Tuesday, May 31, 2011

An Open Source Analysis Of The Lockheed Martin Network Breach

From RSA website
On Saturday 21 May 2011, multiple U.S. defense contractors [2] had their networks attacked by hackers who, in the case of Lockheed Martin, used duplicates of RSA's SecurID tokens to gain access to Lockheed's internal network. Of the possible defense contractors mentioned by Reuters (Boeing, Raytheon, General Dynamics, Northrup Grumman, Lockheed Martin) only Lockheed Martin has made public statements about the attack once LM employees began leaking information about the breach to tech blogger Robert X. Cringely on Wednesday May 25th [3].

Friday, May 27, 2011

The Next Edition of "Inside Cyber Warfare" - Coming Soon*

I'm very happy to report that my publisher, O'Reilly Media, has approved an updated second edition of my book "Inside Cyber Warfare: Mapping the Cyber Underworld". I'll be spending the next three months writing three new chapters and updating four of the original ones. New content will include research in the following areas:

  • A detailed examination of cyberwarfare commands by nation state, including organization and capabilities
  • An operational profile of Anonymous focusing on its campaigns, strategy and tactics
  • The Peoples Republic of China's use of technology transfer of IP, both overt and covert.
  • The Russian Federation's heavy investment in Facebook and other social media through its politically connected Internet entrepreneurs
  • Plus guest essayists and a few other surprises

I'll be using this blog to keep everyone updated as to the book's progress so be sure to subscribe.

* I modified the title of this post because while I'm hopeful that the new edition will be out this December, it's really too soon to announce a date. 

Friday, May 20, 2011

Is Political Office In Yuri Milner's (CEO, DST-Global) Future?


Russian billionaire Yuri Milner’s profile has risen dramatically since his 2009 investment in Facebook.  Indeed, the May 14th issue of the influential British weekly The Economist credits Milner with triggering the latest cycle of investment in tech companies.  The Economist speculates that the cycle is showing signs of “irrational exuberance” and might represent the next investment bubble.

Recent Russian developments, however, indicate that Yuri might enter Russian domestic politics.  In 2009, Milner was appointed to the Presidential Commission on Innovation.  At that time, the commission’s members were all either government officials or leaders of government controlled entities with the exception of Yuri Milner, head of Digital Sky Technologies, and Mikhail Prokhorov, head of ONEKSIM Group.  According to Russian press, Mr. Milner attended commission meetings as late as January 2011.

On May 16th, commission member Mikhail Prokhorov announced he would head the political party Right Cause for the 2012 presidential elections.  Prokhorov, one of Russians richest men and owner of the National Basketball Association team The New Jersey Nets, gives Right Cause a new face for a Russian public that might be tiring of the current Medvedev-Putin tandem.

We note that fellow commission member Yuri Milner possesses many of the same qualities that make Prokhorov attractive.  He has been successful in his Russian investments and is increasingly known in the west without being linked directly to the current government.

However, prominent Russian political analyst Dmitry Orlov noted on May 17th on Vedomosti.ru, that there are 25 to 30 influential Russian politicians and businessmen setting the scene for the 2012 elections.  The group, Orlov notes, helped start the Presidential Commission on Innovation to capture the modernization agenda for the government.  Many of the group serve on the commission.  One of two non-government commission member’s hat is now in the ring.  Will the second follow?

- This post was researched and written by Taia Global's Russia analysts -

Wednesday, May 18, 2011

Symantec CEO Salem Needs To Get His Priorities Straight

I just read that Symantec (NYSE: SYMC) CEO Enrique Salem wants to either increase Symantec's stake in Symantec Huawei Technologies Co. Ltd. or sell shares to the public through an IPO, with a decision to be made by year's end. It's bad enough that the joint venture was formed in the first place. Why Mr. Salem would think that a leading U.S. security software company should form a business partnership with a Chinese company with strong ties to the State Council and Peoples Liberation Army is beyond me; particularly when the U.S. government has been so resistant to agreeing to Huawei's attempts to acquire U.S. companies or to buy Huawei products.

There's no lack of information about the Peoples Republic of China when it comes to informatized warfare, corporate espionage, technology transfer, information acquisition and processing, etc. Besides my own work on the subject, there's stellar work being done by Dr. James Mulvenon and LTC (ret) Timothy L. Thomas among others. So it can't be a question that Symantec's CEO is not aware of the problem. That leaves only two possibilities:
  1. That he doesn't believe it to be true
  2. That he doesn't care
If it's the former, then I'd be happy to arrange a briefing for him. If it's the latter, then I hope that he'll reconsider his obligation as a citizen of the U.S. to not engage in business practices that could negatively impact the security interests of our nation. Mr. Salem, you clearly have an obligation to your company, your board, and your shareholders to maximize profits. I hope that when you celebrate Memorial Day on May 30th, that you'll consider how to balance that obligation with the one that you owe to your country.

