Cyber Arms – CYBER ARMS – Computer Security

Did Israeli Mossad Assassinate an Iranian Cyber Commander?

Mossad Logo, Translated Text says, “Where no wise direction is, a people falleth; but in the multitude of counsellors there is safety.” Pr 11:14

Mojtaba Ahmadi, a commander of Iranian cyber forces has been apparently assassinated at close range by two people on a motorcycle. With similar assassinations taking place in Iran, one has to ask, “Was this an Israeli operation?”

According to reports, Ahmadi was shot two times in the heart at close range by two unknown assailants.

“I could see two bullet wounds on his body and the extent of his injuries indicated that he had been assassinated from a close range with a pistol,” an eyewitness told a Revolutionary Guard backed website.

The attack involving assailants on motor bikes sounds like a tactic used several times against Iranian Nuclear and Missile Scientists. Six key Iranians have been assassinated since 2007. And for years Iran and other nations have accused the Mossad of the strikes.

We may never know who was actually responsible, but with cyber attacks coming from Iran and with Iran’s nuclear threat against Israel, it would seem that they might have taken things into their own hands.

And that may now include physically targeting Iran’s cyber warriors.

The Right to Keep and Bear Cyber Arms: The 2nd Amendment and CyberWar

There have been several articles floating around about “Cyber Militias”, and though I will probably regret it, I think it is time to talk about cyber weapons and the second amendment.

I’ve seen some interesting video lately, where two armed thugs enter a business and threaten everyone inside. An armed civilian defends himself and everyone inside by drawing his weapon and chasing the perps out of the business with some well aimed shots. But what if your business, that you worked very hard to build with blood, sweat and toil, is targeted by cyber criminals, what can you do?

Well, right now, all you can legally do is contact the authorities. Even if you knew how, you can not take matters into your own hands and counter-hack the attackers. With all the media hype over Stuxnet, cyber war and cyber weapons – should US citizens be legally allowed to own and use these deadly weapons in accordance with their 2nd Amendment rights?

Okay, I am poking fun with the “deadly” thing, as so far no one has been officially killed by a “cyber weapon”. But Joel Harding has some very interesting points in his latest post on cyber militias. If Switzerland stays true to course, and hands out government made cyber code to home guard soldiers, shouldn’t American civilians have access to such weapons also?

Honestly, as the amendment is written and as code is being quantified as a weapon, why shouldn’t Americans be allowed to actively defend themselves against online electronic risks as well as physical threats?

Of course, I can foresee that a single user Denial-of-Service weapon would probably be given out without much ado, but there will probably be a ban on large capacity distributed DoS weapons. And of course their will be a 10 day waiting period on Stuxnet based threats.

Wouldn’t want someone blowing up a couple nuclear power processing plants in Iran just because they had a bad day at the office…

Alright, alright… All kidding aside, should the 2nd amendment apply to cyber weapons – what do you think?

Reducing America’s Cyberwar Capabilities to a Maginot Line?

“If it’s O.K. to attack me, and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy.” – Gen. James E. Cartwright

From 1930-1940 France created a line of defenses that ran along its border with Germany and Italy. The massive fortification of bunkers, artillery emplacements, tank obstacles and machine gun nests was created to protect France and deter any possible invasion from foreign countries. It was strong, almost impregnable, and would be very difficult for any nation to attack it without suffering great loss.

When WWII started, Germany simply went around it and defeated France in a very short amount of time.

Defensive strategy is a good thing, but you must also have a capable offensive force. Strong offensive capabilities can deter attacks all together. A nation will think twice before attacking a country if the target force is strong enough to counter attack and cause significant damage.

The United States has been ravished electronically by infiltrating sources that have pilfered military secrets, financial information and account credentials. According to some, our national infrastructure has also been infiltrated and key systems backdoored. The enemy shows no signs of letting up, but how could these attacks continue so unabated?

Especially when the US is so technologically advanced. Surely the US must have some sort of offensive deterrent.

