Friday, March 11, 2011

Maybe i should stop thinking out loud? At least about the possible bad that can happen

First the Fukushima, and soon other similar plant tragedy will fallow if we do not start to accept the problem. The Starbobõl - no it's not old history news that has been solved.
Second the earthquake & tsunami that hit the Asia & Japan today... and how long do we have before before one important cities will under the sea, for ever?

Labels: ,

Tuesday, April 21, 2009

The Fog of Cyberwar - NATO military strategists are waking up to the threat from online attacks.

Ghostnet sounds like something John le Carré would invent. This vast cyber-espionage operation spanned 1,295 computers worldwide, a third of them located in ministries of foreign affairs, embassies, international organizations and news media, some holding classified data. According to a report by three Canadian security think tanks in March, it included at least one unclassified computer at NATO headquarters in Mons, Belgium. Although the culprit is unidentified, some experts suspect China. Whether it exploited any of the data is hard to say. That it could obtain it so easily has raised eyebrows in the world's mightiest military alliance.

NATO is only just beginning to recognize that the Internet has become a new battleground, and that it requires a military strategy. As economic life relies more and more on the Internet, the potential for small bands of hackers to launch devastating attacks on the world economy is growing. To counter such threats, a group of NATO members, including the U.S. and Germany, last year established a kind of internal cybersecurity think tank, based in a former government building in Tallinn, Estonia. The 30 staffers at the Cooperative Cyber Defense Centre of Excellence analyze emerging viruses and other threats, and pass on alerts to sponsoring NATO governments. They are also working to bring the allies together on the elusive issues that deepen the fog of cyberwar.

Experts with backgrounds in the military, technology, law and science are wrestling with such questions as: What qualifies as a cyber "attack" on a NATO member, and so triggers the obligation of alliance members to rush to its defense? And how can the alliance defend itself in cyberspace? Already, the debate is producing strikingly different answers: as Washington moves to create a new "cybersecurity czar" and new funds for cyberdefenses, Estonia is moving much of the job into civilian hands, aiming to create a nation of citizens alert and wise to online threats.

The choice of Estonia as the home to NATO's new cyberwar brain trust is not accidental. In 2007 Estonia was in a public squabble with Russia over the fate of a Soviet-era monument when it suddenly found itself under a wave of cyberattacks. Among the targets were two of Estonia's biggest banks, whose online systems were severely degraded for several hours. The scale of the economic damage is still classified as a state secret, but the fact that this happened in "E-stonia," a proud digital society where even parking meters take payment via text messages, was eye-opening. Although the decentralized nature of cyberattacks made it hard to know whether the Kremlin ordered the attacks, clues led Estonia to a Russian suspect, whom the Kremlin refused to extradite.

One thing is clear: Russia gained from what may be the first successful invasion in the new age of cyberwar. Hillar Aarelaid, a manager at Estonia's computer emergency response team, who coordinated Estonia's defenses during the assault, told me that the attack used a nasty weapon called a "distributed denial of service," or DDOS. Cheap to organize and devastating, DDOS involves a small gang of hackers who command a cyber-army of infected PCs to overwhelm the Web sites of a bank (or other institution) with seemingly legitimate requests. Yet Aarelaid believes that the attackers who came after Estonia aimed to flaunt the range and power of their arsenal. If the orders came from the Kremlin, the message to former Soviet satellites was clear: defy us at your own risk. Estonia, courageously, went ahead and moved the Soviet monument anyway.

The attack revealed the vulnerability of a NATO member to external pressure. If a group in Russia could wreak so much havoc over a statue, imagine what a state-sponsored effort could do? Attackers could infect and gain control of thousands of computers—much like GhostNet did—and go after banks all across Europe, leading to digital chaos—online banking would go down, credit-card purchases couldn't be verified. Factor in electricity grids, dams and airport navigation systems, which are connected to the Internet, and it begins to sound like a Hollywood movie.

The trick, from NATO's standpoint, is figuring out when an attack is hacker mischief and when it's a military matter. Back in 2007, Estonia's minister of defense stated that "the attacks cannot be treated as hooliganism, but have to be treated as an attack against the state." But no troops crossed Estonia's borders, and there was almost nothing that we associate with a conventional conflict. How to respond, and against whom? The first step, say scientists at the center, is to identify when a threat warrants a military response. "In the absence of a clear legal framework for dealing with cyberattacks, it's very hard to decide whether to treat them as the beginning of armed conflict," says Rain Ottis, one of the center's senior scientists.

The United States is clearly leaning toward a military strategy. In March the U.S. Senate took up a bill that would bring cybersecurity work at the NSA, Air Force, DHS and a dozen other agencies under a "cybersecurity czar," who would also become a "national cybersecurity adviser." It would arm this person with unprecedented powers, including the right to shut off federal networks if they are found to be vulnerable. If passed, the bill might result in even further militarization of cyberspace; today, virtually all major security contractors—from Lockheed Martin to Boeing—have already set up cybersecurity divisions, fighting for government funds. U.S. government spending on secure computer networks is forecast to rise from $7.4 billion in 2008 to $10.7 billion in 2013. Most of NATO's biggest members, including France, Britain and Germany, appear to be following the U.S. lead.

Estonia, on the other hand, is choosing not to play up fear of a cyberwar. Such talk in 2007 only made already strained relations with Russia worse. Instead, it prefers to demilitarize the issue by shifting the responsibility for cybersecurity from the Ministry of Defense to the Ministry of Economic Affairs and Communications, and is working to identify the services—like online banking—that are most critical to running a digital economy. The Estonians are stepping up efforts to educate citizens on how to identify risks, and creating graduate programs in cybersecurity. Heli Tiirmaa-Klaar, the senior defense adviser at Estonia's defense ministry and one of the country's leading cybersecurity officials, speaks of promoting a "culture of cybersecurity," starting with schoolchildren.

The Estonians have the right idea. Cyberattacks would be prohibitively expensive if hackers had to build their own computers, rather than hijacking idle ones. And a society of savvy citizens is the best defense, because they have every incentive to stay ahead of the hackers; industry tends to stay a step behind, because attacks create a demand for new software. That's how America's reliance on centralized military industries could backfire: they are not numerous or nimble enough to fight Internet battles. Estonia's civilian answer is both more likely to prove popular in diplomatic circles, and more likely to be successful.


By Evgeny Morozov | NEWSWEEK

Labels: , , , ,

Monday, November 17, 2008

Russian nationalists waged a cyber war against Georgia. Fighting back is virtually impossible.

On July 20, weeks before Russia stunned Georgia with a rapid invasion, the cyber attack was already under way. While Moscow baited Georgia with troop movements on the borders of the breakaway provinces of Abkhazia and South Ossetia, the "zombie" computers were already on the attack. Russian viruses had seized hundreds of thousands of computers around the world, directing them to barrage Georgian Web sites, including the pages of the president, the parliament, the foreign ministry, news agencies and banks, which shut down their servers at the first sign of attack to pre-empt identity theft. At one point the parliament's Web site was replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. This was not the first Russian cyber assault—that came against Estonia, in April of 2007—but it was the first time an Internet attack paralleled one on land.