Tuesday, May 17, 2011

In Syria, Being On Facebook Could Get You Killed


The cyber aspects of the ongoing Syrian revolution against President Bashar al-Asad took an ominous turn in the last week.  On May 9th, British paper The Telegraph reported that captured Syrian activists were tortured for their Facebook and Twitter user names and passwords.  The activist’s accounts were then exploited to identify supporters who were rounded up in the government crackdown.  As a result, activists reported that communications with several areas, including Baniyas and Homs, were almost cut off.  Syria’s ally Iran was also providing equipment to jam satellite phones denying activists another potential communications channel.

On May 10th, Syrian satellite TV carried a 15 minute show accusing Facebook of being a tool of the United States and Israel.  The show claimed that the US and Israel failed to destabilize Syria during the Bush administration using false charges that Syria assassinated Lebanese Prime Minister Rafiq al-Hariri.  The same forces were turning to Facebook—owned by an "American Jew"—to implement their schemes such as starting fake web pages like Days of Syrian Anger and Syria Revolution.  Then, according to the program, conspirators use mass media to call attention to the pages which disseminate false news and videos claiming that the Syrian security forces are attacking demonstrators and that some were killed.  Thousands of fake links to the web pages create the false impression of widespread popular support.  The show implied that the Syrian Revolution 2011 creator Fida al-Sayyid was funded by the US government.

As proof, yet another government-sponsored television program played alleged Paltalk intercepts from al-Sayyid that described the situation as approaching creative chaos.  The show’s commentary then pointed out that the "creative chaos" doctrine originated with former US Secretary of State Condolezza Rice as justification for unleashing Middle Eastern wars.  The show concluded with a tape message from a Syrian living overseas stating he has documentary evidence that Israel's Mossad is behind the Facebook web pages.

The Syrian government propaganda against Facebook is not surprising given the role social media is playing in the so-called Arab Spring.  However, the pro-revolution Facebook group The Syrian Revolution Against Bashar al-Asad warned on May 6th that calls for demonstrations posted by the Aleppo Revolution Facebook page were being used to lure demonstrators into government ambushes.  On May 16th, The Telegraph published reports from National Organisation for Human Rights in Syria stating that they had found mass graves outside the Syrian town of Dera'a where protests began over two months ago.  The Telegraph included video captures from film posted on YouTube.  The route to a shallow grave outside Dera’a may have begun with a friend’s listing on Facebook.

- This is a guest post by one of Taia Global's analysts -

Monday, May 16, 2011

The Yandex IPO: Economic and Political Risks


On April 28, 2011 Yandex N.V.—a Netherlands based company—filed a Form F-1 with the United States Security and Exchange Commission (SEC) in preparation for an initial public offering (IPO) for Yandex, the dominant Russian web portal.  According to the Form F-1, the IPO could be worth approximately one billion dollars.  The Yandex IPO is the second significant IPO for Russian internet companies following last year’s offering from Mail.Ru Group that raised approximately one billion dollars on the London Exchange.

The successful Mail.RU IPO shows investor’s confidence in the Russian internet’s future prospects despite the somewhat problematic Russian business environment.  For example, in Transparency International’s most recent 2010 report, Russia received a score of 2.1.  The 2.1 score ties Russia with Cambodia, Central African Republic, and Laos among others.  Russia just nosed out the Democratic Republic of the Congo while losing nicely to Egypt’s 3.1 score where the population recently rose in rebellion with government corruption a major issue.  By contrast, most European countries score from eight to nine.  The US, even with the corporate problems revealed by the ongoing economic crisis, managed a 7.1.

As a result, potential Russian internet investors might profit from a close examination of the risks associated with investing in Russia.  The political and economic risks imposed by Yandex’s interaction with the Russian government warrant close scrutiny.

Sunday, May 15, 2011

The President's Cybersecurity Legislative Proposal Has No Teeth

On May 12, the White House announced its Cybersecurity Legislative Proposal to Capital Hill via a blog post by Cybersecurity Coordinator Howard Schmidt. I reviewed the section on critical infrastructure on my flight back from DC after speaking on this topic at the Cyber Security Strategies Summit. Predictably it's all bark and no bite. To wit:

If the Secretary determines, after conducting such a review, that the covered critical infrastructure is not sufficiently addressing the identified cybersecurity risks, the Secretary may:
(A) enter into discussions, or request another agency with sector-specific expertise to enter into discussions, with the owner or operator of the covered critical infrastructure on ways to improve the cybersecurity plan or the evaluation, which may include the provision of technical assistance;
(B) after discussions permitted in subparagraph (A), issue a public statement that the covered critical infrastructure is not sufficiently addressing the identified cybersecurity risks; and
(C) take such other action as may be determined appropriate by the Secretary;
except that the Secretary shall not, in enforcing the provisions of this Title, issue a shutdown order, require use of a particular measure, or impose fines, civil penalties, or monetary liabilities on the owner or operator of the covered critical infrastructure as a result of such review"
To put this in proper context, imagine that this proposal had to do with any other type of infrastructure: a bridge, an oil pipeline, your house. And let's say that the general contractor for that bridge project doesn't comply with the requirements. What happens then? He could get a stern talking-to (Section A); possibly get some publicity (Section B) which would probably land him a guest spot on Fox news as the little guy standing up to Big Brother's unreasonable demands that make it impossible for him to earn a living; or be subject to some other unidentified action (Section C).

