Snapchat More Secure than the Federal Government? by Andrea Castillo

Cyberhawks have seized upon this year’s massive hack of the Office of Personnel Management (OPM) to shove a wolfish surveillance bill in a sheepish cybersecurity bill’s clothing down America’s throat.

But the “Cybersecurity Information Sharing Act of 2015” (CISA) would have done nothing to stop the hack that exposed as many as 14 million federal employees’ personnel records. The pro-NSA crowd’s arguments are obvious nonsense — if anything, the OPM hack clearly demonstrates the danger of trusting incompetent government bureaucracies to manage huge datasets of sensitive personal information.

But amid all of the hubbub, these self-styled champions of strong cybersecurity — who also just happen to be anti-private encryption and pro-surveillance — have neglected to raise one important question: Why did a goofy picture-sharing app implement basic security measures before the central repository for all federal personnel data did?

This week, Snapchat announced that the private picture messaging service was offering two-factor authentication for its users. This basic measure of security helps to verify that the person logging in is indeed the legitimate owner of their account by sending out a text message with a special access code to the owner’s cell phone.

That way, a hacker must obtain both your password and your mobile phone to access and control your account. It’s simple, but simple security solutions can sometimes mean the difference between a foiled infiltration and a very, very bad day for a Snapchat user.

Of course, it is too much to expect the chief steward of federal employee information to implement such a simple policy. As the beleaguered office’s Inspector General reported last fall, OPM does not require multi-factor authentication to access its information systems.

If a careless OPM employee chose a weak and easy-to-guess password, or emailed it in plain text across an insecure channel, or merely left it on a sticky note on his or her desk (as is common practice in the federal government), than any common hacker could potentially access vast amounts of federal data.

In other words, an application for sharing pictures of wild parties and funny cats has better authentication standards than the federal government’s primary steward of millions of current and former federal employees’ and contractors’ addresses, Social Security numbers, financial information, and health records. Oh, and that of our military leadership and intelligence contacts — several of which are embedded deep undercover in dangerous missions — as well.

Hackers also accessed the feds’ cache of Standard Form 86 files for the aforementioned groups, dragging countless family members, friends, and colleagues into the databreach crossfire.

To call this a huge mess would be the second biggest understatement of the year. The biggest? That OPM’s substantial information security vulnerabilities are entirely unacceptable and directly at fault for the hack.

The OPM’s annual information security reports to Congress have admitted “material weaknesses” and “significant deficiencies” for years. The department lacked an IT team with “professional security experience and certifications”until 2013. Disgruntled employees could have merely walked off with this data if they wanted to, since OPM does not “maintain a comprehensive inventory of servers, databases, and network devices.” Nor did the OPM encrypt any of the data that the hackers stole — they might as well have just invited our forward friends in China to sweep in through the front door!

As Ars Technica’s Sean Gallagher concludes, “Considering the overall condition of OPM’s security, it’s no surprise that an attacker — almost any attacker — could gain a foothold inside the agency’s network. But attackers didn’t just gain a foothold, they had practically a free run of the networks.”

It’s true that Snapchat has hardly been a paragon of good cybersecurity in the past, as previous security vulnerabilities, breaches, misleading marketing, and the infamous “Snappening” testify. However, there is another important difference between Snapchat and the OPM that puts the humble app ahead of the mighty federal office: Snapchat has to learn from its mistakes.

As a private service provider in a hotly-competitive market that must keep its users happy to stay afloat, Snapchat moved quickly to get its security house in order after their big mistakes. They hired the former social network security leader for Google and started to build a “culture of security” within the firm.

They may still have a long way to go, but these investments and cultural prioritization are important first steps that demonstrate a proactive sense of ownership in their platform’s security. And of course, if they keep screwing up, they’ll be sued out the nose and go out of business for good.

We see no such sense of urgency with OPM. The agency received what could have been a saving wakeup call in last year, when it was discovered that Chinese hackers had accessed OPM databases in March of 2014.