The labyrinthine ways of the Web and the complicated interfaces between the Russian government's clandestine services and organized crime make it impossible, at this point, to say with certainty who was responsible, or how far up the chain of command it went. The Russian military certainly had the means to attack Georgia's Internet infrastructure, says Jonathan Zittrain, cofounder of Harvard's Berkman Center for Internet and Society. Moreover, the attacks were too successful to have materialized independent of one another. Bill Woodcock, the research director at Packet Clearing House, a California-based nonprofit group that tracks Internet security trends, says the attacks bear the markings of a "trained and centrally coordinated cadre of professionals."

But who? Jart Armin, who has tracked Russian cybercrime, points to the possibility that a role was played by the notorious Russian Business Network, a cybermafia that specializes in identity theft, child pornography, extortion and other dark and lucrative Internet crimes. The RBN's political agenda is vague or nonexistent, but it often contracts out its services, and Armin says there is increasing evidence that it is connected to, or at least tolerated by, the Kremlin.

Indeed the timing is such that it's hard to discount some sort of Kremlin coordination, even if it's impossible to prove, and Woodcock argues that such cyber assaults have become a tool of Russian political leadership. As the attacks' political intentions became more specific, he notes, the operations have grown more complex. In addition to targeting Georgian government and media Web sites, Russian hackers brought down the Russian newspaper Skandaly.ru, apparently for expressing some pro-Georgian sentiment. "This was the first time that they ever attacked an internal and an external target as part of the same attack," he says.

Fighting back is tough. When Russian hackers made a name for themselves last year by bringing down the Web site of the Estonian parliament along with the sites of banks, ministries and newspapers, Estonian Foreign Minister Urmas Paet immediately accused the Kremlin of backing the attacks. But he was unable to produce evidence supporting his claims. Putin eventually named a suspect, or scapegoat, within his government. As Russian hackers waged a similar assault on Georgian sites over the past few weeks, Estonia—one of Europe's most wired countries—offered its better-defended servers to host many Georgian government Web sites. Lithuania and Poland have stepped up as well, prompting some excited bloggers to suggest that this is a digital Sarajevo, akin to the events of August 1914, the start of the first Internet world war. Certainly that's exaggerated, but the mutual defense going on in cyberspace shows that these nations take the Russian threat to their online infrastructure seriously.

Still, the nature of the Internet is such that it is almost impossible to respond quickly enough. The government doesn't maintain its own botnets—large networks of zombified computers standing ready to attack—but can rent one from a crime network, like the Russian Business Network. Then, through state-controlled media, the government can inspire waves of nationalists to amplify the destructive force. "Everybody with a laptop has the responsibility to attack the enemy—and you find out who the enemy is by looking at what the government is saying," Woodcock says.

While no one can say who wrote the malware that was used to cause Georgian servers to crash, it certainly proliferated on Russian Web sites in a user-friendly form. Gary Warner, a cybercrime expert at the University of Alabama at Birmingham, says he found "copies of the attack script" posted in the reader comments section at the bottom of virtually every story in the Russian media that covered the Georgian conflict, complete with instructions on how the script could be used to attack a specific list of Web sites. The efficiency is enough to make Russia's tanks and planes and ships, however deadly, appear downright anachronistic.


http://www.newsweek.com/id/154965/output/print

Labels: , , ,

"It could be assumed the Estonia attack has benefited the United States agenda more than any other country..."

... I like what you say about a chinese IP space attacks or cyber crime
might not be the chinese government or its people,but could as easily
be another government who is carrying out cyber attacks and cyber
crime and making all evidence point towards China...



...Age, should not be the issue here. you can get people of all ages
creating a bot net for whatever purpose, and the profiteering seen in
the scene nowadays, there is business incentive for bot nets to be
developed too. Not only do we have individuals and groups in the
hacker underground with reasons to create bot nets, we've now got the
entry into the soup of the U.S Cyber Command and other governments
entering into the political cyber space. So not only have you got the
romanian teen theory of yours, we've now got the possibility of
governments, including Russia, U.S and UK who may have a vested
interests for cyber attacks, cyber crime and cyber espionage to point
towards chinese IP space. And, just the same that the IP range is
coming from China, the code is written in chinese and the money to buy
a phishing domain was Chinese yuan, and the company the domain was
registered at doesn't conclusively mean the attack is coming from the
Chinese government or even its citizens.

The government hackers, and state sponsored hacks by RU, US, UK all
know to cover their tracks and have all bases covered to fool forensic
analysts later on. Any good cyber attack is planned in the notion that
you're working from the point of forensic analysis backwards, you
don't plan your cyber attacks from the frontend to the back, well
script kiddies and dumb hackers do.

You work your attack from the back to the front. Backwards hacking I
call it, or Microwaving. You cook your target from the inside
outwards... in the attack mode, but in the planning stages, you must
work back to front to avoid possible detection by your targets
forensic team when they go into post-attack investigative mode.

The target may be a government or corporation you're gathering
intelligence from, or in the case of bot net, the cyber crime and
profiteering or bandwidth data attack to take out key infrastructure
of a government or corporation. Remember the U.S cyber command wants
to destroy important data of its adversaries, so backups of important
documents are an extra need to be needed for when the U.S cyber
command gets underway.

Russia is home to one of cyber crimes biggest bot net
the Storm Worm
and FSB (the russian secret service) is protecting the Russian
Business Network
owners from being arrested by western powers. If you
really want to get bot net culture under control you must start with
the biggest bot net of them all, and perhaps the most worrying of all
bot bets, the government bot net or the state sponsored bot net who
are capitalizing from the huge revenue globally to be made from cyber
crime, which has been proved to be a bigger trade now than illegal
drug trafficking and selling of those drugs in our towns and cities.

The government's of our world have every reason to point their bot
net's forensic outcome towards China, and to publish propaganda to the
media to make the Chinese government and its citizens look like they
are the number one cyber threat to the west, when most probably, the
true source of attacks is coming from U.S, UK or Russia.

I believe the number one cyber threat to the west is Russia, _but_ I
believe the overall number one cyber threat to the internet and its
well being at large is that of the United States Cyber Command and its
shoulder to shoulder friends in the United Kingdom, who are likely to
share the same cyber political agenda as far as breaking into things,
attacking things, destroying data and other activities for the reason
of the long term strategic interest of national security for both US/
UK.

The national interest of US/UK won't necessary be the interest of the
internet at large and its survival as a country-less global
infrastructure for data exchange of government, e-commerce and
civilian of economic, security and leisure.

