Category Archives: US government

Xenophobia inside the FBI

The New York Times reports: The F.B.I. is subjecting hundreds of its employees who were born overseas or have relatives or friends there to an aggressive internal surveillance program that started after Sept. 11, 2001, to prevent foreign spies from coercing newly hired linguists but that has been greatly expanded since then.

The program has drawn criticism from F.B.I. linguists, agents and other personnel with foreign language and cultural skills, and with ties abroad. They complain they are being discriminated against by a secretive “risk-management” plan that the agency uses to guard against espionage. This limits their assignments and stalls their careers, according to several employees and their lawyers.

Employees in the program — called the Post-Adjudication Risk Management plan, or PARM — face more frequent security interviews, polygraph tests, scrutiny of personal travel, and reviews of, in particular, electronic communications and files downloaded from databases.

Some of these employees, including Middle Eastern and Asian personnel who have been hired to fill crucial intelligence and counterterrorism needs, say they are being penalized for possessing the very skills and background that got them hired. They are notified about their inclusion in the program and the extra security requirements, but are not told precisely why they have been placed in it and apparently have no appeal or way out short of severing all ties with family and friends abroad. [Continue reading…]

Facebooktwittermail

America’s effort to rule the digital world

Evgeny Morozov writes: [To] grasp the full extent of America’s hypocrisy on the issue of information sovereignty, one needs to look no further than the ongoing squabble between Microsoft and the US government. It concerns some email content – relevant to an investigation – stored on Microsoft’s servers in Ireland. American prosecutors insist that they can obtain such content from Microsoft simply by serving it a warrant – as if it makes no difference that the email is stored in a foreign country.

In order to obtain it, Washington would normally need to go through a complex legal process involving bilateral treaties between the governments involved. But now it wants to sidestep that completely and treat the handling of such data as a purely local issue with no international implications. The data resides in cyberspace – and cyberspace knows no borders!

The government’s reasoning here is that the storage issue is irrelevant; what is relevant is where the content is accessed – and it can be accessed by Microsoft’s employees in the US. Microsoft and other tech giants are now fighting the US government in courts, with little success so far, while the Irish government and a handful of European politicians are backing Microsoft.

In short, the US government insists that it should have access to data regardless of where it is stored as long as it is handled by US companies. Just imagine the outcry if the Chinese government were to demand access to any data that passes through devices manufactured by Chinese companies – Xiaomi, say, or Lenovo – regardless of whether their users are in London or New York or Tokyo. Note the crucial difference: Russia and China want to be able to access data generated by their citizens on their own soil, whereas the US wants to access data generated by anybody anywhere as long as American companies handle it.

In opposing the efforts of other countries to reclaim a modicum of technological sovereignty, Washington is likely to run into a problem it has already encountered while promoting its nebulous “internet freedom” agenda: its actions speak louder than its words. [Continue reading…]

Facebooktwittermail

Iraqi general warns of military woes in fighting ISIS

The Associated Press reports: Lt. Gen. Abdul-Wahab al-Saadi had 225 fighters, a single Abrams tank, a pair of mortars, two artillery pieces and about 40 armored Humvees when he set out to retake a strategic city in northern Iraq captured by Islamic State militants over the summer.

It took 30 days as his force made an agonizingly slow journey for 40 kilometers (25 miles) through roadside bombs and suicide car attacks, then successfully laid siege to the oil refinery city of Beiji. The campaign earned al-Saadi the biggest battlefield victory by Iraqi forces since Islamic State fighters swept over most of northern and western Iraq in a summer blitz, prompting the collapse of the military.

Yet al-Saadi is deeply pessimistic. In a two-hour interview with The Associated Press, he said Iraq’s military lacks weapons, equipment and battle-ready troops and complained that U.S. air support was erratic. Both the military and the government remain riddled with corruption, he said. Most of the senior generals serving when the military fell apart had skills “more suited to World War II,” he said.

“If things don’t get better,” warned the general, “the country could end up divided” between its Shiite, Sunni and Kurdish populations.

