It’s the same content you get here for free but you get the convenience of the Kindle and, if you like what I do here, subscribing also drops a few pennies in my pocket each month. You can even try it free for 14 days.
Monthly Archives: October 2012
France Pushing for Intervention in Mali – And They Will Get It
The war of words is already pretty intense:
Al Qaeda-linked Islamists in Mali threatened on Saturday to “open the doors of hell” for French citizens if France kept pushing for a war to retake the rebel-held north.
The renewed threats against French hostages and expatriates came ahead of a summit of French-speaking nations in Congo, where President Francois Hollande was expected to urge the rapid deployment of an African-led force to rout the Islamists.
…”If he continues to throw oil on the fire, we will send him the pictures of dead French hostages in the coming days,” said Oumar Ould Hamaha, a spokesman for Islamist group MUJWA, in an apparent reference to four French nationals seized in neighboring northern Niger in 2010.
“He will not be able to count the bodies of French expatriates across West Africa and elsewhere,” Hamaha said by telephone.
Allowing these groups to hold territory and consolidate power is intolerable so intervention is inevitable. Only the timing and scope are in question. The stakes are no doubt high for expats in West Africa but this conflict could reach back to France in the form of terrorism as well. How big is the threat on the European continent? I don’t know but it will be interesting to watch this unfold.
Covert Contact has been monitoring Mali for several months and today I rolled out a seven column widescreen live social media monitor there for this conflict. Additional monitors will probably be added as this escalates.
Maps courtesy of the CIA World Factbook
Hayden and Chertoff Blast the Obama Administration on Benghazi
Mistakes can be forgiven but covering them up, especially when your excuse changes from day to day, points to a much larger problem:
Michael Hayden, former CIA director, and Michael Chertoff, who served as Homeland Security chief, hit out after Biden stunned many in the intelligence community by insisting that the U.S. consulate in Benghazi did not ask for additional security before it was attacked on September 11 – directly contradicting what security officials and diplomats have testified under oath.
The tough joint statement was issued via the Romney campaign. In it they added: ‘Blaming those who put their lives on the line is not the kind of leadership this country needs.’
‘During the Vice Presidential debate, we were disappointed to see Vice President Biden blame the intelligence community for the inconsistent and shifting response of the Obama Administration to the terrorist attacks in Benghazi,’ they said in the statement.
‘Given what has emerged publicly about the intelligence available before, during, and after the September 11 attack, it is clear that any failure was not on the part of the intelligence community, but on the part of White House decision-makers who should have listened to, and acted on, available intelligence. Blaming those who put their lives on the line is not the kind of leadership this country needs.’
There may be layers of failure contributing to this incident but the response from the White House is appalling. It’s not just that they have demonstrated the wrong kind of leadership. They haven’t demonstrated any leadership at all. And then there are the hints (I’m being generous) of ethical and moral failings permeating the entire affair. That is not forgivable.
Cyberwar Roundup
Panetta Sounds Alarm on Cyber-War Threat
Panetta came to the nation’s financial hub – New York City – to issue his battle cry. The city is the brightest bulls-eye on the American target for foes wishing to cripple the U.S. economy with computerized “worms” and “malware” that can infect computer networks via the Internet or insider sabotage. “It is the kind of capability that can basically take down a power grid, take down a water system, take down a transportation system, take down a financial system,” he told Time editors. “We are now in a world in which countries are developing the capability to engage in the kind of attacks that can virtually paralyze a country.”
MOFCOM GOV CN (Chinese Ministry of Commerce) PWNED
On October 11th, 2012, Anonymous gained access to the servers of the Chinese Ministry of commerce and extracted 374mb of documents. A lot of them contain details about deals with Russia, Ukraine and Belarus. The documents are partly in English, Russian and Chinese.
See also: Hackers claim to have cracked servers Chinese representation in Belarus
Is ‘cyberwar’ another harmless buzzword, or an impending threat of nuclear proportions?
Is the whole thing being overstated as a threat? When people like Richard Clarke, the former head of counterterrorism in the US, warn that the cyber war could already be lost you may want to unplug your PC and run for the hills. But you have to take it with a pinch of salt from a man who now runs a cyber-security company, which would no doubt love a big contract.
Cyber War? Bring It On!
We’ve been warned again. The USA and all its citizens are under threat of “a cyber-Pearl Harbor!” Find a desk to hide under. Look for cover. Make it a place where the whole family can meet up so you can do a head count and see who is missing. No seriously, a cyberattack is imminent and could happen any minute! I need to get in on some of this action by becoming a consultant.
