FBI Warns of Sweeping Global Threat To US Cybersecurity 134
GovIT Geek writes "The FBI's newly appointed chief of cyber security warned today that 'a couple dozen' countries are eager to hack US government, corporate, and military networks. While he refused to provide country-specific details, FBI Cyber Division Chief Shawn Henry told reporters at a roundtable that cooperation with foreign law enforcement is one of the Bureau's highest priorities and added the United States has had incredible success fostering overseas partnerships."
Dark days of paranoia and spying. (Score:4, Insightful)
Where have I heard that before? Oh yeah [senate.gov].
But the second quote happened at the beginning of a horrible paranoia based on a real external threat. We still have the apparatus of that paranoia, though most of it was outlawed in the late 1970s and the only credible external threat is now our largest trade partner and "most favorable nation." Today we have secret "terrorist" blacklists with more than a million names. Domestic spying, especially web based spying, has jumped to levels that would make the freedom loving senator from Wisconsin angry. Anti-death penalty and peace groups are among those watched. Shame, isn't it?
Shoring up the nation's IT against spying is as easy as dumping the prevalent non free software used by most big dumb companies. This would also save the country hundreds of billions of dollars in licensing fees and other headaches unique to non free software. The problem is that it would make wiretapping very difficult or impossible.
Re:Dark days of paranoia and spying. (Score:5, Interesting)
FOSS software isn't immune, there have been some terrible security flaws which have gone unnoticed for a long time. Of course proprietry software has even more flaws but profits pay for a team of guys in nice suits to give powerpoint presentations on how good it is and take the head of purchasing out to dinner.
I would be very surprised if there weren't a few NSA plants in the dev teams of some of the more popular linux distros. How hard would it really be for a tallented coder to slip in a few subtle flaws to be exploited later if he's on the dev team and in every other way does the job very well.
Re: (Score:1)
NSA infiltrated debian's openssl package maintanence?
Re:Dark days of paranoia and spying. (Score:4, Insightful)
Re: (Score:2)
Yes anonymous coward, I do know that. I was speaking about corporations within the US. Like all the major telcos and cell phone companies that did just hand over private data when asked - politely or not. Only 1 company asked if they were legally obligated to do so.
Re:Dark days of paranoia and spying. (Score:4, Informative)
Fortunately for the US, politeness isn't mandatory - they seem to find it quite easy to pressure a country to do whatever they like: http://www.theregister.co.uk/2006/06/19/us_pushes_sweden/ [theregister.co.uk] - *cough* assholes
Re: (Score:1)
Re: (Score:2)
Show me an easy way to find the backdoors...
Re: (Score:1)
The easier way is to just read the all the kernel header options and turn off the ones that say NSA_BACKDOOR or something similar(e.g. undocum
Re: (Score:2)
backdoor doesn't have to mean a port sitting open.
It can be a weakness in the RNG, a constant in an encryption scheme etc.
So ya, your idea for commenting out the NSA_BACKDOOR headders is the best one.
Re: (Score:1)
Re: (Score:2)
I really don't want to keep pointing at the debian fiasco because personally I really like open source but it's a perfect example of a big huge problem which wasn't spotted despite these things.
Open source is better than closed but it isn't some magic bullet which fixes everything.
Re: (Score:1)
The only other backdoor that could be used without requiring a port is a hardware backdoor, such as in the Macs, NICs, certain processors, and certai
Re: (Score:1)
Re:Dark days of paranoia and spying. (Score:5, Interesting)
I hope you are modded up handily.... what you say is the truth, and the only reason that such information makes the news. If govt. agencies were doing their job as prescribed, it would not be news. This is simply creating a new evil-doer to distract the minds of Americans while the government continues it's wholesale grab of liberties and Constitutional pinata frenzy.
Mr Orwell would be happy to note that in 4 more years, most Americans will be on a terrorist watch list, augmented heartily by those signing up for unemployment benefits. How much farther down this rabbit hole must we go before government whistle blowers become folk heroes? Will our grandchildren hear stories of Babe the blue ox, superman, and joe whistleblower? I hope so.