The extremists are beatable when confronted with a proper force, he said. But he worries that the military’s multiple woes prevent it from doing so. Already, there is a danger the jihadis could retake Beiji, he said. [Continue reading…]

Facebooktwittermail

U.S. troops return to Iraq to train force to fight ISIS

The New York Times reports: The United States has begun training a first wave of Iraqi Army recruits, in recent days putting them through morning fitness exercises and instructing them in marksmanship and infantry tactics, in an effort to gather enough forces to mount a spring offensive against the extremists of the Islamic State.

Military officials here say the first of the American-trained recruits, who answered the call to arms by Iraqi religious leaders over the summer and have completed some basic training under the Iraqis, will be ready to join the fight against the Islamic State, also known as ISIS or ISIL, by mid-February. Pushing forward, officials say the goal is to train 5,000 new recruits every six weeks.

“These are new patriots of Iraq, that have actually signed up, have been through basic training and are now ready to go through some advanced training,” said Maj. Gen. Paul E. Funk II, the American commander who is overseeing the training program.

More than six months after the Islamic State’s lightning advance through northern Iraq forced a reluctant President Obama to order a new United States military mission here, an American training program for the Iraqi security forces has begun to take shape. In recent days, the first recruits, about 1,600 men in four battalions, have been received by American instructors at Camp Taji, a base north of Baghdad. Others have begun arriving at Al Asad Air Base in Anbar Province, joining roughly 200 American Marines and Special Forces soldiers.

The American presence in Iraq is expected to grow in the coming weeks, to more than 3,000 personnel from about 1,800. The American military already has a presence in Baghdad and Erbil, the Kurdish capital in the north, and has plans for two more training sites: one for Special Forces in Baghdad and another in Besmaya, south of the capital. [Continue reading…]

Facebooktwittermail

Taliban sees U.S. defeat as troops leave Afghanistan

Foreign Policy reports: A day after the U.S.-led International Security Assistance Force held a low-key ceremony in a heavily guarded military compound to mark the formal end of its combat mission in Afghanistan, Taliban insurgents on Monday mockingly accused the United States and its NATO allies of leaving the country in defeat after a long and costly 13-year military campaign.

“Today ISAF rolled up its flag in an atmosphere of failure and disappointment without having achieved anything substantial or tangible,” Taliban spokesman Zabihullah Mujahid in a statement Monday, using the acronym for the American-led coalition. “We consider this step a clear indication of their defeat and disappointment.”

In the lengthy statement, Mujahid said the war had exacted a heavy toll from the United States and its allies while leaving them precious little to show for their human and financial losses. [Continue reading…]

Facebooktwittermail

Sony insider — not North Korea — likely involved in hack, experts say

The Los Angeles Times reports: Federal authorities insist that the North Korean government is behind the cyberattack on Sony Pictures Entertainment.

Cybersecurity experts? Many are not convinced.

From the time the hack became public Nov. 24, many of these experts have voiced their suspicions that a disgruntled Sony Pictures insider was involved.

Respected voices in the online security and anti-hacking community say the evidence presented publicly by the FBI is not enough to draw firm conclusions.

They argue that the connections between the Sony hack and the North Korean government amount to circumstantial evidence. Further, they say the level of the breach indicates an intimate knowledge of Sony’s computer systems that could have come from someone on the inside.

This week, prominent San Mateo, Calif., cybersecurity firm Norse Corp. — whose clients include government agencies, financial institutions and technology companies — briefed law enforcement officials on evidence it collected that pointed toward an inside job.

“We can’t find any indication that North Korea either ordered, masterminded or funded this attack,” Kurt Stammberger, a senior vice president at Norse, said in an interview with The Times. Although conceding that his findings were not conclusive, Stammberger added: “Nobody has been able to find a credible connection to the North Korean government.”

Stammberger said a team of nine analysts dug through data including Norse’s worldwide network of millions of Web sensors, internal Sony documents and underground hacker chat rooms. Leads suggesting North Korea as the culprit turned out to be red herrings and dead ends, he said.

Instead, the data pointed to a former employee who may have collaborated with outside hackers. The employee, who left the studio in a May restructuring, had the qualifications and access necessary to carry out the crime, according to Stammberger.

