10 ways to avoid a Wikileaks or NSA-style data breach

25 Jan 2014 by Samara Lynn

The WikiLeaks furore of 2010, and the more recent debacle of the documents leaked from the American National Security Agency (NSA) has left the world reeling at the power of a well-orchestrated data breach. President Obama recently announced that due to the revealed abuses by the agency, he would reform espionage policy, allowing privacy campaigners around the world to breathe a cautious sigh of relief.

image

But not every organisation is as insidious or as unaccountable as the NSA, and not every leaker has the good intentions of Edward Snowden or Chelsea Manning. One thing to come out of these events is crystal clear: if the government is vulnerable to network security and data breaches, your business is too.

A few safeguards in place could have staved off the leakage of classified information from both these networks, many of which are available to small businesses: activity monitoring, limiting which data is searchable, keeping tabs on user permissions, and deploying a robust data leak prevention solution.

Continue reading

Advertisements

Five Myths about the Chinese Internet

The Great Firewall is neither great, nor a firewall. Discuss.

BY EVELINE CHAO | NOVEMBER 20, 2012

clip_image001

Last week, Xi Jinping‘s chairmanship of the Communist Party was announced, and collectively, the Chinese Internet breathed a sigh of relief. Netizens rejoiced as the web returned to its normal speed, while censors, government officials, and Internet companies finally allowed themselves to stop fretting about making any missteps during the highly sensitive week-long, once-in-a-decade political meeting — the 18th Party Congress — which decided China’s new leadership structure.

Within a few hours, the top trending topics on Sina Weibo, China’s homegrown equivalent to Twitter, included political topics like incoming Premier Li Keqiang’s resumé and Russian Prime Minister Dmitry Medvedev’s November 15 comments that he isn’t bothered by online criticism because such things are normal in a democracy. But for most of the week-long Party Congress, however, the top Weibo chatter (part censorship, part apathy) had focused mostly on Chinese pop celebs.

Continue reading

The Life And Legacy Of American Al-Qaeda Online Jihad Pioneer Samir Khan

Memri Jihad & Terrorism Studies Project

September 28, 2012 Inquiry & Analysis Series Report No.886

 

The Life And Legacy Of American Al-Qaeda Online Jihad Pioneer Samir Khan – Editor Of Al-Qaeda Magazine ‘Inspire‘ And A Driving Force Behind Al-Qaeda’s Push For ‘Lone-Wolf’ Terror Attacks In West

By: Steven Stalinsky and R. Sosnow*

Table Of Contents

  • Introduction
  • Samir Khan, 1985-2011: Born In Saudi Arabia, Raised In N.Y., Martyred In Yemen
  • Samir Khan Launches His Blog “The Ignored Puzzle Pieces of Knowledge”
  • 2004: Khan Moves With Family To Charlotte, NC
  • 2007-2008: Failed Attempts To De-Radicalize Khan
  • 2007: Khan’s Only Interview With Western Media – The New York Times
  • 2009: Khan Launches Jihad Recollections Magazine
  • 2010: Federal Grand Jury Considers Evidence Against Khan
  • 2008-2009: Samir Khan’s “The Ignored Puzzle Pieces of Knowledge” Blog
  • AQAP’s “Inspire” Magazine – 2010-2012
  • Samir Khan’s Legacy

clip_image001

Introduction

On September 30, 2011, 25-year-old American citizen Samir Khan was killed in a drone strike in Yemen, alongside his mentor, American-born Al-Qaeda leader Sheikh Anwar Al-Awlaki. In the seven years following the beginning of his activity posting jihadi videos of Osama bin Laden, Al-Awlaki, and others on the Internet, Khan became a trailblazer in online jihad and ended as a “martyr” in the deserts of the Middle East – thus joining many other online jihadis who have moved from the pen to the sword.

From his blog “The Ignored Puzzle Pieces of Knowledge” to online English-language publications including the jihadi magazine Jihad Recollections and the Al-Qaeda magazine Inspire, to the document Expectations Full,[1] Khan laid the foundations for Western jihadis. A February 9, 2012 Washington Post article about Inspire stated that the CIA, Defense Intelligence Agency, and other U.S. government organizations had come to rely on the magazine for their understanding of Al-Qaeda’s agenda and roster.[2]

As this report covers, the number of young would-be jihadis arrested in the U.S. and U.K. with Khan’s writings and publications in their possession continues to grow.