Re:Dark days of paranoia and spying. (Score:5, Insightful)
How much farther down this rabbit hole must we go before government whistle blowers become folk heroes? Will our grandchildren hear stories of Babe the blue ox, superman, and joe whistleblower? I hope so.
I hope not! That means that whistle blowers are so rare that they must be celebrated. I hope they are more common than bus drivers.
Re: (Score:2)
God, I hope not. Because that would mean wrong-doing was so widespread as to be something we tune out and don't really pay any attention to.
However, I wholeheartedly agree with your point.
Cheers
Re: (Score:3, Interesting)
I really worry about the direction of America. For such a powerful country in the world, your government is really really managing to dick things up.
Re: (Score:1)
Shoring up the nation's IT against spying is as easy as dumping the prevalent non free software used by most big dumb companies.
It's missing something along the lines of:
This message has been brought to you by Symantec Corporation. Try our new Norton Internet Security for 30 days free!
Re: (Score:2)
Or, you have violated 235 of their (laws|patents) and they intend on receiving (taxes|royalties) for it from the (citizens|users) in order to properly fund their (job|development).
Re: (Score:1)
Re: (Score:1)
Shoring up the nation's IT against spying is as easy as dumping the prevalent non free software used by most big dumb companies. This would also save the country hundreds of billions of dollars in licensing fees and other headaches unique to non free software. The problem is that it would make wiretapping very difficult or impossible.
Doing that would only stop the common 'script kiddie' type hacker from exploiting the nations IT (via pre-built tools and well documented methods), and even then only for a limited time. In effect it would prove to be more of a boon to 'serious' attempts to attack the nations business and military IT systems. FOSS software is swiss cheese for security, it's just that not many people eat it and therefore don't realise it has so many holes.
Re:Dark days of paranoia and spying. (Score:5, Insightful)
FOSS software is swiss cheese for security, it's just that not many people eat it and therefore don't realise it has so many holes.
And gross generalisations are always wrong too! Like this one.
It really depends on the project. Most obvious projects to look at: Apache, PGP, Linux, etc. Very widespread adoption, and nothing like 'swiss cheese' in terms of security. FOSS software can be amazingly secure with the right guidance.
Twitter is making gross generalisations too, of course.
A well conceptualised FOSS project can obviously be just as good as any well conceptualised cllosed source project. Popular Open Source projects will be able to have more developers looking over the code though, and are likely to thank people for disclosing security vulnerabilities, and patch them up quickly. Sometimes closed source vendors get really pissed off when people disclose vulnerabilities - even when they've been given a while to get a patch sorted out and have done nothing about it.
Re: (Score:1)
Agreed.
Without sarcasm, I should of added 'Nearly all' at the start of that line.
And yes, any software with widespread adoption is much more likely to have built up it's immune system.
Nearly all of FOSS software has very limited adoption.
Re: (Score:3, Funny)
Closed-source software is swiss cheese as well, but you're forced to eat it with your eyes closed, and this means that you can't see the holes.
Cheese analogies are much more fun than car analogies!
Re: (Score:1)
Re: (Score:1)
This just increases' paranoia and anxiety, what a waste of taxpayer dollars.
Re: (Score:2)
Twitter, I like you.
I hope you have carefully considered your position here. The first rule of an revolutionary is plausible deniability.
Times are changing. Everything here is well recorded. If you would continue in this vein I would recommend at least that you get some offshore hosting and anonymous accounts.
Also, recommend you read Heinlein's early works.
Re: (Score:1, Interesting)
Even twitters most notorious foes think Twitter believes what he writes. I for one think he has even fooled them
What's a Cyber? (Score:5, Funny)
I'm now worried that mine's at risk.
Re: (Score:2)
I'm now worried that mine's at risk.
That was my first question as well. At least I'm not in the US so maybe my cyber is safe.
Re: (Score:2, Funny)
Re: (Score:2)
No problem, I'll put my cyber on it right away!
Re: (Score:2)
Re: (Score:2)
the topic field probably cut it off.
Please. Most likely it was a stray lolcat.
He's in ur cybers, stealin ur pace.
Re: (Score:2)
Re: (Score:3, Funny)
Don't worry no one wants to listen in on any of the /. crowd's cyber...
A/S/L?