Moreover, names of company servers and passwords were programmed into the malware that infiltrated the studio’s network, suggesting hackers had inside knowledge of the studio’s systems, Stammberger said. [Continue reading…]

Facebooktwittermail

James Fallows and the chickenhawks

James Fallows writes: Every institution has problems, and at every stage of U.S. history, some critics have considered the U.S. military overfunded, underprepared, too insular and self-regarding, or flawed in some other way. The difference now, I contend, is that these modern distortions all flow in one way or another from the chickenhawk basis of today’s defense strategy.

At enormous cost, both financial and human, the nation supports the world’s most powerful armed force. But because so small a sliver of the population has a direct stake in the consequences of military action, the normal democratic feedbacks do not work.

I have met serious people who claim that the military’s set-apart existence is best for its own interests, and for the nation’s. “Since the time of the Romans there have been people, mostly men but increasingly women, who have volunteered to be the praetorian guard,” John A. Nagl told me. Nagl is a West Point graduate and Rhodes Scholar who was a combat commander in Iraq and has written two influential books about the modern military. He left the Army as a lieutenant colonel and now, in his late 40s, is the head of the Haverford prep school, near Philadelphia.

“They know what they are signing up for,” Nagl said of today’s troops. “They are proud to do it, and in exchange they expect a reasonable living, and pensions and health care if they are hurt or fall sick. The American public is completely willing to let this professional class of volunteers serve where they should, for wise purpose. This gives the president much greater freedom of action to make decisions in the national interest, with troops who will salute sharply and do what needs to be done.”

I like and respect Nagl, but I completely disagree. As we’ve seen, public inattention to the military, born of having no direct interest in what happens to it, has allowed both strategic and institutional problems to fester.

“A people untouched (or seemingly untouched) by war are far less likely to care about it,” Andrew Bacevich wrote in 2012. Bacevich himself fought in Vietnam; his son was killed in Iraq. “Persuaded that they have no skin in the game, they will permit the state to do whatever it wishes to do.”

[Former chairman of the Joint Chiefs of Staff] Mike Mullen thinks that one way to reengage Americans with the military is to shrink the active-duty force, a process already under way. “The next time we go to war,” he said, “the American people should have to say yes. And that would mean that half a million people who weren’t planning to do this would have to be involved in some way. They would have to be inconvenienced. That would bring America in. America hasn’t been in these previous wars. And we are paying dearly for that.” [Continue reading…]

Mullen says “inconvenienced” — presumably that’s a euphemism for drafted — but Fallows claims that reintroduction of the draft would be “unimaginable.”

Perhaps the draft is not so unimaginable as a policy recommendation as much as it is unimaginable coming from Fallows.

During the Vietnam War, Fallows dodged the draft rather than resisting it, an option he made because, as he wrote in 1975: “What I wanted was to go to graduate school, to get married, and to enjoy those bright prospects I had been taught that life owed me.”

Having told an examining doctor at his Cambridge draft board that he had contemplated suicide, and having thus been deemed “unqualified” for military service, Fallows said: “I was overcome by a wave of relief, which for the first time revealed to me how great my terror had been, and by the beginning of the sense of shame which remains with me to this day.”

No doubt that sense of shame would now make it impossible for Fallows to be an advocate for the draft.

But by now dodging this issue, he avoids drilling deeply into the most basic questions about the role of the military in America.

Fallow’s war-weariness and that of many other Americans seems to stem not so much from the fact that the United States has engaged in so much unnecessary war over the last decade or so, than the fact that its military efforts have been such a colossal and expensive failure.

Ours is the best-equipped fighting force in history, and it is incomparably the most expensive. By all measures, today’s professionalized military is also better trained, motivated, and disciplined than during the draft-army years. No decent person who is exposed to today’s troops can be anything but respectful of them and grateful for what they do.

Yet repeatedly this force has been defeated by less modern, worse-equipped, barely funded foes. Or it has won skirmishes and battles only to lose or get bogged down in a larger war. Although no one can agree on an exact figure, our dozen years of war in Iraq, Afghanistan, and neighboring countries have cost at least $1.5 trillion; Linda J. Bilmes, of the Harvard Kennedy School, recently estimated that the total cost could be three to four times that much. Recall that while Congress was considering whether to authorize the Iraq War, the head of the White House economic council, Lawrence B. Lindsey, was forced to resign for telling The Wall Street Journal that the all-in costs might be as high as $100 billion to $200 billion, or less than the U.S. has spent on Iraq and Afghanistan in many individual years.

