Archive for the 'Uncategorized' Category

The evolution of American counterintelligence

Published
by
marc
on 16 November 2008
in Uncategorized
. Comments

The US Office of the National Counterintelligence Executive recently published a four-part reader as an accompaniment to the lectures they conduct:

Our reader’s three volumes cover counterintelligence’s past and present. Nevertheless they form a whole: the first volume provides material elucidating counter- intelligence’s antecedents from the American Revolution to World War II. Volume two focuses on World War II while volume three begins with the Atom Bomb spies and concludes with the latest espionage cases. History is more than background; it is the framework of the present.

We have taken material from official government documents, indictments from several espionage cases, and articles written by professors, scholars and counterintelligence officers. We have abridged some selections while trying not to change the sense of the original but we have not altered the original usage of the English language.

Each chapter in the three volumes has an introduction, which sketches out the main trends and characteristics of the period in question. There is a chronology with each chapter for volumes one and three, but volume two only has one chronology to cover the entire period. At the end of each chapter is a selected bibliography. We hope this will help you get a sense of the period as a whole. The reader is not all-inclusive and people may disagree with our selections, but at least we hope to have provided sufficient material to entice our colleagues to do further research.

Counterintelligence is a fascinating and challenging discipline. Our response to these challenges is determined, not by the requisites of the immediate situation but by our historical legacy. Thus we urge that the materials presented in the three volumes be read, not as background to the present, but as part of the present itself.

A fourth volume covers recent spying successes, failures, programs and reports.

Cryptome ZIP of PDFs

NCIX Site

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

The economics of a botnet

Published
by
marc
on 14 November 2008
in Uncategorized
. Comments

Schneier on Security linked to an excellent paper on the economics of spam. Interestingly, the authors were able to infiltrate the Storm worm network and monitored its doings in the course of their study.

After 26 days, and almost 350 million e-mail messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to $100. Taken together, these conversions would have resulted in revenues of $2,731.88 — a bit over $100 a day for the measurement period or $140 per day for periods when the campaign was active. However, our study interposed on only a small fraction of the overall Storm network — we estimate roughly 1.5 percent based on the fraction of worker bots we proxy. Thus, the total daily revenue attributable to Storm’s pharmacy campaign is likely closer to $7000 (or $9500 during periods of campaign activity). By the same logic, we estimate that Storm self-propagation campaigns can produce between 3500 and 8500 new bots per day.Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year. This number could be even higher if spam-advertised pharmacies experience repeat business. A bit less than “millions of dollars every day,” but certainly a healthy enterprise.

Of course, the authors point out that it’s dangerous to make these sorts of generalizations:

We would be the first to admit that these results represent a single data point and are not necessarily representative of spam as a whole. Different campaigns, using different tactics and marketing different products will undoubtedly produce different outcomes. Indeed, we caution strongly against researchers using the conversion rates we have measured for these Storm-based campaigns to justify assumptions in any other context. [link]

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

Anatomy of a trojan hack

Published
by
marc
on 13 November 2008
in Uncategorized
. Comments

An analyst at Websense Security Labs did a study of the “wolfteeth bot catcher”, a tool coming out of China that allows a user to specify a particular range of IP addresses and then search for and exploit the MS08-067 bug in Windows, installing any malicious code they may choose. Careful though! It seems the authors of this program included a backdoor so that installing it also pulls you into their botnet. Here is the link for the disection, an interesting bit of thick texture even if the details are lost on you.

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

A hidden chronicle of horrific destruction

Published
by
marc
on 12 November 2008
in Uncategorized
. Comments

A rather entrancing article, published originally in the Guardian, meditates on the hidden images of America’s “last good war.” Following the surrender of Japan in WWII, the US issued a strict writ of censorship stating that “nothing shall be printed which might, directly or by inference, disturb public tranquility.” Consequently, the atomic bombings in Japan have become, as the novelist Mary McCarthy wrote in 1946, “a kind of hole in human history,” unaccompanied by much of a visual record. The article follows the discovery of an amazing cache of photographs, previously unseen to the public, taken by the US Military’s Physical Damage Division at the end of the war:

One rainy night eight years ago, in Watertown, Massachusetts, a man was taking his dog for a walk. On the curb, in front of a neighbor’s house, he spotted a pile of trash: old mattresses, cardboard boxes, a few broken lamps. Amidst the garbage he caught sight of a battered suitcase. He bent down, turned the case on its side and popped the clasps.