To conclude, the cyber threat from bot nets is no longer the teenager
or the humble individual anymore, its moved on from that. The true
threat now is from cyber command's of various countries who will do
anything they can to attack back their adversaries, if they are
attacked first, or if its in the national interest for a pre-emptive
cyber strike.
Not only is government sponsored or government based
"attacks" the real threat now compared to the past when it was teen or
adolescents, its now militaries and its intelligence agencies who are
becoming the real problem on the internet, not the traditional
adolescent in its bedroom or college computer lab causing mayhem, its
now government cyber attacks, and government cyber crime is now the
new threat of today.

In your defense, the Estonia attack that everyone is getting worried
about as a proof of concept attack for world governments to wake up
and build cyber commands, turned out to of been carried out by a teen,
who was charged for creating a bot net, but he could easily be a
scapegoat plant for the Russian Business Network guys, who are widely
blamed for the Estonia attack by people in the know.


I'm not a government hacker for the UK, but I live in the UK as an
unemployed student. I know what's going on and I have monitored the
cyber security scene extensively for the last 9 years in many forms
and formats. I started off as a script kid on Yahoo--then worked my
way up, I currently run under my internet alias known to the security
community as "n3td3v". I have been misreported by the media and others
as a troll, this is not the case.

I continue to receive criticism for my outspoken and rude behaviour,
but in amongst that is true substance and cause in what I believe to
be the way things are in the cyber security landscape and the way its
developing towards 2010 and beyond.

n3td3v currently runs a news group on Google groups with over 4000
members and climbing, however please remember n3td3v operates as an
individual security researcher, there is no group of researchers
working under the n3td3v tag, and the members of the news group are
only the public at large who are not operated or controlled by me, it
is a news group for sharing information, news articles and other
commentry from around the world IP space.

Mark Seiden is no stranger to n3td3v, he knows me better than most on
the internet, he holds many n3td3v secrets and knows my true identity...

Mark Seiden is a high powered senior security consultant on a global
scale agenda, he advises and contributes to the security of many
government agencies and corporations around the world, His name is in
the top cyber elite's as a true recommended security expert for many
high level issues in the cyber world today. You can learn more, here
http://www.cutter.com/meet-our-experts/seidenm.html

This was in reply to Mark Seiden's "Cyberflexing" Blog post.
http://blog.cutter.com/2008/01/17/cyberflexing-what-were-in-store-for-in-2008/

An IRC transcript between n3td3v and a former U.S Navy cyber security expert
on the worries of the U.S cyber command and its upcoming impact on the
security community.
http://seclists.org/fulldisclosure/2008/Mar/0043.html

To highlight, the security community will no longer post
vulnerabilities to the mailing lists, when Af cyber based attacks, or
suspicious cyber attacks on different countries start to be reported
by our media and the security industry's businesses, especially if
power infrastructure is affected and we in the security community
start to personally suffer our quality of life due to unknown
attackers who are largely believed to be connected with the
establishment of the U.S cyber command.

For instance, if the U.S suffer a cyber attack, and its blamed on X
government or regime, are U.S hackers going to keep releasing
vulnerabilities to mailing lists, helping that X government obtain
further cyber ammo, or new technique/ research ideas. If the UK gets
hit by a cyber attack and its largely believed to be the U.S cyber
command, are U.K or the rest of the world going to continue to post
vulnerabilities, cyber ammo, or or new technique/ research ideas to
mailing lists? The answer is likely no, considering they won't want to
help the United States learn of new hack techniques, its likely the
uprise of U.S cyber command and a cyber war of real proportion would
slow down, if not kill the vulnerability release scene on the world
wide web and push the scene back underground into the dark ages before
wide spread full-disclosure was around.

If real case cyber attacks start to happen on big scale, that stops a
country from operating as it should, and the everyday life of security
researchers are disabled, or restricted because of national
infrastructure attacks by an individual, a group, a government, then
they aren't going to keep disclosing vulnerabilities to mailing lists
to help the cyber terrorist or cyber military to aid them in any
on-going attack, or help them gather ideas for later attacks after the
intial attack.

The government and its enemies will suffer from a lack of publically
disclosed vulnerabilities by security researchers, meaning the
government of whatever countries are going to have to be self
sufficient with research, zero-day discovery, and vulnerability
development, as in a time of cyber war, they won't have independent
security researchers from the security community publishing new
cutting edge cyber ammo to the mailing lists at large.

If a government and its enemies think people aren't going to notice
suspicious spectaculars connected with power outages then they need to
re-work what their strategy for covering it up will be to the world's
intelligence services and the security community at large.

If the Af cyber command think they are going to start attacking
things, destroying adversaries data and blacking out power grids of
enemy states and that, that kind of thing won't be cloaked by everyone
they have got to think again, because you've already declared you're
planning on cyber war once your offensive command and its staff are
trained and fully briefed and covert operation detail has been decided
upon.

The homepage of the upcoming U.S cyber command.
http://www.afcyber.af.mil/

A blog entry report on the scapegoat for the Estonia attack.
http://www.russophile.com/russia_blog/26159-one_russian_charged_estonia_bronze_soldier_denial_service_attack.html

The attack on Estonia and its impact on the security industry is not
fully known, although it was a landmark event for many cascading
events, political decisions and business marketing plans and media
news articles.


It could be assumed the Estonia attack has benefited the United States
agenda more than any other country, which the announcement of the Af
cyber command was based around that attack, so there is room for
speculation that there could have been underground deals with U.S, UK,
Russia and Estonia for this cyber attack to take place as a pathway
for a cyber war footing to mark the way for the Af cyber command and
to get funding for such a command.

My ending paragraph above cannot to proved and is unlikely to be, but
it has to be mentioned at the end of this response, as the real
beneficiaries of the Estonia cyber attack has been the United States
and funding of the new cyber command.


As noted by n3td3v previously, the security community and the security
industry are two different things, the security industry is eager to
use the Estonia attack to forward their business motives, and the
government are eager to use it to politically capitalise. While the
security community, a different species compared to the industry,
keeps sitting, watching, analyzing and working out the truth between
the propaganda lines spat out by our media and what's really going on
between governments in the underworld.

The security community is no fool to the security industry, we're
aware of what's going on and we're not gullible to the propaganda
being put infront of our computer screen and through media outlets and
business messages.

Yours,

n3td3v
http://www.security-express.com/archives/fulldisclosure/2008-04/0340.html


--------


"Russian nationalists waged a cyber war against Georgia. Fighting back is virtually impossible."
http://www.newsweek.com/id/154965/output/print

Labels: , , , ,

Monday, August 11, 2008

Eesti hostib Gruusia välisministeeriumi weebilehte

Eesti hostib Gruusia välisministeeriumi weebilehte.