Re: (Score:2)
Help! Help! My subculture [wikipedia.org]'s at risk!
Title confused me (Score:2)
no kidding? (Score:5, Funny)
News Flash: Guy in new job declares new job important!
Re: (Score:2, Funny)
Don't mess with this guy. He has an army of cybermen [wikipedia.org] ready to invade the planet!
Well, either that, or a very silly job title.
Re: (Score:2)
However, while I'd like to think that the FBI has dozens of snotty kids with utterly professional and capable navis on its payroll, most likely all they have are a couple HealNavis with one MiniBomb J each.
Re: (Score:1)
Re: (Score:1)
News Flash:
Do what they did on the Battlestar Galactica (don't use externally-connected networks), and you won't have to worry about being hacked by Cylons..... er, terrorists and spys.
Re: (Score:2)
And, in an astonishing correlation, guy who has been in same job for over a decade decrees job pretty mundane.
Coincidence? I think not!!
Cheers
Well... (Score:2, Funny)
Don't worry, if McCain wins he'll make Joe the Plumber his special advisor on such issues.
Damn right! (Score:3, Funny)
That guy knows how to fix a series of tubes!
USA! USA! USA!
Yay! More Security Theater!!! (Score:5, Insightful)
Re: (Score:1)
No. They will either A) wait until some major government site gets hacked or B) stage a fake 'cyber attack' on U.S. government infrastructure, and when everyone and their mother is inconvenienced or hurt in some way, then they'll ask for new laws. Which The U.S. populace will be all too willing to submit to.
Sound familiar?
They're threatening cybers? (Score:5, Funny)
Threats against cybers? Uh-oh. I've been cybering all morning. Heck, I even did cam to cam once. No global sweepers have threatened me yet, but now I'm scared. I hope they don't hurt me.
Um... (Score:2)
So use protection [clamav.net].
Or top truncating titles into something ambiguous, I guess.
Cybers? (Score:5, Funny)
Re: (Score:3)
it's part of their two-pronged attack against child exploitation.
They will watch you cyber to assure there are no children involved, but assure protections so others don't watch you cyber.
I hope your fetishes involve spectators : )
What... (Score:5, Insightful)
. While he refused to provide country-specific details[...]
He then hinted that an announcement[...]
Henry would not comment in detail[...]
He shied away from commenting[...]
No duh... (Score:3, Informative)
Easier from the inside (Score:1)
well, he would say that - wouldn't he? (Score:5, Insightful)
Of course he will talk up the threat - that's his job. Since there's no way that these intangibles can ever be measured, he's on pretty secure ground too. If no threats materialise it's because of his vigilance and the skill of his team - not because there were never any real threats to begin with.
If a threat does turn into a real attack - well, he needs more money, powers and curtailed freedoms to ensure it doesn't happen again.
Re: (Score:3, Interesting)
Re: (Score:2)
Since there's no way that these intangibles can ever be measured..
What are you talking about?
Don't you know the recording, software, and film industries lose hundreds of billions of trillions of dollars a year to p2p piracy?!!
These things CAN be measured.. why just recently the chairman of the fed said a mere 700 billion dollars would fill the potholes in our credit industry!
(for the million /whooshes about to happen .. /sarcasm)
Job Security 101 (Score:3, Informative)
There is no doubt there are bad people that would like to do bad things to others in the world, but why anyone takes this kind of propaganda seriously is beyond me.
It's more than likely the amount of funding he gets is directly proportional to the amount of fear mongering produced.
Re: (Score:2)
There is no doubt there are bad people that would like to do bad things to others in the world, but why anyone takes this kind of propaganda seriously is beyond me.
It's more than likely the amount of funding he gets is directly proportional to the amount of fear mongering produced.
Not to mention, that "of course" this means that the only way to be "safe" is to increase the size and police power of government. Why, that's always the solution now that you've had problem and reaction! When we all learn the goose step, just think of how incredibly wonderfully SAFE we'll all be!
Re: (Score:2)
There is no doubt there are bad people that would like to do bad things to others in the world, but why anyone takes this kind of propaganda seriously is beyond me.
It's more than likely the amount of funding he gets is directly proportional to the amount of fear mongering produced.