Rest assured, the US is just as capable, if not more, than any other nation of performing offensive capabilities. But we are hamstrung by legalese and political infighting. According to an article on Federal Computer Week, cybersecurity has become a political partisan issue in congress.

It also appears that military offensive capabilities are on hold for a “legal review of cyber capabilities intended for use in cyberspace operations.” AIR FORCE INSTRUCTION 51-402 is an interesting read and really displays the issues that we are facing. Some points that stick out are:

Ensure all weapons being developed, bought, built, modified or otherwise being acquired by the Air Force that are not within a Special Access Program are reviewed for legality under LOAC, domestic law and international law prior to their possible acquisition for use in a conflict or other military operation. This authority may be delegated to the Director, Operations and International Law Directorate (AF/JAO).
3.1.2.1. Whether the weapon or cyber capability is calculated to cause superfluous injury, in violation of Article 23(e) of the Annex to Hague Convention IV; and
3.1.2.2. Whether the weapon or cyber capability is capable of being directed against a specific military objective and, if not, is of a nature to cause an effect on military objectives and civilians or civilian objects without distinction.

These issues need to be ironed out quickly. We cannot rely on defensive capabilities alone. With no threat of retaliation, the offensive electronic onslaught will continue against this nation.

Cyber Arms Intelligence Report for February 4th, 2011

All eyes are on Egypt this week. Again as turmoil hits a nation, the internet goes dark. Cell phone usage though was for the most part untouched. So Google, Twitter and Say Now put their heads together and found a way to allow Egyptians to post tweets via cell phone.

Oddly enough, the protests in Egypt have touched off controversy here in the US over Obama’s internet kill switch. Joe Lieberman and his co-sponsors are planning on introducing the Cyber Security and American Competitiveness Act of 2011 (PDF File) at the current session on congress. The proposed legislation and the events in Egypt prompted the following statement:

“Our cybersecurity legislation is intended to protect the U.S. from external cyberattacks,” the statement says. “Yet, some have suggested that our legislation would empower the president to deny U.S. citizens access to the Internet. Nothing could be further from the truth. We would never sign on to legislation that authorized the president, or anyone else, to shut down the Internet. Emergency or no, the exercise of such broad authority would be an affront to our Constitution.”

Thank goodness for the Constitution. Time will tell if the “Kill Switch” is legitimized or not.

Microsoft is caught with its hands in Google’s cookie jar. Google suspected Microsoft’s Bing search engine was copying Google’s search results. When entering search terms in both engines, identical results were returned. So Google set up a trap:

From December 17 to December 31, engineers inserted a “honeypot” result as the top result for specific search queries — including, hiybbprqag, mbzrxpgiys, and indoswiftjobinproduction — and waited to see if the same results would appear on Bing. Lo and behold, the identical results popped up.

Microsoft responded by denying the accusation and requesting a third party investigate the incident. Yusuf Mehdi, Microsoft’s Senior Vice President of Online Services Division said:

“We do not copy results from any of our competitors. Full stop. We have some of the best minds in the world at work on search quality and relevance, and for a competitor to accuse any one of these people of such activity is just insulting.“

Next the gloves came off and a full Twitter war of “yes you did”, “no we didn’t” responses began between Google and Microsoft Employees – nice.

Microsoft also made headline news as another Internet Explorer vulnerability was found that put an estimated 900 Million users at risk.

In other news, CSC wins a $30 Million Air Force cybersecurity contract:

Under the terms of the contract, CSC will isolate, contain and prevent intrusive activities on the Air Force automated information systems and networks. In addition, CSC will plan, coordinate, analyze and report on the results of managed network intrusion detection systems and intrusion prevention systems.

And NATO begins implementation of Cyber Shield plan:

Deputy Secretary of Defense William Lynn is meeting this week with his NATO and European Union (EU) counterparts in Brussels to begin implementation of the alliance’s cybersecurity defense plan.

Lastly, a new purpose was found for unwanted text messages. Apparently, a wireless provider’s “Happy New Year” message set off a terror bombers suicide vest. The suicide bomber was thought to be with the same Jihad group that recently hit Moscow’s airport.