OPM had the opportunity to implement simple encryption and authentication measures, tighten up their ship, and increase employee education about good data and security practices. No such luck! The office more or less continued on its merry way.

No one was fired back then and it looks like no one will get fired now. It’s government work, after all.

Unfortunately, OPM is hardly the only sucker on cybersecurity in the federal government, as my research for the Mercatus Center has found. This kind of unbelievably poor cybersecurity posture is the norm rather than the exception.

In fact, it’s hard to pick what is scarier: that the federal government operates under the digital equivalent of leaving all of their doors and windows unlocked and wide open, or that these same federal agencies want more power to manage your personal data through CISA.


Andrea Castillo

Andrea Castillo is the program manager of the Technology Policy Program for the Mercatus Center at George Mason University and is pursuing a PhD in economics at George Mason University.

Islamic State issues new “Message to America,” threatening massive hacking and cyber attacks

Stop drawing Muhammad cartoons, people, and these good folks will be mollified and hold a barbecue for us.

RELATED ARTICLES:

Video: Media rushes to abandon the principle of freedom of speech

The ISIS death fatwa

You Will Become Muslims When We Rape You, ISIS Told Yazidi Girls

Raymond Ibrahim: U.S. State Dept. Invites Muslim Leaders, Denies Christians

Raymond Ibrahim: Islamic Supremacism — the True Source of Muslim ‘Grievances’

BBC likens jihad preacher Anjem Choudary to Gandhi and Mandela

Israeli Ambassador on Iran Deal: ‘We Cannot Roll the Dice’ on Survival of Jewish State

Arkansas: Middle East Cyber Army hacks Little Rock School District website

“F**k Israel / Free Palestine / Jerusalem is Ours / Al khilafah is coming soon.” Why would they hack into the Little Rock School District’s website with such a message? For the same reason that a Muslim cleric would take hostages in a chocolate cafe in Sydney, Australia: to “strike terror into the hearts of the enemies of Allah” (Qur’an 8:60).

“Hackers Target Little Rock School District Website,” by Susanne Brunner, Fox16.com, December 12, 2014 (thanks to Creeping Sharia):

LITTLE ROCK, AR- If you typed in lrsd.org in the search engine around 7am Friday morning, chances are a hacking message popped up.

“I don’t like it. It doesn’t make me comfortable,” says Jason Spees, LRSD Parent.

Uncomfortable with the images and words displayed on the homescreen and the possible threat it could have on his two boys.

“I think they should notify everybody when there’s what could potentially be a terroristic threat. And that’s what that is to me,” he says.

The video playing on the site read “Hacked by MECA” the Middle East Cyber Army.According to its Facebook and Twitter pages, it appears to be a muslim group dedicated to cyber attacks around the world.

“It’s a little shocking to be informed of it,” he says.

Another parent I spoke with didn’t see it, but learned about the hack through an automated call from the school district around noon.

“It basically said there had been a cyber attack against the district’s landing page on their website,” says Mandy Shoptaw, LRSD Parent.

Shortly after, that message from LRSD was relayed via email to parents and staff saying, “No student, parent, or personnel data was compromised. That information is housed on separate servers. When we discovered the unauthorized information on the landing page, it was immediately removed.”…

RELATED ARTICLE:

Over 100 children massacred as Taliban storms school; ‘set teacher on fire, made kids watch’

A New Age – The Cyber Information Age

As you know, our firm The Sylint Group, Inc., is composed of engineers from the Intelligence Community, Department of Defense and other government agencies and have been involved with digital data communications and cyber security since the ‘70’s.  In fact the name Sylint is derived from the intelligence community jargon.  “Syl” is Greek for “with” or “together” and “int” is used with various prefixes as intelligence community descriptors such as “commint”, “humint”, etc.  Sylint is therefore bringing together the disciplines of the intelligence world into Cyber Security and Digital Data Forensics. And of course, it’s sounded like “Silent” and therefore a play on the word.