This is probably why you didn't hear much about terror attacks before 9/11 yet after the building goes down everyone screams its the governments fault for not telling us about these threats. Not everything is propaganda, sometimes people really do want your ass.
What you all just said... (Score:1, Insightful)
FBI Cyber Division Chief says other countries are trying to hack in to their systems.. if we disband the government we won't have any threat!
We win both ways.. we don't have the paranoid threat of having to deal with terrorists attacking "our government", nor do we have to worry about "our government" attacking us... again.
It's on Topic! (Score:3, Funny)
Aight, I put on my robe and wizard hat.
-Peter
USAF Cyber-Command Demoted Relation (Score:4, Informative)
Re: (Score:1)
Re: (Score:2)
The real reason they "delayed" that effort is because some twenty-something Captain told the old fogeys that the "space" term in "cyberspace" didn't mean what they thought it meant. They are now working on an "All your Space belong to us" concept - but it's taking a bit longer t
Was this followed by a request for more money? (Score:3, Insightful)
Nice way to get more budget, "OMG the terrorists are going to control our nukes from their iPhones!!!11!! You must give us lot of money to protect you".
I know there are threats, and I know that a lot needs to be done about them, but this kind of scaremongering is getting boring after nearly a decade.
This is a real problem, there is no need to exaggerate it. You use unsupported hyperbole at your peril, after a while no-one will take you seriously. Especially now, when budgets are under so much scrutiny.
In many ways these financial problems could be great for civil liberties, constructing a surveillance society costs real money. Just take a look at the UK ID scheme, it will cost billions.
Re: (Score:1, Flamebait)
Re: (Score:1, Troll)
So, David Duke posts on Slashdot?
Skin colour aside, consider that recent immigrants quite likely have close family members back in the old country, where they can be rewarded, or punished, depending on the immigrants' response to appeals from their original government.
Re: (Score:2)
The "worst" part about free societies is that it isn't always easy being a citizen of one. The "easier" it gets the less free the society.
You've got to be willing to take a blow, usually the first one, and not overreact.
You've got to let the rights that protect you protect the people you hate.
Strength is not going medieval on someone who hurt you.
And thank you for reminding me what a scary word loyalty truly is.
Re: (Score:2)
And thank you for reminding me what a scary word loyalty truly is.
I seem to recall that the ceremonial daggers carried by the Nazi SS in WWII bore the inscription "My honor is loyalty" on the blade.
Re: (Score:1)
China is at the top of the list of countries that want to see us thrown on the trash heap of history
Can we please stop telling the Chinese how much they hate the USA, before they actually start to believe it themselves?
Xenophobia:1 Tolerance: 0 (Score:1)
Most Americans just don't get that in much of the world, ethnicity actually means something pretty profound to the average person.
This is precisely why ethnic slurs offend. Ethnicity is a gestalt. Physical appearance, language, religion, ideology, and folkways are bound in an inseparable unity. To tamper with one part is to violate the integrity of the whole. The very process of naturalization requires the adoption of values different from one's nativity. For some, the resulting identity dissonance may be too great to handle in the long term. Therefore some may attempt to retain their native intentions. For some, this leads to the spe
Cybers? (Score:2, Funny)
Al Qaeda is on AOL chat rooms asking A/S/L ?
FUD (Score:2)
Maybe they're vulnerable (Score:2)
Re: (Score:1)
If the FBI had a system to access, you would not see it on the internet, it would be a separate fiber line, which only certain field agents would have the tools to access. We are talking about national security, they would not take a chance on putting their network accessible over the internet
The penalty for threatening cybers (Score:5, Funny)
You are inferior. Man will be reborn as Cybermen, but you will perish under maximum deletion. Delete, delete, delete, DELETE!
Title Misprint - They Mean Cybrans (Score:2)
Carry on Supreme Commander!
Control Data? (Score:1)
I'm nervous that he would mention corporate nets (Score:5, Insightful)
The implication of a government person saying we have a problem, is that the government should do something about it. And for the military and other government networks, that's fine.
But why do we ("we" being the government) need to do anything to protect corporate (or any other private) computers? The owner/operators of computers can protect them on their own. Just stop running foreign code.