Äärimiselt meeldiv oli seda uudist eile lugeda, õigemini ma tegelikult kõigepealt avastasin selle ise kuna ma teatud lehtedel silma peal hoitsin & siis asusin uudiseid otsima, esimesena reporteeris Richard Stiennon http://www.networkworld.com/community/stiennon


Uudis on vahva kuid loodan, et Eestlased jätkuvalt suudavad kaitsta ka tõsiste rünnakute vastu Eesti valitsuse weebilehti, eriti peale seda kui Gruusia välisministeeriumi leht http://www.mfa.gov.ge/ nüüd Eesti võrgus on [ http://www.robtex.com/dns/mfa.gov.ge.html / IP on Linxtelecom Estonia OÜ võrgus mis on Hollandi kapitalile tugineva Linx Telecommunications BV tütarfirma Eestis ].

Ületõstmine käis eile lühidalt peale seda kui kui kaks spetsialisti Eesti CERT'st Gruusiasse läksid teatas Baltic News Service.

Väismaailmas rohkem ja rohkem räägitakse väikesest riigist kes teeb imelugusi IT osas, suured tänud muidugi ka vene häkeritele kes meid kiirelt areenile aitasid ( www.estonia-russia.tk ). BusinessWeek juba eelmine aasta nimetas Eestit kui "Cyber Superpower"*.
Tõesti loodan, et Eesti hoaib seda imagot ning vb on see meie nö kaua otsitud "Nokia"


Vene netifoorumid igatahes juba arutavad selle üle kuidas jultunud Eestlastega arveid õiendada virtuaalselt.

Kuid loodame paremat, üks on kindel - ida pool ei istu nii sama ning ei laiutata käsi mida teha - rünnakud saavad suure tõenäosusega olema paremate profesionaalide poolt tehtud ja tõsisemal määral.

Huvitavat lisamaterjali võib ka lugeda www.expertiza.ru lehelt Komando G kohta.



* http://www.businessweek.com/globalbiz/content/dec2007/gb20071217_535635.htm?chan=globalbiz_europe+index+page_top+stories

Labels: , , , , ,

Wednesday, June 04, 2008

China’s Cyber-Militia - Chinese hackers pose a clear and present danger to U.S. government

China’s Cyber-Militia
Chinese hackers pose a clear and present danger to U.S. government and private-sector computer networks and may be responsible for two major U.S. power blackouts.

by Shane Harris
Sat. May 31, 2008

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. The blackout prompted President Bush to address the nation the day it happened. Power was mostly restored within 24 hours.

There has never been an official U.S. government assertion of Chinese involvement in the outage, but intelligence and other government officials contacted for this story did not explicitly rule out a Chinese role. One security analyst in the private sector with close ties to the intelligence community said that some senior intelligence officials believe that China played a role in the 2003 blackout that is still not fully understood.

Bennett, whose former trade association includes some of the nation’s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations. Bennett said that the chief executive officer of a security firm that belonged to Bennett’s trade group told him that federal officials had hired the CEO’s company to investigate the blackout for evidence of a network intrusion, and to “reverse engineer” the incident to see if China had played a role.

Bennett, who now works as a private consultant, said he decided to speak publicly about these incidents to point out that security for the nation’s critical electronic infrastructures remains intolerably weak and to emphasize that government and company officials haven’t sufficiently acknowledged these vulnerabilities.

The Florida Blackout

A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake. “The hacker was probably supposed to be mapping the system for his bosses and just got carried away and had a ‘what happens if I pull on this’ moment.” The hacker triggered a cascade effect, shutting down large portions of the Florida power grid, the security expert said. “I suspect, as the system went down, the PLA hacker said something like, ‘Oops, my bad,’ in Chinese.”

The power company has blamed “human error” for the incident, specifically an engineer who improperly disabled safety backups while working on a faulty switch. But federal officials are still investigating the matter and have not issued a final report, a spokeswoman for the Federal Energy Regulatory Commission said. The industry source, who conducts security research for government and corporate clients, said that hackers in China have devoted considerable time and resources to mapping the technology infrastructure of other U.S. companies. That assertion has been backed up by the current vice chairman of the Joint Chiefs of Staff, who said last year that Chinese sources are probing U.S. government and commercial networks.

Asked whether Washington knew of hacker involvement in the two blackouts, Joel Brenner, the government’s senior counterintelligence official, told National Journal, “I can’t comment on that.” But he added, “It’s certainly possible that sort of thing could happen. The kinds of network exploitation one does to explore a network and map it and learn one’s way around it has to be done whether you are going to … steal information, bring [the network] down, or corrupt it.… The possible consequences of this behavior are profound.”

Brenner, who works for Director of National Intelligence Mike McConnell, looks for vulnerabilities in the government’s information networks. He pointed to China as a source of attacks against U.S. interests. “Some [attacks], we have high confidence, are coming from government-sponsored sites,” Brenner said. “The Chinese operate both through government agencies, as we do, but they also operate through sponsoring other organizations that are engaging in this kind of international hacking, whether or not under specific direction. It’s a kind of cyber-militia.… It’s coming in volumes that are just staggering.”

The Central Intelligence Agency’s chief cyber-security officer, Tom Donahue, said that hackers had breached the computer systems of utility companies outside the United States and that they had even demanded ransom. Donahue spoke at a January gathering in New Orleans of security executives from government agencies and some of the nation’s largest utility and energy companies. He said he suspected that some of the hackers had inside knowledge of the utility systems and that in at least one case, an intrusion caused a power outage that affected multiple cities. The CIA didn’t know who launched the attacks or why, Donahue said, “but all involved intrusions through the Internet.”

Donahue’s public remarks, which were unprecedented at the time, prompted questions about whether power plants in the United States had been hacked. Many computer-security experts, including Bennett, believe that his admission about foreign incidents was intended to warn American companies that if intrusions hadn’t already happened stateside, they certainly could. A CIA spokesman at the time said that Donahue’s comments were “designed to highlight to the audience the challenges posed by potential cyber intrusions.” The CIA declined National Journal’s request to interview Donahue.

Cyber-Espionage

In addition to disruptive attacks on networks, officials are worried about the Chinese using long-established computer-hacking techniques to steal sensitive information from government agencies and U.S. corporations.

Brenner, the U.S. counterintelligence chief, said he knows of “a large American company” whose strategic information was obtained by its Chinese counterparts in advance of a business negotiation. As Brenner recounted the story, “The delegation gets to China and realizes, ‘These guys on the other side of the table know every bottom line on every significant negotiating point.’ They had to have got this by hacking into [the company’s] systems.”

Bennett told a similar story about a large, well-known American company. (Both he and Brenner declined to provide the names of the companies.) According to Bennett, the Chinese based their starting points for negotiation on the Americans’ end points.

Two sources also alleged that the hacking extends to high-level administration officials.