Yet from a strategic perspective, to say nothing of the human cost, most of these dollars might as well have been burned. “At this point, it is incontrovertibly evident that the U.S. military failed to achieve any of its strategic goals in Iraq,” a former military intelligence officer named Jim Gourley wrote recently for Thomas E. Ricks’s blog, Best Defense. “Evaluated according to the goals set forth by our military leadership, the war ended in utter defeat for our forces.” In 13 years of continuous combat under the Authorization for the Use of Military Force, the longest stretch of warfare in American history, U.S. forces have achieved one clear strategic success: the raid that killed Osama bin Laden.

That Fallows views the killing of bin Laden as the “one clear strategic success” — without his intention — goes right to the heart of his polemic on America’s chickenhawk culture.

The celebration of bin Laden’s death is no less cowardly than support for wars triggered by 9/11.

If this killing could have served America in any way, it might conceivably have functioned as the symbolic end to an era. Clearly it did not have that effect.

A strategic success would be defined by its effect — by its ability to forestall undesirable outcomes and create a better future. Killing bin Laden had no such effect. Had he been captured and put on trial, it is conceivable that justice would have been served in a constructive way.

The willingness of Americans to support or acquiesce to a succession of military misadventures after 9/11 flowed very much from the fact that so few people were willing to question America’s need for vengeance. Moreover, America’s need to look strong was the product much less of the magnitude of the threat it faced than of a fear of looking weak.

Fallows hopes that America might be able to choose its wars more wisely and win them, but in that hope lies the most basic fallacy: that war should be a matter of choice.

In a war of true necessity, a nation goes to war because it has no choice. It fights not because it is convinced it will win but because the alternative would be worse than war.

Facebooktwittermail

Intelligence, defense whistleblowers remain mired in broken system

McClatchy reports: When Ilana Greenstein blew the whistle on mismanagement at the CIA, she tried to follow all the proper procedures.

First, she told her supervisors that she believed the agency had bungled its spying operations in Baghdad. Then, she wrote a letter to the director of the agency.

But the reaction from the intelligence agency she trusted was to suspend her clearance and order her to turn over her personal computers. The CIA then tried to get the Justice Department to open a criminal investigation of her.

Meanwhile, the agency’s inspector general, which is supposed to investigate whistleblower retaliation, never responded to her complaint about the treatment.

Based on her experience in 2007, Greenstein is not surprised that many CIA employees did little to raise alarms when the nation’s premier spy agency was torturing terrorism suspects and detaining them without legal justification. She and other whistleblowers say the reason is obvious.

“No one can trust the system,” said Greenstein, now a Washington attorney. “I trusted it and I was naive.”

Since 9/11, defense and intelligence whistleblowers such as Greenstein have served as America’s conscience in the war on terrorism. Their assertions go to the heart of government waste, misconduct and overreach: defective military equipment, prisoner abuse at Abu Ghraib, surveillance of Americans.

Yet the legal system that was set up to protect these employees has repeatedly failed those with the highest-profile claims. Many of them say they aren’t thanked but instead are punished for speaking out. [Continue reading…]

Facebooktwittermail

FBI’s weak case against North Korea on Sony hacking gets weaker

Reuters reports: U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.

As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, the official said, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work. The official was not authorized to speak on the record about the investigation. [Continue reading…]

Facebooktwittermail

Understanding the allure of ISIS

The New York Times reports: [Maj. Gen. Michael K. Nagata] has fought in the shadows most of his 32-year Army career, serving in Special Operations forces and classified military units in hot zones such as Somalia, the Balkans and Iraq. Colleagues say he has displayed bureaucratic acumen in counterterrorism jobs at the C.I.A. and the Pentagon, and diplomatic savvy as a senior American military liaison officer in Pakistan during the turbulent period there from 2009 to 2011.