Now here's what cannot happen to the builder of that bridge that you and thousands of others drive across twice a day:

  • He cannot have his project shut down for non-compliance. 
  • He cannot be fined for non-compliance. 
  • He cannot be held financially responsible if the bridge collapses and people are killed or injured. 
  • He cannot, essentially, be told what to do. 

This is clearly a ludicrous scenario for any type of physical infrastructure which is precisely why builders get fined, sued, or arrested and prosecuted if they don't comply with the law. However in the upside down world of "cyber", it's par for the course even when we're speaking about critical infrastructure (telecommunications, energy, financial services, water, and transportation sectors).

Let's move from the example of a bridge to one of a power plant. In the real world, the government regulates the construction of every aspect of a nuclear power plant or a hydro-electric dam except one: the protection of its networks. That's neither rational, nor responsible. The federal government must find a way to bring cyberspace into its existing authorities because if something is truly "critical", compliance cannot be voluntary or somebody doesn't know what "critical" means.

Wednesday, May 4, 2011

Look Out Azure and EC2, Here Comes The Huawei Cloud Service

On a recent trip to Beijing and Shanghai to attend Huawei's analyst summit, Gartner analyst Lydia Long learned that Huawei is planning to become a one-stop-shop Cloud computing provider. In other words, Huawei will not only be making network equipment, it will be developing Infrastructure-as-a-Service software (the Cloud stack) needed to provide a highly scalable public cloud like Microsoft's Azure or Amazon's EC2.

If Huawei's strategy in obtaining market share for its hardware is any indication, Microsoft, Amazon, Google, and other public and private cloud providers should prepare to have their pricing model ripped to shreds. Furthermore, the executives of companies who intend to move their data to the Cloud would be well-advised to re-think their cloud service provider requirements; moving beyond who the lowest-cost provider is to include who will add security guarantees to their Service Level Agreement. On the other hand, I'd wouldn't be surprised if Huawei took the initiative to become the first Cloud provider to revolutionize SLAs with exactly that kind of provision, considering that Huawei Symantec LLC is developing secure data storage devices for just such a service.

Huawei is not the only Chinese company that's investing heavily in the Cloud. Cloud computing has been designated a strategic technology by the PRC State Council in its 12th Five Year plan and placed under the control of the Ministry of Industry and Information Technology (MIIT). MIIT will be funding research and development for SaaS (Software as a Service), PaaS (Platform as a Service), and IaaS (Infrastructure as a Service) models as well as virtualization technology, distributed storage technology,  massive data management technology, and other unidentified core technologies.  Orient Securities LLC has predicted that by 2015, cloud computing in China will be a  1 trillion yuan market.

According to the US-China Council website, MIIT was created in 2008 and absorbed some functions from other departments including COSTIND (Commission of Science, Technology, and Industry for National Defense):
From COSTIND, MIIT will inherit functions relating to the management of the defense industry, with a scope that covers the national defense department, the China National Space Administration, and certain administrative responsibilities of other major defense-oriented state companies such as the China North Industries Co. and China State Shipbuilding Corp. MIIT will also control weapons research and production in both military establishments and dual-role corporations, as well as R&D and production relating to "defense conversion"--the conversion of military facilities to non-military use.
Beijing has a dedicated 7800 square meter industrial area called Cloud Valley which is home to ten companies focusing on various aspects of Cloud technology such as distributed data centers, cloud servers, thin terminals, cloud storage, cloud operating systems, intelligent knowledge bases, data mining systems, and cloud system integration. Clearly, the PRC has made a serious commitment to Cloud Computing for the long term. This doesn't portend well for today's private cloud service providers like NetApp or public cloud providers like Amazon, Google, and Microsoft; especially if buying decisions are made on price.

Monday, May 2, 2011

Justice Wins. Bin Laden is Dead.

It took 10 years, a new President, and the stellar collaborative work of the U.S. Intelligence Community to enable the success of the military operation against Osama bin Laden. Congratulations to all of the people whose names we'll never know that led to this momentous event of justice and vindication. We're so quick to judge intelligence failures that become public knowledge while the successes rarely make the news. Not only is this an intelligence success for CIA, NSA, and other agencies, it's vindication for President Obama's strategy to re-focus on capturing or killing Osama bin Laden in spite of political pressure to quit. I'm proud of everyone involved, and hugely grateful.

Related Links:

Timeline: The Intelligence Work Behind Bin Laden's Death
Latest on the Osama Raid: Tricked-Out Choppers, Live Tweets, Possible Pakistani Casualties
The Secret Team That Killed bin Laden