During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used. Gutierrez was in China with the Joint Commission on Commerce and Trade, a high-level delegation that includes the U.S. trade representative and that meets with Chinese officials to discuss such matters as intellectual-property rights, market access, and consumer product safety. According to the computer-security expert, the spyware programs were designed to open communications channels to an outside system, and to download the contents of the infected devices at regular intervals. The source said that the computer codes were identical to those found in the laptop computers and other devices of several senior ex ecutives of U.S. corporations who also had their electronics “slurped” while on business in China. The source said he believes, based on conversations with U.S. officials, that the Gutierrez compromise was a source of considerable concern in the Bush administration. Another source with knowledge of the incident corroborated the computer-security expert’s account.

National Journal had a series of conversations with Rich Mills, a Commerce Department spokesman. Asked whether spyware or other malicious software code was found on any electronic devices used by Gutierrez or people traveling with him in China in December 2007, Mills said he “could not confirm or deny” the computer-security expert’s allegations. “I cannot comment on specific [information-technology] issues, but the Department of Commerce is actively working to safeguard sensitive information.” Mills added that the source had provided some inaccurate information, but he did not address the veracity of the source’s claim that the delegation was electronically compromised.

“China is indeed a counterintelligence threat, and specifically a cyber-counterintelligence threat,” said Brenner, who served for four years as inspector general of the National Security Agency, the intelligence organization that electronically steals other countries’ secrets. Brenner said that the American company’s experience “is an example of how hard the Chinese will work at this, and how much more seriously the American corporate sector has to take the information-security issue.” He called economic espionage a national security risk and said that it makes little difference to a foreign power whether it steals sensitive information from a government-operated computer or from one owned by a contractor. “If you travel abroad and are the director of research or the chief executive of a large company, you’re a target,” he said.

“Cyber-networks are the new frontier of counterintelligence,” Brenner emphasized. “If you can steal information or disrupt an organization by attacking its networks remotely, why go to the trouble of running a spy?”

Stephen Spoonamore, CEO of Cybrinth, a cyber-security firm that works for government and corporate clients, said that Chinese hackers attempt to map the IT networks of his clients on a daily basis. He said that executives from three Fortune 500 companies, all clients, had document-stealing code planted in their computers while traveling in China, the same fate that befell Gutierrez.

Spoonamore challenged U.S. officials to be more forthcoming about the breaches that have occurred on their systems. “By not talking openly about this, they are making a truly dangerous national security problem worse,” Spoonamore said. “Secrecy in this matter benefits no one. Our nation’s intellectual capital, industrial secrets, and economic security are under daily and withering attack. The oceans that surround us are no protection from sophisticated hackers, working at the speed of light on behalf of nation-states and mafias. We must cease denying the scope, scale, and risks of the issue. I, and a growing number of my peers believe our nation is in grave and growing danger.”

A Growing Threat

Brenner said that Chinese hackers are “very good and getting better all the time.… What makes the Chinese stand out is the pervasive and relentless nature of the attacks that are coming from China.”

The issue has caught Congress’s attention. Rep. Jim Langevin, D-R.I., who chairs the Homeland Security panel’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, said that his staff has examined a range of hacker networks, from criminal syndicates to nationally supported groups. “China has been a primary concern,” he said. The deepest penetrations into U.S. systems have been traced back to sources within China, Langevin noted.

(At a hearing last week, Langevin said that the private sector, which owns the vast majority of U.S. information networks, including those that operate power plants, dams, and other critical infrastructure, had taken a “halfhearted approach” to improving security. He cited a new report by the Government Accountability Office, which found that the Tennessee Valley Authority, the nation’s largest power generator, “has not fully implemented appropriate security practices to secure the control systems and networks used to operate its critical infrastructures.” Langevin said that the TVA “risks a disruption of its operations as the result of a cyber-incident, which could impact its customers,” and he expressed “little confidence that industry is taking the appropriate actions.”)

The Chinese make little distinction between hackers who work for the government and those who undertake cyber-adventures on its behalf. “There’s a huge pool of Chinese individuals, students, academics, unemployed, whatever it may be, who are, at minimum, not discouraged from trying this out,” said Rodger Baker, a senior China analyst for Stratfor, a private intelligence firm. So-called patriotic-hacker groups have launched attacks from inside China, usually aimed at people they think have offended the country or pose a threat to its strategic interests. At a minimum the Chinese government has done little to shut down these groups, which are typically composed of technologically skilled and highly nationalistic young men. Officially, Chinese military and diplomatic officials say they have no policy of attacking other governments’ systems.

“This has been a growing wave in recent years,” Brenner said, attributing China’s cyber-tactics to its global economic and political ambitions. “The Chinese are out to develop a modern economy and society in one generation.… There is much about their determination that is admirable. But they’re also willing to steal a lot of proprietary information to do it, and that’s not admirable. And we’ve got to stop it as best we can.”

High-profile penetrations of government systems have been occurring for several years. In 2007, an unidentified hacker broke into the e-mail system for Defense Secretary Robert Gates’s office, and the Pentagon shut down about 1,500 computers in response. But officials said that the intrusion caused no harm. In 2006, a State Department employee opened an e-mail containing a Trojan horse, a program designed to install itself on a host machine to give a hacker covert access. As a result, officials cut off Internet access to the department’s East Asia and Pacific region, but the department suffered no long-term problems.

The Homeland Security Department, which is responsible for protecting civilian computer systems, suffered nearly 850 attacks over a two-year period beginning in 2005, officials have said. In one instance, they found that a program designed to steal passwords had been installed on two of the department’s network servers. In these and other incidents, there is considerable debate about whether the intruders stole truly valuable information that could compromise U.S. strategy or ongoing operations.

“The penetrations we’ve seen are on unclassified systems, which are obviously less protected than classified systems,” Brenner said.

Private Sector Foot-Dragging

There is little indication that cyber-intrusions, however menacing, have severely impaired government operations for very long. So why are so many officials increasingly sounding the alarm about network attacks, Chinese hacking and espionage, and the advent of cyberwar?

Part of the answer lies in officials’ most recent appraisals of the cyber-threat. They cite evidence that attacks are increasing in volume and appear engineered more to cause real harm than sporadic inconvenience. Without naming China, Robert Jamison, the top cyber-security official at DHS, told reporters at a March briefing, “We’re concerned that the intrusions are more frequent, and they’re more targeted, and they’re more sophisticated.”

“In terms of breaches within government systems, it’s something that has happened quite a bit over the last six, seven years,” says Shannon Kellogg, the director of information-security policy for EMC Corp., which owns RSA, a top cyber-security research firm. “But the scale of these types of breaches and attacks seems to have increased substantially.”

Government officials are more concerned now than in recent years about the private sector’s inability, or unwillingness, to stop these pervasive attacks. When Donahue, the CIA cyber-security officer, warned the gathering in New Orleans about foreign hackings of power plants, some saw it as a direct challenge to American companies.