“He’s the rare warrior who is most comfortable in complexity,” said Stanley A. McChrystal, a retired four-star general and former commander of allied forces in Afghanistan.

Complexity is precisely what General Nagata, by then head of American commandos in the Middle East, wanted in July when he asked a tiny think tank within the military’s Joint Staff, known as Strategic Multilayer Assessment, for help in defeating the Islamic State.

In the past year, the group has produced studies on the security implications of megacities around the world and how to apply neuroscience to the concept of deterrence.

When General Nagata first convened the specialists on a conference call on Aug. 20, he described his priorities and the challenges that ISIS posed.

“What makes I.S. so magnetic, inspirational?” he said. He expressed specific concern that the militant organization is “deeply resonant with a specific but large portion of the Islamic population, particularly young men looking for a banner to flock to.”

“There is a magnetic attraction to I.S. that is bringing in resources, talent, weapons, etc., to thicken, harden, embolden I.S. in ways that are very alarming,” General Nagata said.

During the call, General Nagata alluded to the Islamic State’s sophisticated use of social media to project and amplify its propaganda, and insisted the United States needed “people born and raised in the region” to help combat the problem. [Continue reading…]

No doubt Nagata’s think tank doesn’t include Harvard political scientist Stephen Walt, who tweets:


I guess “etc” is Walt’s CYA caveat, to underline that these are just tweets — not serious political analysis. But still, they seem to sufficiently encapsulate the conventional wisdom which purports to explain why the growth of ISIS should not be perplexing.

Bad leaders, foreign invasions, and deep divisions are certainly important elements that have helped cultivate the ground for ISIS’s growth, yet these don’t provide sufficient explanations for the fact, for instance, that as many of ISIS’s foreign recruits have come from Tunisia as have come from Saudi Arabia. If being freed from the yoke of an autocratic and corrupt regime was going to take away the fuel for extremism, 3,000-plus Tunisians failed to get the message.

A New York Times report in October offered a glimpse into the minds of a few young Tunisians who felt drawn by ISIS:

In interviews at cafes in and around Ettadhamen [a district in Tunis], dozens of young unemployed or working-class men expressed support for the extremists or saw the appeal of joining their ranks — convinced that it could offer a higher standard of living, a chance to erase arbitrary borders that have divided the Arab world for a century, or perhaps even the fulfillment of Quranic prophecies that Armageddon will begin with a battle in Syria.

“There are lots of signs that the end will be soon, according to the Quran,” said Aymen, 24, who was relaxing with friends at another cafe.

Bilal, an office worker who was at another cafe, applauded the Islamic State as the divine vehicle that would finally undo the Arab borders drawn by Britain and France at the end of World War I. “The division of the countries is European,” said Bilal, 27. “We want to make the region a proper Islamic state, and Syria is where it will start.”

Mourad, 28, who said he held a master’s degree in technology but could find work only in construction, called the Islamic State the only hope for “social justice,” because he said it would absorb the oil-rich Persian Gulf monarchies and redistribute their wealth. “It is the only way to give the people back their true rights, by giving the natural resources back to the people,” he said. “It is an obligation for every Muslim.”

Many insisted that friends who had joined the Islamic State had sent back reports over the Internet of their homes, salaries and even wives. “They live better than us!” said Walid, 24.

Wissam, 22, said a friend who left four months ago had told him that he was “leading a truly nice, comfortable life” under the Islamic State.

“I said: ‘Are there some pretty girls? Maybe I will go there and settle down,’ ” he recalled.

Depending on who they follow on Twitter, young men such as these in Tunisia and elsewhere may now have a less rosy view of life in the new caliphate — reports of deserters being executed en masse, of hundreds of fighters getting slaughtered in Kobane, and of ISIS’s inability to perform the most basic requirements of government in Mosul, should make the group look less appealing. They certainly don’t offer images of a better life.

But ISIS has successfully created an information space within which cult-like groupthink prevails. Young men intoxicated by a dream can easily dismiss bad reports as apostate propaganda. And the effort to promote a counter-narrative is destined to fail if it is seen as an imposition from outside — least of all is there any serious prospect that the State Department will have much success in persuading would-be fighters to think again and turn away.