He was surprised to discover that the suitcase was full of black-and-white photographs. He was even more astonished by their subject matter: devastated buildings, twisted girders, broken bridges — snapshots from an annihilated city. He quickly closed the case and made his way back home.

At the kitchen table, he looked through the photographs again and confirmed what he had suspected. He was looking at something he had never seen before: the effects of the first use of the Atomic bomb. The man was looking at Hiroshima. [link]

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

Resolving the Golden Shield

Published
by
marc
on 28 October 2008
in Uncategorized
. Comment

Throwing a bit dye into the geist, a group of programmers have developed a Firefox plugin that will route your websurfing through a Chinese server, thus allowing you to get sense of what sort of Internet the Chinese state security services have in mind for their citizens. [Link to the plugin project website]

The control that governments, and other interested parties, can exert over one’s websurfing can take a much more insidious form than simply block content. Through some form of packet injection, or server based cacheing, web pages can be changed en route to the web browser, thus allowing for the manipulation of the user’s trust and expectation.

For more information, The Atlantic published an interesting article during the 2008 Olympics about the limitations and scope of the system.

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

Along what dimension is cyberspace?

Published
by
marc
on 23 October 2008
in Uncategorized
. Comments

In 2001, Martin Dodge and Rob Kitchin published an Atlas of Cyberspace, described by Vint Cerf as “explor[ing] a remarkable universe of visual representations of the Internet’s diversity, structure and content.” The atlas locates cyberspace along many dimensions: geographic maps of core fiber optic back bones, logical maps of network organization and hierarchy, social maps showing the relationships between individual users in virtual worlds, hierarchy trees of web page design, world maps from 3-d shooters, etc. While some of the visualizations, designed to shock and awe through their graphical sophistication, have become curious artifacts in their own right, almost like a first generation iPod, harkening back to simpler times, the book itself promises not to disappoint. The good news is that it has been re-released under a Creative Commons license and can be downloaded here. There is a 20MB low-res version and a 200+MB high-res version.

Arpanet’s geographical configuration, 1975

Submarine fiber optic cables in the Caribbean

“Great Circle” map designed as a bit of marketing ephemera for the Cable and Wireless Company, showing the global connectivity of its telecommunications network, with Britain centered representing its position as “hub of the world”, 1945

The huge and dense mesh of connections shows the social geography of LambdaMOO, a multi-user dimension, by mapping how over half of the 4,800 or so players related to each other. LambdaMOO was a well-established and well-known virtual environment created at Xerox PARC in 1990. The map was created using social statistics gathered by Cobot, a software agent that “lived” in LambdaMOO, sitting in the “living room” and observing the social interactions of players. 2000

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

Discrete circuits; or, Trojan architecture

Published
by
marc
on 23 October 2008
in Uncategorized
. Comments

IEEE Spectrum published an article this past May about the growing concern within defense circles about the loss of oversight along the military hardware supply chain. With many of the semiconductor components manufactured in the People’s Republic of China, rumors and fears of maliciously implanted “backdoors” abound:

According to a U.S. defense contractor who spoke on condition of anonymity, a “European chip maker” recently built into its microprocessors a kill switch that could be accessed remotely. French defense contractors have used the chips in military equipment, the contractor told IEEE Spectrum. If in the future the equipment fell into hostile hands, “the French wanted a way to disable that circuit,” he said. Spectrum could not confirm this account independently, but spirited discussion about it among researchers and another defense contractor last summer at a military research conference reveals a lot about the fever dreams plaguing the U.S. Department of Defense (DOD)…

