Director Of DARPA Departs Pentagon For Google, Further Reinforcing Government Ties

March 14, 2012

End The Lie

By Madison Ruppert

“We’ve seen this type of thing before. It’s very similar to a former pharmaceutical big wig joining the FDA.” –KTRN

Regina Dugan, the director of the Defense Advanced Research Projects Agency (DARPA), will be leaving the Pentagon’s mad scientist research agency for the corporate Big Brother known as Google.

Dugan has only been at DARPA for less than three years and was “offered and accepted [a] senior executive position” with Google, according to Eric Mazzacone, a spokesperson with DARPA.

Mazzacone added that Dugan felt she could not refuse such an offer with an “innovative company” like Google, which also has a close relationship with the American intelligence community.

Dugan has been a relatively popular director because of her emphasis on cybersecurity matters and next-generation manufacturing, which has garnered significant support from the Obama administration, which allowed DARPA to dodge the bullet of budget cuts that have hit the Pentagon as of late, according to Danger Room.

Dugan also is lauded by Danger Room for her push into “crowdsourcing” and her increasing outreach to the hacker community, which has resulted in some quite astounding technology like the miniature, inexpensive, and easily concealed spy computer known as the F-BOMB.

During Dugan’s tenure she also has diverted some of the quite substantial research funds devoted to long-term projects (some of which are a long way off from being used in the field) to more short-term operational projects.

“There is a time and a place for daydreaming. But it is not at Darpa,” she told a congressional panel in March of 2011. “Darpa is not the place of dreamlike musings or fantasies, not a place for self-indulging in wishes and hopes. Darpa is a place of doing.”

Click here for the full report.

McCain To Introduce Cybersecurity Legislation Giving Even More Domestic Control To NSA, Military

February 23, 2012

End The Lie

By Madison Ruppert

“John McCain in an evil man. Let’s not forget he was one of the major players at getting the NDAA signed. Please vote this man out of office.” –KTRN

During the Senate’s major hearing on cybersecurity last week, Senator John McCain, a Republican from Arizona, announced that the Republicans in the Senate would introduce a bill to compete with S. 2105, also known as the Cybersecurity Act of 2012.

McCain seeks to give the NSA and the military previously unimaginable powers over civilian networks, even further expanding the ludicrous power over American citizens given to the military under the National Defense Authorization Act for Fiscal Year 2012 (NDAA).

This is similar to the conclusions drawn by a study conducted by the Massachusetts Institute of Technology (MIT), which unsurprisingly had a long list of corporate “advisers” who would directly benefit from such a centralization.

Although, even the legislation as it is currently being considered follows the study’s recommendations by putting the power in the hands of DHS. McCain would apparently rather see that power in the military’s hands.

The Cybersecurity Act of 2012 is currently being supported by the chairmen of not only the Senate’s Homeland Security committee but also the chairs of the commerce and intelligence committees as well.

The current bill is cosponsored by Senators Joseph Lieberman, a Connecticut Independent, Jay Rockefeller, a West Virginia Democrat and Dianne Feinstein, a Democrat from California.

McCain spoke out against rushing the debate on this legislation and instead called for widening the role of the National Security Agency (NSA) in cybersecurity matters domestically.

On the February 16 hearing of the Senate Homeland Security and Governmental Affairs Committee McCain said that the fact that similar legislation has been introduced in the past by Lieberman and Senator Susan Collins, a Maine Republican, in the past does not mean that this new bill should be rushed to a vote.

“To suggest that this bill should move directly to the Senate floor because it has ‘been around’ since 2009 is outrageous,” McCain said.

“First, the bill was introduced two days ago. Secondly, where do Senate Rules state that a bill’s progress in a previous congress can supplant the necessary work on that bill in the present one?”

Click here for the full report.

Draft Cyber Bill Gives DHS Controversial Authorities

January 13, 2012

Federal News Radio

By Jason Miller

The draft version of the comprehensive cybersecurity bill could give the Homeland Security Department the ability to take “any lawful action” against contractors if their systems are under attack.