“Donahue wouldn’t have said it publicly if he didn’t think the threat was very large and that companies needed to fix things right now,” Alan Paller, the highly regarded director of research at the SANS Institute, told The Washington Post at the time. (SANS, a cyber-security research and education group, sponsored the January meeting in New Orleans.) Another security expert noted that in the previous 18 months, there had been “a huge increase in focused attacks on our national infrastructure networks … and they have been coming from outside the United States.”

In comments posted on Wired magazine’s Danger Room blog, which is trafficked by many techno-elites who are skeptical of the administration’s more boisterous public warnings, Donahue’s remarks about power plants drew support. Michael Tanji, a former intelligence officer with the Defense Intelligence Agency, said that the comments weren’t part of a government plot to hype the threat. “Having worked with [Donahue] on these and related issues in the past, I regret to inform conspiracy theorists that he is virulently allergic to hyperbole,” Tanji said. “I’ve long been a skeptic of claims about being able to shut down the world from the Net.… But after today, I’m starting to come around to the idea that the ignorance or intransigence of utility system owners just might merit a more robust response than has been undertaken to date.”

Tanji’s remarks pointed to one of the most nettlesome realities of cyber-security policy. Because most of the infrastructure in the United States is privately owned, the government finds it exceptionally difficult to compel utility operators to better monitor their systems. The FBI and DHS have established formal groups where business operators can disclose their known vulnerabilities privately. (Companies fear that public exposure will decrease shareholder confidence or incite more hackings.) But membership in these organizations isn’t compulsory. Furthermore, many of the systems that utility operators use were designed by others. Intelligence officials now worry that software developed overseas poses another layer of risk because malicious codes or backdoors can be embedded in the software at its creation. U.S. officials have singled out software manufacturers in emerging markets such as, not surprisingly, China.

Military Response

The intelligence community’s and private sector’s vocal warnings and dire suspicions of Chinese hackers join a chorus of concern emanating from the Defense Department in recent months. In the most recent annual report on China’s military power, the Defense Department declared publicly for the first time that attacks against government and commercial computer networks in 2007 appear to have emanated from China. “Numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within” the People’s Republic of China. Although not claiming that the attacks were conducted by the Chinese government, or officially endorsed, the declaration built upon the previous year’s warning that the People’s Liberation Army is “building capabilities for information warfare” for possible use in “pre-emptive attacks.”

The military is not waiting for China, or any other nation or hacker group, to strike a lethal cyber-blow. In March, Air Force Gen. Kevin Chilton, the chief of U.S. Strategic Command, said that the Pentagon has its own cyberwar plans. “Our challenge is to define, shape, develop, deliver, and sustain a cyber-force second to none,” Chilton told the Senate Armed Services Committee. He asked appropriators for an “increased emphasis” on the Defense Department’s cyber-capabilities to help train personnel to “conduct network warfare.”

The Air Force is in the process of setting up a Cyberspace Command, headed by a two-star general and comprising about 160 individuals assigned to a handful of bases. As Wired noted in a recent profile, Cyberspace Command “is dedicated to the proposition that the next war will be fought in the electromagnetic spectrum and that computers are military weapons.” The Air Force has launched a TV ad campaign to drum up support for the new command, and to call attention to cyberwar. “You used to need an army to wage a war,” a narrator in the TV spot declares. “Now all you need is an Internet connection.”

“It’s a kind of cyber-militia.… It’s coming in volumes that are just staggering.” --Joel Brenner

Defense and intelligence officials have been surprised by China’s cyber-advances, according to the U.S-China Economic and Security Review Commission. In November, the commission reported that “Chinese military strategists have embraced … cyberattacks” as a weapon in their military arsenal. Gen. James Cartwright, the former head of U.S. Strategic Command and now the vice chairman of the Joint Chiefs, told the commission that China was engaged in cyber-reconnaissance, probing computer networks of U.S. agencies and corporations. He was particularly concerned about China’s ability to conduct “denial-of-service” attacks, which overwhelm a computer system with massive amounts of automatically generated message traffic. Cartwright provocatively asserted that the consequences of a cyberattack “could, in fact, be in the magnitude of a weapon of mass destruction.”

A former CIA official cast the cyber-threat in a similarly dire terms. “We are currently in a cyberwar, and war is going on today,” Andrew Palowitch, who’s now a consultant to U.S. Strategic Command, told an audience at Georgetown University in November. STRATCOM, headquartered at Offutt Air Force Base in Nebraska, oversees the Defense Department’s Joint Task Force-Global Network Operations, which defends military systems against cyber-attack. Palowitch cited statistics, provided by Cartwright, that 37,000 reported breaches of government and private systems occured in fiscal 2007. The Defense Department experienced almost 80,000 computer attacks, he said. Some of these assaults “reduced” the military’s “operational capabilities,” Palowitch noted.

Presidential Attention

President Bush has personally devoted more high-level attention to the cyberattack issue in the last year or so than he did in the first six years of his tenure combined. Many security experts are surprised that the administration is only now moving to take dramatic measures to improve the security of government networks, because some Cabinet-level and White House officials have been warning about the threat for years to just about anyone who will listen.

Until McConnell, the national intelligence director, personally drove the point home to Bush in an Oval Office meeting in 2006, there was little top-level support for a comprehensive government cyber-security plan. “They ignored it,” one former senior administration official said flatly. “McConnell has the president’s ear.”

McConnell, a former director of the National Security Agency, whose main job is to intercept foreign communications intelligence but which is also responsible for protecting U.S. classified information and systems, takes the computer-security issue as seriously as his counter-terrorism mission. After McConnell left the NSA, in 1996, he took over the intelligence practice at Booz Allen Hamilton, where he again turned to security problems, particularly within the nation’s financial infrastructure. Working with officials from the New York Stock Exchange, McConnell developed a report for the government on network vulnerabilities; he has said that it was so revealing, the administration decided to classify it.

Lawrence Wright of The New Yorker reported earlier this year that McConnell told Bush during the 2006 Oval Office meeting, “If the 9/11 perpetrators had focused on a single U.S. bank through cyberattack and it had been successful, it would have had an order-of-magnitude greater impact on the U.S. economy.” According to Wright, the president was disturbed, and then asked Treasury Secretary Henry Paulson Jr., who was at the meeting, if McConnell was correct; Paulson assured the president that he was.

Brenner confirmed Wright’s account as “a true story.” And separately, a former senior administration official told National Journal of another dimension. In that meeting, McConnell also told the president that White House communications systems could be targeted for attack just as other U.S. government systems had been targeted. The intelligence chief was telling the president, “If the capability to exploit a communications device exists, we have to assume that our enemies either have it, or are trying to develop it,” the former official said.

This meeting compelled the White House to craft an executive order laying out a broad and ambitious plan to shore up government-network defenses. Known internally as “the cyber-initiative,” it was formally issued in January. The details remain classified, but it has been reported that the order authorizes the National Security Agency to monitor federal computer networks. It also requires that the government dramatically scale back the number of points at which federal networks connect to the public Internet. The Office of Management and Budget has directed agencies to limit the total number of Internet “points of presence” to 50 by June.