So, Sylint has a certain developed perspective on what people today are recognizing as cyber security. 

Personally, I’ve done everything from programming low orbiter satellites in assembly language as they sped by on their 450 nautical mile orbit, to intercepting digital data communications systems following terrorists across the continents.  That’s before digital data became an integral part of each person’s daily life; cell phone messaging, nanny cameras, “world news” on demand, Facebook, Twitter, digital pictures to be shared in an instant.  I remember when bleeding edge data storage was performed on a RM05, about the size of a washing machine, with a disk pack about 14” in radius, with 12 platters and 250 Mega Bytes (MB) of storage capability.  Today that equals storage for about 10 high resolution photos.  In today’s age my SD storage card, which slips into my pocket, holds 128 Giga Bytes (GB) of data.  Or, consider my digital photography SD (Secure Data) card with 32GB of storage and wireless communications capability from my camera to my tablet.  Data storage and handling has changed dramatically in the last 30 years.  But, so has the amount and types of data communicated.

We are connected to each other electronically through communications systems that we don’t understand and to people we don’t know personally, and maybe don’t know that they are connected to us.  Our lives bleed out through on-line personal accounts and everyone knows our foibles and sins. Our hard earned money is stolen from our bank accounts by somebody in a mid-eastern country, which we didn’t know existed.  And all of this is accomplished using 1’s and 0’s in a nanosecond of time from thousands of miles away.

I notice that the American Enterprise Institute (AEI) is held a conference titled “Road Ahead to Cybersecurity”.  I don’t think that there is a “road ahead” for cybersecurity.  There isn’t a road at all!  The whole playing field has changed and there are no defined roads in or out.

I firmly believe that we are stuck in a quagmire alongside that “road” to the playing field and it dead ended at the entry to a new age called “the Cyber Information Age”. 

We have entered this new age, the Cyber Age, and no one realizes it.  A “new age” means that life as we know it has changed dramatically and the forces that shape the economy, world order, international boundaries, social structure, centers of military and political power, level of conflict between countries, and societies moral and ethical foundation are being driven by a new impetus and energy; something called Cyber Information.  Cyber information is different than anything that society has dealt with in the past.  Cyber information is instantaneously created, changed, modified, reformatted and retransmitted.  It’s a lie, half-truth, or fact that is immediately thrown into the world, globally, from unknown sources without vetting, modulation or consideration for its consequences.

Cyber information can be news, control software for a power grid, Programmable Logic Controllers for manufacturing, communications between First Responders, infrastructure support for large buildings, corporate intellectual property, charge card information, a city sewer system, the processor for a pacemaker.  Cyber information has created a virtual world and real world that exist side by side, interact with one another, and impact one another.

Cyber information cannot be easily secured, stopped, acknowledged, or controlled. No leadership has arisen that can formulate a means to force the direction of cyber information for the good of society.  Rather, just the opposite, forces both immoral and unethical are using cyber information for nefarious purposes because it’s a crime against society which goes unpunished and yields huge rewards.

To address Cyber Security we must first understand that we are in a new age, an age of Cyber Information and what that means for society, business and the world order.

Just a few thoughts for a Monday morning surrounded by ones and zeroes.

RELATED ARTICLE: What Was Stolen?: Massive Cybersecurity Breach Raises Concerns About What Hackers Stole [+video]

RELATED VIDEO: June 14, 2014 AEI Center for Internet, Communications, and Technology Policy conference – After Snowden: The Road Ahead for Cybersecurity

The Cyber Attacks are coming, the Cyber Attacks are coming!

If you Google the words “cyber attacks” you will get 164 million results. So where is our government on defending you and me against this growing peril? According to experts like John Jorgenson, CEO and founding partner of  the Sylint Group, our government is woefully behind the times in capability and capacity to deal with the threat of cyber attacks let alone the cyber warfare being conducted on a global scale by nation states such as China, Russia, North Korea and Iran.