Bob Dix, a former staff director for the House Oversight and Government Reform Committee and now vice president government affairs and critical infrastructure protection for Juniper Networks, said that could mean taking over a vendor’s system that contains federal data.

“There’s some concern about what would be the criteria about that and how it would be the government has the ability under a provision of lawful action to take over a system used by an agency even if it’s owned by a contractor,” Dix said. “I am worried about the notion that suggests the government would have the authority under law to be able to take over systems of contractors if they view them as having vulnerabilities even if only a small percentage of that is government utilization.”

The provision Dix is talking about is in Section 3553 of the bill’s Federal Information Security Management Act (FISMA) Reform section.

The draft bill, obtained by Federal News Radio, would give the secretary of DHS the ability to “direct officials of agencies that own, operate, lease or otherwise control an information system, including information systems used or operated by another entity, including contractors, on behalf of a federal agency, to take any lawful action with respect to the operation of such information system for the purpose of protecting that information system from or mitigating a cybersecurity threat.”

Dix said FISMA needs to be updated and several of the changes in the draft bill are good, but this provision goes too far.

Different interpretation

Not everyone reads the provision the same as Dix.

James Lewis, the director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), said Dix’s interpretation is a bit extreme.

Click here for the full report.

DOJ Wants To Criminalize Uploading You Tube Videos

November 16, 2011

Prison Planet

By Paul Joseph Watson

“The government hates the internet.  It’s a place where we can share alternative viewpoints on everything.  It is the platform that is changing the way we think.  The internet is the last place where real free speech is occurring and the powers that be want to shut it down.  Yes, there is disinformation and BS on-line too, but it just takes common sense to stop the garbage from the truth.”  –KTRN

The Department of Justice is attempting to criminalize uploading videos that break You Tube’s terms of service, along with any other online action that is deemed to contravene a website’s usage policy, in a shocking expansion of cybersecurity laws deemed draconian by critics.

“In a statement obtained by CNET that’s scheduled to be delivered tomorrow, the Justice Department argues that it must be able to prosecute violations of Web sites’ often-ignored, always-unintelligible “terms of service” policies,” writes Declan McCullagh.

Such violations would include creating a fake Facebook profile, lying about your weight on dating websites, or providing any other item of false information that violates a website’s TOS agreement.

Under the DOJ’s new legal framework, an expansion of the Computer Fraud and Abuse Act (CFAA), agreeing to a website’s terms of service would be identical to signing a contract with an employer, with similar punishments for breaking that contract.

“To the Justice Department, this means that a Web site’s terms of service define what’s “authorized” or not, and ignoring them can turn you into a felon,” writes McCullagh, pointing out that millions of Americans violate ‘terms of agreement’ policies every single day.

Indeed, in the case of You Tube, users are often informed months or even years later that they may have infringed on the company’s ‘terms of service’ agreement if another user merely complains about the content of their video.

Click here for the full report from Prison Planet.

Obama Eyeing Internet ID for Americans

January 10th, 2011

CBS News

By: Declan McCullagh

President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

It’s “the absolute perfect spot in the U.S. government” to centralize efforts toward creating an “identity ecosystem” for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.

That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.

The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke.

The Obama administration is currently drafting what it’s calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)

“We are not talking about a national ID card,” Locke said at the Stanford event. “We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”

The Commerce Department will be setting up a national program office to work on this project, Locke said.

Details about the “trusted identity” project are unusually scarce. Last year’s announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.

Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said.

Inter-agency rivalries to claim authority over cybersecurity have exited ever since many responsibilities were centralized in the Department of Homeland Security as part of its creation nine years ago. Three years ago, proposals were were circulating in Washington to transfer authority to the secretive NSA, which is part of the U.S. Defense Department.

In March 2009, Rod Beckstrom, director of Homeland Security’s National Cybersecurity Center, resigned through a letter that gave a rare public glimpse into the competition for budgetary dollars and cybersecurity authority. Beckstrom said at the time that the NSA “effectively controls DHS cyber efforts through detailees, technology insertions,” and has proposed moving some functions to the agency’s Fort Meade, Md., headquarters.