Vetting a chip with a hidden agenda can’t be all that tough, right? Wrong. Although commercial chip makers routinely and exhaustively test chips with hundreds of millions of logic gates, they can’t afford to inspect everything. So instead they focus on how well the chip performs specific functions. For a microprocessor destined for use in a cellphone, for instance, the chip maker will check to see whether all the phone’s various functions work. Any extraneous circuitry that doesn’t interfere with the chip’s normal functions won’t show up in these tests…

Nor can chip makers afford to test every chip. From a batch of thousands, technicians select a single chip for physical inspection, assuming that the manufacturing process has yielded essentially identical devices. They then laboriously grind away a thin layer of the chip, put the chip into a scanning electron microscope, and then take a picture of it, repeating the process until every layer of the chip has been imaged. Even here, spotting a tiny discrepancy amid a chip’s many layers and millions or billions of transistors is a fantastically difficult task, and the chip is destroyed in the process…

The Pentagon is now caught in a bind. It likes the cheap, cutting-edge devices emerging from commercial foundries and the regular leaps in IC performance the commercial sector is known for. But with those improvements comes the potential for sabotage. “The economy is globalized, but defense is not globalized,” says Coleman. “How do you reconcile the two?” [link]

With respect to recent news pertaining to electronic security and surveillance see also:

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

Dreaming of the future at 11km per second

Published
by
marc
on 22 October 2008
in Uncategorized
. Comments

India launched its first unmanned moon mission on Wednesday following in the footsteps of rival China, as the emerging Asian power celebrated its space ambitions and scientific prowess.

Chandrayaan-1 (Moon vehicle), a cuboid spacecraft built by the Indian Space Research Organisation (ISRO) blasted off from a southern Indian space centre shortly after dawn in a boost for the country’s ambitions to gain more global space business.

The project cost $79m, considerably less than the Chinese and Japanese probes in 2007 and ISRO says the moon mission will pave the way for India to claim a bigger chunk of the global space business.

The mission is also expected to carry out a detailed survey of the moon to look for precious metals and water.

Fresh on the steps of the confidence that comes to any nation that can launch a few thousand pounds of metal faster than the 11km/s velocity needed to escape the earth’s gravitational pull on towards the moon is the Indian culture industry. To be released this summer is what seems to be a Bollywood take on the intense, high budget, the future is now Hollywood sci-fi film.

But what would even the most Doc Brown, cyberpunk metropolis be with out an appropriate measure of dance sequences? (Answer? something to be rewritten with more song and dance sequences)

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

Project Grey Goose report released

Published
by
marc
on 16 October 2008
in Uncategorized
. Comments

Accompanying the recent military action on the ground in Georgia was a cyber campaign that took down many government sites and generally impeded the dissemenation of information throughout the country. Shortly after things cooled down in Georgia, a collection of security researchers in and around the intelligence community got together under the banner of “Project Grey Goose” in an attempt to see if open source information, particularly through semantic analysis of Russian hacker forums, could be used to unmask those responsible. The team drew widely from the community:

  • Lewis Shepherd - former CTO, Defense Intelligence Agency; CTO, Microsoft Institute for Advanced Technology in Governments
  • Bob Gourley - former CTO, Defense Intelligence Agency; founder, Crucial Point LLC, a technology research and advisory firm
  • Matt Devost - former Senior INFOSEC Engineer at SAIC; Security Consultant to foreign governments and corporations; President, Total Intelligence Solutions
  • Preston Werntz - Project Manager, Newbrook Solutions, currently engaged at DHS Office of Intelligence and Analysis
  • Derek Plansky - former Director, Lexis-Nexis Risk and Information Analytics Group; President, Informatic Ideas Consulting
  • Andrew Conway - former analyst performing classified work for a three letter agency analyzing leadership emergence in covert networks; currently a Ph.D candidate in Politics, NYU
  • Jeremy Baldwin - Analytic Tradecraft Developer, The Analysis Corporation [source]

Following 56 days of investigation the group has published its findings [pdf] [intelfusion blog]. The conclusions?