ACLU Lawsuit Challenges Legality Of Drone Strike That Killed Al-Awlaki and Khan, Stating That Khan Was “Not Engaged In Activity” That Presented Any Threat

On July 18, 2012, the family of Samir Khan joined with the American Civil Liberties Union (ACLU) the Center for Constitutional Rights (CCR), and the family of Anwar and his son Abdulrahman Al-Awlaki to file a lawsuit challenging the legality of the U.S. government’s drone strikes that killed the three.[3] The lawsuit names Secretary of Defense Leon Panetta, CIA director David Petraeus, Special Operations Command (SOC) commander William McRaven, and Joint Special Operations Command (JSOC) Joseph Votel as the defendants.

The complaint stated, inter alia: “Upon information and belief, neither Samir Khan nor Abdulrahman Al-Aulaqi was engaged in any activity that presented a concrete, specific, and imminent threat to life; nor was either of them directly participating in hostilities” (p.3) and”Samir Khan was not engaged in activity that presented a concrete, specific, and imminent threat of death or serious physical injury; nor was he directly participating in hostilities” (p. 13)

Khan’s Desire For Martyrdom

Samir Khan’s dedication to jihad and Al-Qaeda and his desire for martyrdom were recurring themes in his writings. He wrote about them numerous times in various issues of Inspire, which he edited; in his blog, in his other writings, and in eulogies for him by his fellow jihadis.

Continue reading

We’ll pull the plug on info-leak smart meters, warns UK.gov

English: WASHINGTON (Oct. 7, 2011) An advanced...

English: WASHINGTON (Oct. 7, 2011) An advanced metering infrastructure smart meter monitors energy consumption near the Catering and Conference Center at the Washington Navy Yard. The smart meter records energy consumption data every 15 minutes and sends information to a single, secure system allowing managers to monitor and control energy systems throughout the installation. (U.S. Navy photo by Mass Communication Specialist 2nd Class Kiona Miller/Released) (Photo credit: Wikipedia)

Lose customer data and lose your licence

 

The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers’ energy supplies, it has confirmed.

In its latest consultation [18-page/118KB PDF] on use of the technology, the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an “appropriate standard” in the period running up until the launch of its Data and Communications Company (DCC).

Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.

Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.

“The government is committed to ensuring security is embedded into the design process for smart meters and their communication systems from the start, and to create a framework that allows systems and processes to continue to be fit for purpose as security risks, technology and the requirements continue to evolve,” the DECC said in the document. “Given the potential for a security incident, of any nature, to undermine confidence in smart metering … the government has proposed that obligations should be placed on suppliers in advance of DCC ‘go live’.”

Continue reading

Anonymous Hackers Deface International Police Association Website [PHOTOS]

By Jacob Kleinman | Apr 27, 2012 02:52 PM EDT

Members of the hacktivist collective called Anonymous lashed out at the International Police Association http://ipa-iac.org (IPA) on Friday afternoon. The Anonymous hackers responsible left an angry message on the website’s homepage, stating that they defaced the page “for the lulz” (for fun) but also warned that they might have stolen some “sensitive data.”

It appears that Anonymous targeted the IPA for this hack because they saw a glaring weakness in the website’s security and not in order to expose the international organization for any illegal or immoral activity.

A message posted at the top of the page reads, “oHai [hello]… International Police Association (International Admin Center) you will see we haz [had] some #LULZ at your expense maybe you will fix your security issues and of course… we always recommend you NOT store admin passwords in PLAINTEXT For a site like International Police Association… w3 [we] really expected moar [more]… #LULZ the thin…”

The hack was self-credited to Anonymous, and confirmed by several posts on Twitter, but the particular hacker(s) responsible declined to take responsibility, fearing that the “feds” might be watching. The message continues to boast that Anonymous cannot be stopped because “There is no head to cut off motherfu–kers!!!” Before concluding with the words, ” F–k the police!!!!”

On Twitter several accounts associated with Anonymous boasted of the successful hacktivist attack on the International Police Association.

“DEFACED International Police Association http://ipa-iac.org/ by #Anonymous,” wrote a Twitter user called MotorMouth.

AnonOpsSweden also confirmed the cyber-attack, writing “International Police Association #hacked http://ipa-iac.org/ #Anonymous

The International Police Association is the largest organization for police officers in the world according to Wikipedia, and is not connected to Interpol http://www.interpol.int/ . The IPA was founded by English police sergeant Arthur Troop in January 1950 under the model “Service Through Friendship” with the goal of creating friendly links to encourage cooperation between police officers across the world. The organization currently has around 400,000 members in 64 countries. Its main offices are based in Nottingham, England.

clip_image002

Source: http://ipa-iac.org/ / Screenshot

Continue reading

What Is the Role of Lawyers in Cyberwarfare?

Posted May 1, 2012 5:00 AM CDT By Stewart A. Baker and Charles J. Dunlap Jr.