Click here for the full report from CBSNews.com

Five New Frightening Types of Cyberattacks

October 18th, 2010

AOL News

By: Sharon Weinberger

Worried about e-mails that appear to be from your bank but could well be part of a phishing scam? That may soon be the least of your problems. With concerns about cyberattacks on the rise, computer security experts are looking ahead to what they think might be the next wave of attacks.

What they find is that everything from your car to your computer webcam is vulnerable to attack. Here are five new types of attacks:

1) Social Network Attacks: Malware that steals your e-mail contacts, passwords and other personal information is old news. But a new technical paper by a group of Israeli researchers says the cybersecurity community is ignoring a new, more insidious type of attack: one that preys on your entire social network, working to slowly pilfer information about your behavior and life.

Dubbed “stealing reality,” these types of attacks, the researchers argue, are more insidious because the “victim of a ‘behavioral pattern’ theft cannot easily change her behavior and life patterns.”

“Most likely those attacks are currently happening,” lead author Yaniv Altshuler, a research scientist at Ben Gurion University, told AOL News.

Altshuler says the market for this sort of information already exists. “And If there is a buyer, there is a seller,” he added.

2) Attacks on Cars: Today’s automobiles often come equipped with the equivalent of advanced computer systems, which means that like your home computer, they could be vulnerable to attack. In a new paper, researchers at the University of Washington and the University of California, San Diego, say they have demonstrated “the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”

Everything from your car’s wireless tire-pressure sensors to its stolen-vehicle tracking and recovery system provides opportunities for hackers to gain control of your vehicle without you even knowing.

3) Medical Devices: Today, wireless pacemakers can send your doctor or hospital real-time data on your heart, showing just how far medical devices have come with the help of modern electronics. But with that new technology comes a new threat: the possibility of someone hacking into your medical device or injecting malicious code that disrupts the lifesaving device. Prosthetic limbs, wireless pacemakers and other implantable medical devices might all be at risk.

“This is very real — the bad guys would buy the pieces and just work on them a little bit,” Greg Hoglund, who heads HBGary, a computer security company, told an audience earlier this year at a Northern California Hospital Cyberterrorism Seminar. “It’s amazing someone hasn’t pulled this off yet.”

4) Hacking Your Webcam: Watch out for the light on your computer that shows the webcam is on, even after you think you’ve turned it off. It could be a Trojan computer program operating the camera, taking pictures or even video, and sending it over the Internet without your knowledge. For those who leave their laptops on and open, that’s the equivalent of having Big Brother in your bedroom or office without you knowing.

There are already cases of this happening, for example, in Germany. “A man has been arrested for spying on more than 150 girls in their bedrooms by hacking into their computers and using their webcams to watch them, provoking warnings that others will be doing the same thing,” DPA, the German press agency, reported earlier this year.

5) Smart Phone Attacks: Most consumers worried about cyberattacks associate the threat with their home PCs or laptops. So they often think nothing of downloading applications to their smart phones, which often contain just as much personal information as their home computers.

“Nobody’s making money at the moment with mobile security,” said Mikko Hypponen, the chief research officer of Finland’s F-Secure, according to the San Francisco Chronicle. “But all the players assume that sooner or later we will see a major outbreak or some other major event that will change the situation forever.”

Click here for the full report from AOL

Big Sis Gets Bigger Role In Policing Internet

September 14, 2010

Info Wars

by Paul Joseph Watson

Two cybersecurity bills that would hand President Obama the power to shut down parts of the Internet in the event of a national emergency have now been merged into a single unified piece of legislation that Democrats will try to pass before the end of the year, with the Department of Homeland Security being given a larger role in policing the world wide web.

Under the new draft bill, which is a combination of the two versions originally crafted by Senators Joe Lieberman and Jay Rockefeller, Janet Napolitano’s DHS will be handed broader authority to determine how to handle potential cybersecurity threats.

“DHS will get expanded authorities. I think that’s clear,” said James Lewis, a cybersecurity expert with think tank Center for Strategic and International Studies, who has studied the new bill.