  • We assess with high confidence that the Russian government will likely continue its practice of distancing itself from the Russian nationalistic hacker community thus gaining deniability while passively supporting and enjoying the strategic benefits of their actions.
  • We assess with high confidence that nationalistic Russian hackers are likely adaptive adversaries engaged in aggressively finding more efficient ways to disable networks.
  • We judge with moderate confidence that a journeyman-apprentice relationship will continue to be the training model used by nationalistic Russian hackers.
  • We estimate with moderate confidence that hacker forums engaged in training Russian cyber warriors will continue to evolve their feedback loop which effectively becomes their Cyber Kill Chain.
    • After analyzing over 200 posts in the Xakep.ru and StopGeorgia.ru forums, as well as Georgian network server data, Grey Goose analysts were able to discern a cyber kill chain which is comprised of the following steps:
    • 1) Encourage novices through patriotic imagery and rhetoric to get involved in the cyber war against Georgia
      2) Publish a target list of Georgian government Web sites which have been tested for access from Russian and Lithuanian IP addresses.
      3) Discuss and select one of several different types of malware to use against the target Web site.
      4) Launch the attack
      5) Evaluate the results (optional step)
  • We assess with high confidence that all visitors to Russian hacker forums which originate from U.S. IP addresses will be monitored.
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!

On rogues of the high seas and the hunt for bounty

Published
by
marc
on 27 September 2008
in Uncategorized
. Comment

Marvelously fluttering around the margins of the mediascape during the past few days has been news of a hijacking by a group of Somali pirates of some heavy old world war-fighting technology. Piracy on the high seas is certainly something that excites the imagination filled with tales from yesteryear’s maritime literature and folk stories told before bed. However, knowledge of the sort of gritty reality of modern piracy is, like many of the unpleasant things in life, curiously absent from that font of common sense that we all draw from.

The Strait of Malaca, pictured above, accounts for approximately 40% of annual maritime piracy

Interestingly, the International Maratime Bureau, part of the International Chamber of Commerce (ICC) Commercial Crimes Services, maintains an international piracy monitoring center in Kuala Lumpur, Malaysia. In this role they investigate incidents of piracy and armed robbery at sea and in port, publish weekly reports of piracy incidents, and maintain a google mashup of attacks (as pictured above).

However, to discover a bit of greater resolution when it comes to the sorts of statistics that one finds meticulously maintained by the IMB, one would suerly not be doing themselves a disservice to consider the person of one F. Max Hardberger ((really quite a marvelous name)). Hardberger, through his ‘asset recovery’ firm Vessel Extractions , is one of a special breed of repo men that work for ship owners and insurance companies to recover hijacked ships:

If a repossession is requested, Hardberger and his team quietly enter the country involved. They seek out friendly officials and trusted local contacts such as ship agents who tend to a vessel’s logistical needs in port.

You need to pick up clues about the ship and what is said in the bars, at the ship chandlers and in the local whorehouses,” Hardberger said. “Crews are not that sophisticated and talk about their orders and departure times. You can really keep track of a vessel this way.”

Hardberger said he does not carry a firearm, though he has hired bodyguards, as he did with the Aztec Express. Stealth and trickery are the preferred methods. [link to entire LA Times profile of Hardberger]

While Hardberger and others like him place an exiciting and romantic inflection on piracy through his fantastic adventures, it is also interesting to consider what an account from the crew of a hijacked ship would look like:

Everything seemed fine that spring afternoon as Captain Ken Blyth watched over the loading of his ship in Singapore. He was skippering the Petro Ranger, a medium-size tanker with a $1.5 million cargo of jet fuel and diesel oil bound for Ho Chi Minh City. It was a three-day turnaround…When the Petro Ranger finally slipped its berth, it was just another cargo vessel amid the daily parade that makes Singapore the busiest port in the world. Not far outside the harbor is the Horsburgh Lighthouse, the last outpost of domestic law. From Horsburgh on, you pass into the only true frontier of the 21st century: international waters — the no-man’s land of the new world economy. Not technically owned or patrolled by anyone, these waters are the last place on earth where you are truly alone.[Link]

However, if one does actually steal a ship and wants to disappear without a trace, this following video may be of some interest

  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Reddit
  • Live
  • E-mail this story to a friend!