Limiting connection points is analogous to pulling up drawbridges in order to defend the government’s cyber-infrastructure. Security experts interviewed for this story said that it shows how little the government can do, at least for now, to ward off intrusions if the first line of defense is to “unplug.”

Mixed Reactions

Under the president’s cyber-initiative, the Homeland Security Department will be responsible for monitoring government agencies apart from the Defense Department. In March, Homeland Security Secretary Michael Chertoff told National Journal that the first step is “to survey all the points” of presence. “We have no final number yet.”

“The agencies’ networks have grown very haphazardly. No one really knows where [the connections to the Internet] are,” said Bruce McConnell, who was the chief of information technology and policy in the Office of Management and Budget. He left government in 2000. “Trying to catalogue where things are so you could turn them off is a daunting task in and of itself,” said McConnell, who is not related to the intelligence chief.

Bush’s cyber-initiative has received mixed reviews. Generally, cyber-experts favor a comprehensive approach, and they are relieved that the issue finally has the president’s full attention. But some question how the program is being implemented—under a cloak of secrecy and with a heavy reliance on the intelligence community.

“Our nation’s intellectual capital, industrial secrets, and economic security are under daily and withering attack.” --Stephen Spoonamore

The sharpest criticisms are directed at the NSA, an intelligence agency whose traditional mandate is to collect information coming from outside the United States; it has no customary role monitoring networks inside the country, although this has changed in the years following the 9/11 attacks. It’s not clear just how far the government’s monitoring of computer networks will extend into the private sector and precisely what role the NSA will play tracking networks inside the United States, but lawmakers have already raised concerns that the cyber-initiative will creep into domestic intelligence-gathering. The same kinds of technologies that are used to monitor networks for viruses and other malicious threats could be used to track domestic communications. On May 2, DHS’s top overseers sent a letter to Chertoff questioning “the secrecy of the project.” Sens. Joe Lieberman, ID-Conn., and Susan Collins, R-Maine, the chairman and ranking member of the Homeland Security and Governm ental Affairs Committee, respectively, noted that the department had requested an additional $83 million for its National Cyber Security Division; DHS had already been allocated $115 million for the cyber-initiative in the 2008 omnibus appropriations bill. “This would be a nearly $200 million increase, tripling the amount of money spent on cyber-security in DHS since 2007,” the senators wrote. The full cost of implementing the president’s cyber-initiative is estimated to be $30 billion. The entire 2009 budget request for the Homeland Security Department is about $50 billion.

Marc Sachs, who was the director for communication infrastructure protection in the White House Office of Cyberspace Security in 2002, praised the administration for taking a bold initial step. But he said that the level of attention is 10 years overdue. Sachs noted that in 1998, President Clinton issued a directive that set ambitious infrastructure-protection goals. “I intend that the United States will take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber-systems,” Clinton wrote.

Without pointing to particular policies, Brenner, the counterintelligence chief, said, “We need to take these policy declarations that we’ve had for 10 years and turn them into practical reality.” He said the job of securing cyberspace is hardly as simple as “put two padlocks on the door.… This is an incredibly open and porous and, in many cases, wireless system. Controlling cyber-security is like controlling the air flow in a large, segmented building complex in a noxious neighborhood. You cannot be sure you are keeping all the noxious stuff out. What you’ve got to say is, gee, in the infirmary, we’ve really got to deal differently than we do in the lobby.”

False Accusations?

Given the political fallout that could stem from a proven Chinese attack on power plants or theft of government secrets—not to mention the pressure to launch some sort of military response—skeptics have asked whether the Chinese really are behind so many high-profile incidents.

Brenner affirmed the widely held view that it’s technologically difficult to attribute the exact source of any cyberattack and that the government needs better technologies to do so. But despite his assurances that the government has indeed sourced cyber-intrusions to China, others urge caution.

“We want to find a natural enemy, so we’re looking everywhere,” Sachs said. He noted that some hackers launch their attacks through computers based in other countries, and that China is an easy mask. “I think all of us should remember that not everything you see online is truthful.”

Another former administration official echoed those sentiments. “I think it’s a little bit naive to suggest that everything that says it comes from China comes from China,” said Amit Yoran, the first director of DHS’s National Cyber Security Division, who left the post in 2004.

But there is little to no doubt, including among skeptics, that China is vigorously pursuing offensive cyber-capabilities. Military analysts say that the Chinese know their armed forces cannot match America’s in a head-on confrontation, and they realize their nuclear arsenal pales in comparison. These imbalances have forced Chinese military planners to adopt what the Pentagon calls “asymmetric” techniques—tactics that aim at a foe’s vulnerabilities—in order to counter, or at least deter, U.S. military power.

“There has been much writing on information warfare among China’s military thinkers, who indicate a strong conceptual understanding of its methods and uses,” according to the Pentagon’s annual report on China’s military power. The report stated that “there is no evidence of a formal Chinese … doctrine” but noted that the People’s Liberation Army has “established information-warfare units to develop viruses to attack enemy computer systems and networks.”

U.S. military officials see cyber-warfare as one arrow in a quiver of asymmetric techniques to disrupt an enemy’s command-and-control systems. The Chinese strategy, according to this line of thinking, is not to defeat U.S. military forces but to make it harder for them to operate.

China’s military history has been defined by asymmetric warfare, said Harry Harding, an expert on Chinese domestic politics and U.S.-China relations, who teaches at George Washington University’s Elliott School of International Affairs. Cyber-warfare is just one of the more recent tactics. If the U.S. government tries to protect its systems, the Chinese will simply attack the private sector; he cited the financial services industry as an obvious target. “I have no doubt that China is doing this,” Harding said.

Bennett, the former head of the Cyber Security Industry Alliance, said that if China has penetrated power plants and the power grid, it serves as a show of force to the United States and is likely meant to deter any U.S. military intervention on behalf of Taiwan. He noted that the Florida blackout occurred only a few days after the Navy shot down a failing U.S. satellite with a missile designed to intercept inbound ballistic missiles. A year earlier, the Chinese had downed one of their own satellites in orbit. The Bush administration has pursued ballistic missile defense systems, and Taiwan has sought that technology from the United States.

Cyberwar

The Chinese are not alone, of course, in their pursuit of cyber-warfare. The Air Force is setting up the Cyberspace Command, the 10th command in the service’s history.

“The next kind of warfare will be asymmetric warfare,” Gen. William Lord, the provisional commander, said during a roundtable discussion at the Council of Foreign Relations in March. “Who is going to take on the United States Army, Marine Corps, U.S. Air Force, and U.S. Navy as probably the most powerful force on the face of the planet?”