An expanded role for Homeland Security would be somewhat ironic given the fact that the DHS itself recently failed an extensive cyber-security audit conducted by the agency’s own Inspector General.

“The DHS US-CERT office is currently plagued by at least 600 vulnerabilities that could compromise sensitive data, including 202 which have been classified as high-risk,” reported TG Daily.

Homeland Security’s failure to adequately secure its own internal network will lead to questions about why the agency should be given vast new authority to secure America’s cyber assets and the public Internet.

Democrats want to get the bill passed within the next four weeks, although “sticking points” could delay the legislation, according to a Senate aide familiar with the bill. However, lawmakers are determined to put the package up for a vote before the end of the year.

“Senate Majority Harry Reid has put the measure on his list of top-priority bills to get through the Senate this year,” sources told MoneyControl.com.

Lieberman’s version of the original bill includes language that would hand President Obama the power to shut down parts of the world wide web for at least four months with no congressional oversight. The combined version appears to shift that responsibility to DHS, who under the pretext of a national emergency could block all Internet traffic to the U.S. from certain countries, and close down specific hubs and networks, creating an ominous precedent for government regulation and control over the Internet.

Cybersecurity legislation is being promoted as a vital tool to defend the nation’s critical infrastructure against cyber- terrorism. However, as we have highlighted, the threat from cyber-terrorists to the U.S. power grid or water supply is minimal. The perpetrators of an attack on such infrastructure would have to have direct physical access to the systems that operate these plants to cause any damage. Any perceived threat from the public Internet to these systems is therefore completely contrived and strips bare what many fear is the real agenda behind cybersecurity – to enable the government to regulate free speech on the Internet.

As we reported back in March, the Obama administration’s release of the Comprehensive National Cybersecurity Initiative, a government plan to “secure” (or control) the nation’s public and private sector computer networks, coincided with Democrats attempting to claim that the independent news website The Drudge Report was serving malware, an incident Senator Jim Inhofe described as a deliberate ploy “to discourage people from using Drudge”.

Fears that cybersecurity legislation could be used to stifle free speech were heightened when Senator Lieberman told CNN’s Candy Crowley that the real motivation behind the bill was to mimic the Communist Chinese system of Internet policing.

“Right now China, the government, can disconnect parts of its Internet in case of war and we need to have that here too,” said Lieberman.

As we have documented, the Communist Chinese government does not disconnect parts of the Internet because of genuine security concerns, it habitually does so only to oppress and silence victims of government abuse and atrocities, and to strangle dissent against the state, a practice many fear is the ultimate intention of cybersecurity in the United States.

Click here to read the full report

Threat For Joe Biden Leads To Arrest

June 18, 2010

1500 AM Federal News Radio

Cybersecurity Update – Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Amy Morris (6-10 a.m.) and The DorobekInsider with Chris Dorobek (3-7 p.m.). Listen live at FederalNewsRadio.com or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

* It’s been said “good fences make for good neighbors.” Now good firewalls make for better neighbors. Barry Ardolf, 45, of Minneapolis has been accused of using his neighbor’s Wi-Fi network to send threatening emails to vice president Joseph Biden. The NewNewInternet reports if that weren’t enough, Ardolf also sent child pornography to his neighbor’s coworkers using a fake email account he set up in his neighbor’s name. Ardolf has turned down a plea deal and now faces a minimum of seven years in federal prison on charges of aggravated identity theft and making threats to the life of the President of the United States and his successors.

Click Here for the Full Report

Cyber Chief Ready To Name Deputy

May 28, 2010

Federal News Radio

Cybersecurity Update – Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Amy Morris (6-10 a.m.) and The DorobekInsider with Chris Dorobek (3-7 p.m.). Listen live at FederalNewsRadio.com or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

Click here for the full report.

Big Brother Weighs Expansion of Internet Monitoring

March 8, 2010

Cnet.com

By Declan McCullagh

Homeland Security and the National Security Agency may be taking a closer look at Internet communications in the future.

The Department of Homeland Security’s top cybersecurity official told CNET on Wednesday that the department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by the private sector. The technology was created for federal networks.