Today the cry across America is the cyber attacks are coming, the cyber attacks are coming! But no one is taking action. No one that is except those few who, like Jorgenson, truly understand the catastrophic nature of the threat.

The most recent cyber attack was against our federal court system. Politico’s Tony Romm reports, “Unidentified hackers took aim at the federal court system Friday [January 24, 2014], blocking access to its public website while preventing lawyers and litigants from filing legal documents online. The incident affected uscourts.gov the federal court’s public hub, as well as most if not all federal court sites — not to mention the federal court system’s electronic filing system and its access page, PACER, a spokesman for the Administrative Office of the U.S. Courts said Friday.” The site remained down when this column was posted.

john jorgenson

John Jorgensen, CEO and a founding partner of the Sylint Group.

Jorgenson notes, “Since President Obama created a White House ‘cyber czar‘ position in 2009 there have been six appointed and then leave the position. The reason is a lack of support and funding for the program.”

In an email Jorgenson states, “The Cyber Czar count is difficult to do because of the people who temporarily held the post and the ‘Cyber Czar’ post being identified with the Obama Administration and DHS both. It is not easy to find the names of those who resigned. The press makes it out that there has been only one Cyber Czar under Obama, Schmidt. You have to really search to find the others.” The players since President Obama first took office are:

  • Rod Beckstrom – Resigned/Replaced, White House
  • Melissa Hathaway – Resigned. Hathaway was said to have been temporary, White House. But was she temporary because she resigned so quickly after making negative comments about the administration?
  • Howard Schmidt – Retired (Stated at RSA, 2010 or 2011, that there is no Cyber Warfare), White House.
  • Unknown – There was talk of a woman who took Schmidt’s place but soon resigned and Schmidt stayed on, White House.
  • Mark Weatherford – DHS / resigned.
  • Bruce McConnell – DHS / Temporary.
  • Michael Daniel – Current, White House.

“At issue is that a post as important as this, has had enormous turnover and turmoil, and we are only five years into the administration ‘leadership’. Nothing of substance to protect commercial industry, the countries infrastructure, or the citizen has come out of the White House. From the attacks being made on the United States on the Cyber Battlefield our advisories are taking Cyber Warfare seriously while we can’t find a credible Field Marshall let alone decide what needs to be done,” notes Jorgenson.

John Kelly from HowStuffWorks.com wrote, “In 2009, U.S. Defense Secretary Robert Gates declared that the U.S. ‘is under cyber-attack virtually all the time, every day’ [source: Farrell]. He wasn’t joking. That year, computer spies gained access to files about the Pentagon’s $300 billion Joint Strike Fighter project, intruders breached the Air Force’s air-traffic-control system, Chinese hackers penetrated computers at Google, and Russian cyber-thieves stole tens of millions of dollars from Citibank.”

On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command, United States Cyber Command (USCYBERCOM). Full Operational Capability (FOC) was achieved Oct. 31, 2010. The command is located at Fort Meade, Maryland.

NextGov.com reports, “In the 2014 National Defense Authorization Act passed by House lawmakers last week, Congress required the Defense Department appoint a high level Principal Cyber Advisor with a broad oversight portfolio that includes offensive and defensive cyber missions, resources, personnel, acquisition and technology. A Senate vote on the bill is expected this week. The new cyber advisor will have ‘overall supervision’ of all Defense cyber operations and will oversee a team that will integrate the cyber expertise of the four services, combatant commands and Defense agencies.”

Jorgenson believes that “major government systems have been compromised, including the US electrical grid.” Jorgenson stated that other systems such as health care, hospitals and our food supply systems are targets of cyber attacks. These attacks are dangerous because according to Jorgenson, “they place malware on corporate and government computer systems with the intent of controlling manufacturing, distribution and information system processes.”

The danger is real, clear and present. However, it appears the federal government and Congress is less concerned with the threat as it is with making political points over the dysfunctional HeathCare.gov website. Which by the way has been compromised!