The only challenge that is going to have any real weight is one that is not only indisputably religiously authentic, but also one that resonates with the social and generational demographic around which ISIS now has its grip.

Facebooktwittermail

Has the Kurdish victory at Sinjar turned the tide of ISIS war?

Khales Joumah writes: Extremist fighters from the group known as the Islamic State have left the Sinjar area the same way they came in during August this year: without any real combat or pitched battles.

“I feel as if I’m watching the same thing I saw five months ago,” says Maizar al-Shammari, standing in front of his house, which is on the road into Sinjar, watching Iraqi Kurdish troops move forward. “At that time the Peshmerga [Iraqi Kurdish forces] withdrew without a fight. Today the Islamic State group is doing the same thing. It’s as if they just decided to swap roles,” he says.

Ever since the Iraqi Kurdish military began to fight with the self-proclaimed Islamic State, widely known as ISIS or ISIL, Sinjar has been an important piece of terrain for all comers in the conflict.

For ISIS it involves a major supply route. For the Iraqi Kurds the Sinjar region holds a lot of what is described as disputed territory—that is, land that is supposedly part of Iraq proper but which the Iraqi Kurds believe should belong to their semi-autonomous zone. They also believe that the Yazidi, an ethno-religious group, that live in Sinjar and have been particularly targeted by ISIS, are Kurds directly related to them.

Meanwhile the international coalition that is fighting against ISIS, mostly by airstrikes, sees the Sinjar area as having strategic importance; if blocked, the potential is there to separate ISIS in Iraq from ISIS in Syria. [Continue reading…]

Facebooktwittermail

The Sony hack, fearless journalism and conflicts of interest

Given that The Intercept is a publication that trumpets its commitment to fearless journalism, you’d think they’d be all over the Sony hack story. National security threats, hacking, corporate power, cyberattacks — aren’t these more than enough ingredients for some hard-hitting investigative journalism?

Apparently not.

Instead we get Jana Winter (who before moving to The Intercept was a reporter at FoxNews.com for six years) recycling an old narrative about governmental negligence: “FBI warned Year Ago of impending Malware Attacks — But Didn’t Share Info with Sony.”

Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack.

But the FBI never sent Sony the report.

The Dec. 13, 2013 FBI Intelligence Assessment, “Potential Impacts of a Data-Destruction Malware Attack on a U.S. Critical Infrastructure Company’s Network,” warned that companies “must become prepared for the increasing possibility they could become victim to a data destruction cyber attack.”

How could Sony have been adequately prepared to meet this threat if the FBI had neglected to send them their report?!

Urrr… maybe Sony’s global chief information security officer Philip Reitinger knew something about the risks of a data destruction cyber attack. After all, directly before moving to Sony in 2011, Reitinger had been Deputy Under Secretary of the National Protection and Programs Directorate (NPPD) and Director of the National Cyber Security Center (NCSC) at the United States Department of Homeland Security. It seems likely that one way or another, Reitinger saw the FBI report.

Winter closes her “report” by quoting a source within the “information security industry” who said: “The question is, who dropped the ball?”

The Intercept in its headline and paragraph two doesn’t hesitate to answer that “question”: The FBI.

This is really a bizarrely irrelevant narrative to be spinning, given that there has already been so much reporting on Sony’s own negligence in handling cyber-security.

Winter makes the dubious assertion that in the eyes of the U.S. government, Sony is part of this nation’s “critical infrastructure” — the implication apparently being that the FBI is responsible for safeguarding the company’s cyber-security standards.

For The Intercept to want to portray the Sony story as a story about the failings of the U.S. government, is perhaps to be expected, given the ideological straightjacket inside which the publication remains trapped.

But maybe I’m just being cynical in thinking that there might be another explanation: that Glenn Greenwald hasn’t abandoned all hope Sony will produce his Snowden movie — even though a leaked November 14 email from Sony executive Doug Belgrad wrote that the Greenwald project “is unlikely to happen” — and so doesn’t want to embarrass his commercial partner.

Even if the Snowden movie has no bearing here, there is a deeper philosophical problem that the Sony hack story presents to The Intercept and everyone with a visceral fear of government.