Greg Schaffer, assistant secretary for cybersecurity and communications, said in an interview that the department is evaluating whether Einstein “makes sense for expansion to critical infrastructure spaces” over time.

Not much is known about how Einstein works, and the House Intelligence Committee once charged that descriptions were overly “vague” because of “excessive classification.” The White House did confirm this week that the latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with the National Security Agency.

Greater federal involvement in privately operated networks may spark privacy or surveillance concerns, not least because of the NSA’s central involvement in the Bush administration’s warrantless wiretapping scandal. Earlier reports have said that Einstein 3 has the ability to read the content of emails and other messages, and that AT&T has been asked to test the system. (The Obama administration says the “contents” of communications are not shared with the NSA.)

“I don’t think you have to be Big Brother in order to provide a level of protection either for federal government systems or otherwise,” Schaffer said. “As a practical matter, you’re looking at data that’s relevant to malicious activity, and that’s the data that you’re focused on. It’s not necessary to go into a space where someone will say you’re acting like Big Brother. It can be done without crossing over into a space that’s problematic from a privacy perspective.”

If Einstein 3 does perform as well as Homeland Security hopes, it could help less-prepared companies fend off cyberattacks, including worms sent through e-mail, phishing attempts, and even denial of service attacks.

On the other hand, civil libertarians are sure to raise questions about privacy, access, and how Einstein could be used in the future. If it can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?

“It’s one thing for the government to monitor its own systems for malicious code and intrusions,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology. “It’s quite another for the government to monitor private networks for those intrusions. We’d be concerned about any notion that a governmental monitoring system like Einstein would be extended to private networks.”

AT&T did not respond to a request for comment on Wednesday.

Cooperation, or a loss of control?
At the RSA Conference here on Wednesday, Homeland Security Secretary Janet Napolitano stressed the need for more cooperation between the government and the private sector on cybersecurity, saying that “we need to have a system that works together.”

During a House appropriations hearing on February 26, Napolitano refused to discuss Einstein 3 unless the hearing were closed to the public. “I don’t want to comment publicly on Einstein 3, per se, here in an unclassified setting,” she said. “What I would suggest, perhaps, is a classified briefing for members of the subcommittee who are interested.”

Some privacy concerns about Einstein have popped up before. An American Bar Association panel said this about Einstein 3 in a September 2009 report: “Because government communications are commingled with the private communications of non-governmental actors who use the same system, great caution will be necessary to insure that privacy and civil liberties concerns are adequately considered.”

Jacob Appelbaum, a security researcher and programmer for the Tor anonymity project, said that expanding Einstein 3 to the private sector would amount to a partial outsourcing of security. “It’s clearly a win for people without the security know-how to protect their own networks,” Appelbaum said. “It’s also a clear loss of control. And anyone with access to that monitoring system, legitimate or otherwise, would be able to monitor amazing amounts of traffic.”

Einstein grew out of a still-classified executive order, called National Security Presidential Directive 54, that President Bush signed in 2008.

While little information is available, former Homeland Security Secretary Michael Chertoff once likened it to a new “Manhattan Project,” and the Washington Post reported that the accompanying cybersecurity initiative represented the “single largest request for funds” in last year’s classified intelligence budget. The Electronic Privacy Information Center has filed a lawsuit (PDF) to obtain the text of the order.

Homeland Security has published (PDF) a privacy impact assessment for a less capable system called Einstein 2–which aimed to do intrusion detection and not prevention–but has not done so for Einstein 3.

The department did, however, prepare a general set of guidelines (PDF) for privacy and civil liberties in June 2009. In addition, the Bush Justice Department wrote a memo (PDF) saying Einstein 2 “complies with” the U.S. Constitution and federal wiretap laws.

That justification for Einstein 2 “turned on the consent of employees in the government that are being communicated with, and on the notion that a person who communicates with the government can’t then complain that the government read the communication,” said CDT’s Nojeim. “How does that legal justification work should Einstein be extended to the private sector?”

Click here for the full report.

Next Page »