U.S.: Hackers in Iran Responsible for Cyberattacks on Oil, Gas Companies
U.S. authorities believe that Iranian-based hackers were responsible for cyberattacks that devastated Persian Gulf oil and gas companies, a former U.S. government official said. Just hours later, Defense Secretary Leon Panetta said the cyberthreat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.
So much outrage, so little time
This morning, hoping to get some discussion going (and somehow turning it into something blogworthy) I asked the question: Of all the missteps you see daily in infosec, what outrages you the most and why?
Hacking Google: The three Israeli white hats rooting out the web’s security holes
All three work at Israeli security company Avnet, which, among other things, tests enterprise websites in Israel for vulnerabilities. The Google work is a sideline for the three hackers – but a very lucrative one that has earned each several thousands of dollars, given that Google pays between $500 and $3,000 for each bug discovered. The three white hats have each earned that kind of money despite the fact that hundreds of hackers around the world participate in the programme – Google is so large, there are more than enough security lapses to go around.
Google rewards a hacker with $60,000 for breaking Chrome
Google confirmed that the winner of the contest – which was the second of its kind, part of the Hack In The Box conference in Kuala Lumpur, Malaysia – was a pwner named “Pinkie Pie”, who was the only participant with a successful entry.
U.S. Bank Hacks Expand; Regions Financial Hit
Still, the attacks have been notable because even with attackers’ prior warning, they’ve managed to disrupt the websites of some of the country’s largest financial firms, including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. As that skill and sophistication suggest, the bank attacks haven’t been launched by just one individual, or using a single tool, but rather by multiple well-organized groups wielding a variety of tools, according to Prolexic.
Cyberwar, Cyberdouchery, and Where the Rubber Meets the CyberRoad
Well, so here we are, we are in the age of the “Cyberwars” as much as the term might stick in the craw of many in the community. I would put it to you that as a person with anything online, you are a target. Whether it be the cyberwarfare of the state, or the cyber machinations of the criminal gang seeking to steal your money or your data, we all are under the same threats. Infrastructure as well as your personal PC are targets within a larger game of digital Stratego. Face the fact, live with it a while, and then think about what you can do to insulate yourselves a bit better.
Security Officer Qassim M. Aklan Killed at US Embassy in Yemen
Another small victory for the enemy:
A masked gunman assassinated a Yemeni security official who worked for the U.S. Embassy in a drive-by shooting Thursday near his home in the capital, officials said, adding the assault bore the hallmarks of al Qaeda’s Yemen branch.
…The officials noted it was similar to a series of other recent assaults by Al Qaeda’s Yemen branch, although they said it was too early to confirm the group’s involvement. Washington considers the Yemen-based Al Qaeda in the Arabian Peninsula, or AQAP, the most dangerous offshoot of the terror network. It has also been increasingly targeting Yemeni intelligence, military and security officials in retaliation for a U.S.-backed government offensive in the south.
AQAP sponsored or not I find the uptick in small scale attacks concerning. Granted, these are not catastrophic events that impact national power but they are still human tragedies and still disruptive (sometimes incredibly so) to our mission overseas.
Of course, al Qaeda was famous for aiming incredibly high in its attack planning – and obviously hit that mark quite a few times. Recent events seem to indicate that the strategy of a thousand cuts is on its way to being more fully realized. But is that overarching strategy really being fully embraced or is the increasing downward slide in attack scope more indicative of the enemies reduced capabilities?
I think there’s a little bit of both possibilities at play here. I don’t think there is quite enough evidence yet to suggest that al Qaeda and its affiliates can carry off a sustained and coordinated international campaign of small attacks. One thousand small cuts can bring down a giant but only if they occur in relatively quick succession and with some degree of coordination. This event is probably best viewed in a local context rather than as part of a coordinated international campaign. However, that could change at some point.
For me the possibility of emerging coordination (even if the networks themselves remain quite loose) and increasing frequency of attack raise other questions. How could we conduct our overseas diplomatic and intelligence missions in the face of that disruption? Perhaps it is even better to ask if we are too reliant on those facilities to start with. Could we operate differently and minimize the risk? Have we done enough to anticipate our enemy and negate their impact? After Benghazi I am not so confident that we know the answers to those questions. In fact, I am not even sure that we are asking them.