American companies, fully aware of the government’s data collection capabilities want to see a more proactive partnership between the public and private sectors to improve information security and thwart cyberattacks. At the same time, libertarians and much of the public at large want to see these capabilities reined in, and businesses themselves don’t want to be burdened by overregulation.

Much as free-market economics promotes a myth of a self-balancing system that functions most efficiently by suffering the least governmental interference, the information economy sustains similar myths about its ability to self-organize.

But on the cyber frontier, threats from the likes of North Korea are probably smaller than those posed by agents whose identities remain forever concealed and whose motives may be as difficult to discern.

This year, hackers caused “massive damage” to a steel factory in Germany by gaining access to control systems that would have generally been expected to be physically separated from the internet, yet the emerging Internet of Things in which as many as 30 billion devices are expected to be connected by the end of the decade, suggests that physically destructive cyberattacks are destined to become much more commonplace.

The politics of information security right now favors an approach in which everyone is expected to maintain their own systems of fortification and yet the protection of collective interests may demand that we live in a world where there is much greater data transparency.

As things stand right now on the information highways, none of the vehicles are licensed, no one has insurance, most of the drivers are robots, and most of the robots are employed by crooks.

Facebooktwittermail

Was the FBI wrong on North Korea?

CBS News reports: Cybersecurity experts are questioning the FBI’s claim that North Korea is responsible for the hack that crippled Sony Pictures. Kurt Stammberger, a senior vice president with cybersecurity firm Norse, told CBS News his company has data that doubts some of the FBI’s findings.

While Norse is not involved in the Sony case, it has done its own investigation.

“We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history,” said Stammberger.

He says Norse data is pointing towards a woman who calls herself “Lena” and claims to be connected with the so-called “Guardians of Peace” hacking group. Norse believes it’s identified this woman as someone who worked at Sony in Los Angeles for ten years until leaving the company this past May. [Continue reading…]

The New York Times adds: A number of private security researchers are increasingly voicing doubts that the hack of Sony’s computer systems was the work of North Korea.

President Obama and the F.B.I. last week accused North Korea of targeting Sony and pledged a “proportional response” just hours before North Korea’s Internet went dark without explanation. But security researchers remain skeptical, with some even likening the government’s claims to those of the Bush administration in the build-up to the Iraq war.

Fueling their suspicions is the fact that the government based its findings, in large part, on evidence that it will not release, citing the “need to protect sensitive sources and methods.” The government has never publicly acknowledged doing so, but the National Security Agency has begun a major effort to penetrate North Korean computer networks.

Because attributing the source of a cyberattack is so difficult, the government has been reluctant to do so except in the rarest of circumstances. So the decision to have President Obama charge that North Korea was behind the Sony hack suggested there is some form of classified evidence that is more conclusive than the indicators that the F.B.I. made public on Friday. “It’s not a move we made lightly,” one senior administration official said after Mr. Obama spoke.

Still, security researchers say they need more proof. “Essentially, we are being left in a position where we are expected to just take agency promises at face value,” Marc Rogers, a security researcher at CloudFlare, the mobile security company, wrote in a post Wednesday. “In the current climate, that is a big ask.”

Mr. Rogers, who doubles as the director of security operations for DefCon, an annual hacker convention, and others like Bruce Schneier, a prominent cryptographer and blogger, have been mining the meager evidence that has been publicly circulated, and argue that it is hardly conclusive. [Continue reading…]

Facebooktwittermail

No, North Korea didn’t hack Sony

Marc Rogers writes: All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.

I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company, Cloudflare, I think I am worth hearing out.

The FBI was very clear in its press release about who it believed was responsible for the attack: “The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” they said in their December 19 statement, before adding, “the need to protect sensitive sources and methods precludes us from sharing all of this information”.

With that disclaimer in mind, let’s look at the evidence that the FBI are able to tell us about. [Continue reading…]

Facebooktwittermail

Did North Korea really attack Sony?

Bruce Schneier writes: I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.

Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.

In reality, there are several possibilities to consider: [Continue reading…]

Facebooktwittermail

Why there’s still reason to doubt North Korea was behind the Sony attack

Why would the FBI say it has “enough information to conclude that the North Korean government is responsible for these actions,” if that’s not really true?