Lord didn’t limit his remarks to China. He said that cyber-criminals and other “bad guys” were as much a concern for the military. He also pointed to a massive cyberattack launched last year against computers in Estonia, in which Russian hackers—perhaps operating at Moscow’s behest—tried to take down the country’s systems in retaliation for Estonia’s decision to move a statue commemorating fallen Soviet troops, a statue that Russians living in Estonia love but that native-born Estonians don’t. The attack has been billed as the first “cyberwar” because of the overwhelming electronic force brought to bear on the tiny country of 1.3 million people.

“I had an opportunity to speak with the minister of defense from Estonia,” Lord said. “He was attacked by 1 million computers.”

The Estonia attack probably shook nerves more than it caused long-term damage. But it served as a potent example of how determined, coordinated hackers could gang up on a foreign government. It has also created profound policy questions about what qualifies as war in cyberspace.

“The problem with this kind of warfare,” Lord said, “is determining who is the enemy, what is their intent, and where are they, and then what can you do about it?”

Brenner, the senior U.S. counterintelligence official, said, “Another country knows that if it starts taking out our satellites, that would be an act of war.” But “if they were to take out certain parts of our infrastructure, electronically, that could be regarded as an act of war,” he said. “It’s not my job to say that.”

NATO officials are reluctantly struggling with that question, too. At a ministerial meeting last June, Defense Secretary Gates asked the allied members to consider defining cyberattacks in the context of traditional warfare. Cyberwar is still abstract, and there are no international conventions that govern military conduct on a digital battlefield.

“The U.S. government doesn’t really have a policy on the use of these techniques,” said Michael Vatis, a former director of the FBI’s National Infrastructure Protection Center. “The closest analogy is to covert actions,” he said, meaning spy operations undertaken by intelligence agencies against foreign governments. “They take place, and people have strong suspicions about [who’s responsible]. But as long as they’re not able to prove it, there’s very little that they can do about it. And so there’s often not as much outrage expressed.”

Staff Correspondent Bruce Stokes contributed to this article. The author can be reached at sharris@nationaljournal.com

----------

http://it.slashdot.org/article.pl?sid=08/05/31/1722227 :

"Congratulations. You are doing exactly what the publishers of the article wanted you to do - go apeshit over innuendo. The article had zero proof, but lots and lots of speculation about China causing power outages. You know what speculation is, right? Its just bullshit they want to trick you into believing without actually outright lying."

"Neither government is stupid enough to ever fight each other. In today's modern global economy, the entire world's economy would go to shit if the US and China went to war. 


Funnily enough, that's what everyone in Europe was saying in 1913." ...

 "What kind of un-patched Windows crap is running the power grid?

Of course the attackers are guilty; but that doesn't excuse foolish security practices. Nevermind bad security on the end-point, or in the software. It seems like the power company, with all its rights-of-way, shouldn't even have to route over the public network. Routing over a private network would provide physical security. Breaking into that requires putting your actual body at the point of attack. Since the power company came before the Internet, I would have thought they had a private network of some kind in place already, or close cooperation with telcos. I guess not."

 

-------

Civilian Irregular Information Defense Group
Distributed, non-hierarchical, loose cannon cyber arbakai of the Amriki tribe

http://cannoneerno4.wordpress.com/2007/09/26/the-unorganized-cyber-militia-of-the-united-states/

----------

Google about China military hackers

Labels: , , , , , , , ,

Monday, September 10, 2007

Estonia: What Is Behind Economic Success?

September 6, 2007 (RFE/RL) -- The Economic Freedom Network, a global association of research and educational institutes, has just issued its annual report, which rates only one former communist country among the world's top nations with policies that support economic freedom. That country is Estonia.The report has high praise for Estonia, whose economy grew by over 11 percent in 2006.It notes that Estonia performed better not only in comparison with its Baltic neighbors, Latvia and Lithuania, but also placed ahead of countries like France and Germany -- not to mention Belgium, Ukraine, or Russia, which are near the bottom of the list. Estonia was ranked as a top performer, alongside Hong Kong, Singapore, Switzerland, Britain, Canada, and the United States.So what has Estonia done to attract such praise?Dumping Soviet LegacyAndres Kasekamp, the director of the Estonian Foreign Policy Institute in Tallinn, says Estonia deserves the accolades it receives because it has managed to create a modern market-based economy with strong ties to the West -- in a record amount of time.After regaining independence in 1991 following 50 years of Soviet domination, Kasekamp says Estonia started radical market reforms earlier than its neighbors."The most important thing would be that in Estonia, in the beginning of the 90s, there was a strong societal consensus to distance the country as quickly as possible from the Soviet legacy and from Russia and to do everything in the exact opposite fashion -- what was bad under the Soviets would now be good," Kasekamp says.In Estonia's case, the young new leaders who came to power in the 1990s played a huge role in pushing reforms."In our first free, independent elections in 1992, the government that was elected was headed by Mart Laar, who knew nothing about economics except that he read one book and that was by Milton Friedman," Kasekamp says. "And he was very inspired by that, and he was also inspired by [former British Prime Minister Margaret] Thatcher and, basically, he was a young guy who's main idea was to clean away the old Soviet mess."Radical ReformsLaar inherited an economy with 1,000 percent inflation, loss-making government enterprises, and growing unemployment.His answer was to remove price controls, cut welfare programs, and slash business regulations. State firms were sold off and a new currency introduced. And most importantly, the government instituted a simple, flat income tax that attracted foreign investment and is now being copied in many other countries.The government also concentrated on turning Estonia into a high-tech leader, upgrading communications networks and offering incentives to Internet startups that earned the country the nickname "E-stonia."Almost two decades later, inflation in Estonia has dropped below 3 percent, unemployment has plunged below 6 percent, and foreign investment has poured in. Estonia has enjoyed the greatest growth in real per capita income of any of the former Soviet states. Today the country is a member of NATO, the European Union, and the World Trade Organization.Favorable ClimateKasekamp says geographical proximity to Finland is also a big help as many Estonians go to work in the neighboring country and bring back their earnings.Vytautas Radzvilas, an analyst at the Lithuanian Institute of International relations, says that there are no radical differences between the Estonian and Lithuanian economies, but without any doubt Estonia has a more favorable climate for business than Lithuania."All investigations and research clearly shows that there is less corruption in Estonia [than in Lithuania] and fewer obstacles for business," Radzvilas says. "There are no structural or fundamental differences [between the economies of Lithuania and Estonia] but one fact is clear -- there is less influence of the former Soviet nomenclature in the Estonian economy."Estonian reformers did not allow former Soviet officials to take over the economy as happened in Lithuania, Radzvilas says. However, some questions about the Estonian development model remain.Although the Economic Freedom Network ranked Slovenia below Estonia, it is Slovenia which has been invited to join the euro zone, not Estonia. Kasekamp explains this paradox by the fact that Estonia's economy has become overheated and inflation has gone up. On the other hand, he says many economists in Estonia wonder if the quick adoption of the euro would be good for Estonia's liberal economy.

read more | digg story