What Is the Role of Lawyers in Cyberwarfare?Washington, D.C., attorney Stewart A. Baker and Charles J. Dunlap Jr., a former deputy judge advocate general of the U.S. Air Force, debate whether the U.S. should learn the practicalities of winning a cyberwar—and then ask lawyers for their input—or, instead, set the legal ground rules before conducting cyberwarfare in Patriots Debate: Contemporary Issues in National Security Law. The book is sponsored by the American Bar Association’s Standing Committee on Law and National Security, which invited both writers to address the legal approach to cyberwar.

STEWART BAKER’S POSITION

clip_image001

Stewart A. Baker

Lawyers don’t win wars.

But can they lose a war? We’re likely to find out, and soon. Lawyers across the government have raised so many showstopping legal questions about cyberwar that they’ve left our military unable to fight, or even plan for, a war in cyberspace.

No one seriously denies that cyberwar is coming. Russia may have pioneered cyberattacks in its conflicts with Georgia and Estonia, but cyberweapons went mainstream when the developers of Stuxnet sabotaged Iran’s Natanz enrichment plant, proving that computer network attacks can be more effective than 500-pound bombs. In war, weapons that work get used again.

Unfortunately, it turns out that cyberweapons may work best against civilians. The necessities of modern life—pipelines, power grids, refineries, sewer and water lines—all run on the same industrial control systems that Stuxnet subverted so successfully. These systems may be even easier to sabotage than the notoriously porous computer networks that support our financial and telecommunications infrastructure.

No one has good defenses against such attacks. The hackers will get through.

Even very sophisticated network defenders—RSA, HBGary, even the Department of Defense’s classified systems—have failed to keep attackers out. Once they’re in, attackers have stolen the networks’ most precious secrets. But they could just as easily bring the network down, possibly causing severe physical damage, as in the case of Stuxnet.

So as things now stand, a serious cyberattack could leave civilians without power, without gasoline, without banks or telecommunications or water—perhaps for weeks or months. If the crisis drags on, deaths will multiply: first in hospitals and nursing homes, then in cities and on the road as civil order breaks down. It will be a nightmare. And especially for the United States, which has trusted more of its infrastructure to digital systems than most other countries.

We’ve been in this spot before. As Brig. Gen. Billy Mitchell predicted, airpower allowed a devastating and unprecedented strike on our ships in Pearl Harbor. We responded with an outpouring of new technologies, new weapons and new strategies.

Continue reading

House Resolution 3523, Cyber Intelligence Sharing and Protection Act Bill

by William on 25th Apr 12

clip_image002

The CISPA bill and its content posted abridgedly, and why it affects the citizen more than had the SOPA bill.

clip_image004

As posted on curiosidadesofworld.blogspot.pt

In the spirit of newspapers of record, Urban Times shall publish the current version of the United StatesCyber Intelligence Sharing and Protection Act, a piece of legislation similar to the lines of SOPA and PIPA, though with a fundamental difference—whereas SOPA, ACTA, and PIPA dealt with the shutting down of websites “infringing” on copyright, CISPA manages to entice, as opposed to alienate, companies and corporations by encouraging cooperation between intelligence organizations of the United States and the private information held by said corporations, thereby putting all culpability and infringement not upon internet corporations and websites, but upon their users, citizens of the world. Internet corporations are encouraged to share private user information with the United States federal government, in exchange for immunity from prosecution though liability—information shared, not through a forced hand via subpoena or court warrant, but by arbitrary decisions based on the management of said private corporation.

This means that there shall be no great protests directly from Facebook, or Google, against this legislation, for they are supporters of the bill. The bill is up for debate tomorrow, Thursday, April 26th, 2012, and for vote by Friday. It is past the eleventh hour, and many have missed the previous 66 bell tolls warning that once Internet companies are benefited by legislation, they will not care about you, the user. They are corporations. They don’t care about you. A corporation, as much as a person as it may be according to certain laws, has no feelings. It is up to you, the user, to fight back, and knowledge is the first step to understanding your enemy.

There is an idiom that goes, “read between the lines”. Government legislation and law interpretation are truly, truly the times where this idiom is not just good advice to live by, but a necessary thought process for your happiness, well being, and more dramatically, survival, in the face of deliberately misleading rhetoric and ambiguous terminologies.

The bill has been formatted to facilitate its reading.

Cyber Intelligence Sharing and Protection Act of 2012

http://www.gpo.gov/fdsys/pkg/BILLS-112hr3523rh/pdf/BILLS-112hr3523rh.pdf (link)

‘‘(a) INTELLIGENCE COMMUNITY SHARING OF CYBER THREAT INTELLIGENCE WITH PRIVATE SECTOR.—

‘‘(1) IN GENERAL.—The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and to encourage the sharing of such intelligence.

Continue reading