Firstly, the FBI and the U.S. government as a whole is always reluctant to present itself as ignorant. Presenting itself as having privileged access to secret information is something every government does in order to bolster its image of power. The FBI can’t tell us exactly how it knows what it claims to know because “the need to protect sensitive sources and methods precludes us from sharing all of this information” — trust us; we know; we’re the FBI.

Secondly, the only way that North Korea can convincingly refute the accusation is to identify the real culprits — and they have no means of doing that.

Given the appalling reputation of the leaders of the hermit kingdom, there is a prevailing assumption of guilt even in the absence of compelling evidence, which makes the FBI’s accusation an easy sell.

Sean Gallagher recently wrote: “Based on the amount of data stolen, and the nature of the malware itself, it’s likely the attackers had physical access to the network and that the attack may have been ongoing for months…”

Are we to imagine that North Korea not only instigated the attack but was also able to recruit inside collaboration?

I can see this as central to the plot that numerous Hollywood screenwriters must currently be working on for a blockbuster thriller about how an evil dictator tries to destroy Hollywood, but I can’t really see it in real life.

Michael Hiltzik writes:

The North Korea/”Interview” narrative is comforting in several ways. It feeds into the tendency to attribute almost God-like capabilities to an adversary, especially a secretive one; that’s very much a scenario favored by Hollywood. (Think of the all-time definitive James Bond movie line, from “Dr. No”: “World domination–same old dream.”) And it helps Sony executives deflect blame — how could anyone expect them to defend against an attack by such a sinister, all-powerful enemy? You can expect to see more coverage, like this piece from CNN, about North Korea’s shadowy “Bureau 121,” purportedly its Cyberattack Central.

There are great dangers in mistaken attribution — it shifts attention from the real perpetrators, for one thing. A counterattack against North Korea could needlessly provoke the regime, wrecking the few diplomatic initiatives taking place.

Here’s a rundown of the counter-narrative.

–“Whitehat” hacker and security expert Marc W. Rogers argues that the pattern of the attack implies that the attackers “had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time … Occam’s razor suggests the simpler explanation of an insider,” perhaps one out for workplace revenge. (N.B. “Occam’s razor” is the principle that the simplest explanation for something is often the best.)

–The assertion that the attack was uniquely sophisticated, which is an element of the accusation against North Korea, is both untrue and incompatible with the North Korea narrative. It presupposes that a nation-state without a native computer infrastructure could launch an unprecedented assault. More to the point, very similar hacking technology has been used in earlier hacks in Saudi Arabia and elsewhere. The consulting firm Risk Based Security has a discussion of these and other aspects of the Sony affair.

It’s worth noting that Risk Based Security’s team isn’t entirely convinced by the FBI statement. In an update to their commentary Friday, they observed that the agency has “not released any evidence to back these claims.” They add: “While the FBI certainly has many skilled investigators, they are not infallible. Remember, this agency represents the same government that firmly stated that Iraq had weapons of mass destruction, leading the U.S. into a more than ten year conflict, which was later disproven.

Finally, Caroline Baylon from Chatham House, in an interview with ITN, laid out the reasons why the North Korean government was probably not behind the hack:

Facebooktwittermail

Feds release new details about malware targeting Sony

Ars Technica reports: The highly destructive malware believed to have hit the networks of Sony Pictures Entertainment contained a cocktail of malicious components designed to wreak havoc on infected networks, according to new technical details released by federal officials who work with private sector security professionals.

An advisory published Friday by the US Computer Emergency Readiness Team said the central malware component was a worm that propagated through the Server Message Block protocol running on Microsoft Windows networks. The worm contained brute-force cracking capabilities designed to infect password-protected storage systems. It acted as a “dropper” that then unleashed five components. The advisory, which also provided “indicators of compromise” that can help other companies detect similar attacks, didn’t mention Sony by name. Instead, it said only that the potent malware cocktail had targeted a “major entertainment company.” The FBI and White House have pinned the attack directly on North Korea, but so far have provided little proof. [Continue reading…]

Facebooktwittermail