This isn't like physical security, where, say, IBM can't (and shouldn't have the means) to protect themselves from nuclear ICBM attack. It makes sense to put government in charge of securing the country against certain threats, and that job (if stated broadly enough) is arguably the only reason we need government to exist at all. But cyber-security isn't one of those situations, because individuals and groups can protect themselves, without putting anyone else at risk.
Re:I'm nervous that he would mention corporate net (Score:5, Informative)
The implication of a government person saying we have a problem, is that the government should do something about it. And for the military and other government networks, that's fine.
But why do we ("we" being the government) need to do anything to protect corporate (or any other private) computers? The owner/operators of computers can protect them on their own. Just stop running foreign code.
This isn't like physical security, where, say, IBM can't (and shouldn't have the means) to protect themselves from nuclear ICBM attack. It makes sense to put government in charge of securing the country against certain threats, and that job (if stated broadly enough) is arguably the only reason we need government to exist at all. But cyber-security isn't one of those situations, because individuals and groups can protect themselves, without putting anyone else at risk.
If you're premise was correct your position would have some merit, but because you're probably thinking very narrowly about the problem you've missed some very big issues.
First, much of our infrastructure is run by private companies. Think about how effective inter agency communication isn't when phones and cell phones don't work (think Katrina and 9-11). Our utilities are almost completely under private control and that includes nuclear reactors, dams, and the electrical grid. The Nuclear Regulatory Commission sets standards for security, but computer systems and security (both virtual and real) are all handled by private companies, most often contractors.
Second, even non-infrastructure companies can be hugely disruptive. Think what could happen if someone gained control over the automated systems that report on the prices of stocks, commodities, bonds, and other financial mechanisms. Creating a run on a bank, Wall Street, or a huge fluctuations in the value of the Dollar would be trivial if someone just had access for a short time period. If someone had undetected access and a more subtle mindset the damage could be both much longer term and much worse.
Finally, even companies and organizations that don't control infrastructure or financial systems can have a huge impact if their systems are compromised. Your example of IBM's being able to protect themselves without risk to others is also critically flawed. Last year IBM did $1.43 billion in consulting work for the US government. (1.4% of total 2007 revenue) You don't suppose that in that some of the work is classified? I know some of it is and further, given continued access, I could see the new stuff as the contracts are awarded to Big Blue. This also ignores the disruption that they could create because they are a well trusted ASN on the Internet. The sheer number of workstations and servers they have would also make them attractive to operate as part of a bot net.
In short, there are lots of ways that any large company can hurt the rest of us if they aren't responsible with their security. Now, I'm not buying into the idea that the government being responsible for everyone's network security, they couldn't if they wanted to, but right now network security is something that a lot of companies haven't taken seriously and they _can_ harm us with their negligence.
Re: (Score:3, Interesting)
Fair enough on that. I'm ok with government demanding authority (or certain standards) over private computer securi
Re: (Score:3, Insightful)
much of our infrastructure is run by private companies.
So, basically privatization leads to nationalization?
Interesting.
Countries? (Score:3, Interesting)
And part of the solution is not "attacking", but defending having things right in your side. Detect infected and vulnerable sites and pcs and warn/educate owners/vendors about that, as they are the perfect source for i.e. a big DDos or other kind of attacks. That US is the biggest source of spam and probably botnet activity of the world is a good warning sign.
the FBI has discovered "D'OH!" (Score:2)
or maybe "duh."
enemies who want to get you in the weak points. who woulda thought it?
any bilged-out 2nd lieutanant would appear to be smarter than the head of cyber security in this regard, since the military academies exist to study this stuff. and the first place to start is not to put critical systems on the web, maybe, you think?
this fella probably wants to go back to tubes to avoid EMP.
I say go ahead.. (Score:2)
Soo people want to Hack the government, alright.. well your chief of the FBI, you better get on that.. why would I care if they want to hack the FBI.
If I were president I would send every FBI, DHS, CIA, NSA, TSA, and DEA agent in America to guard ANWR Alaska against "terrorism".
This is news? (Score:1)
First off, MOST countries don't like us. That comes with distrust as well. By hacking into our stuff they learn of our plans/security layout. So lets look at this point by point.
(1) There is a something called the internet.
(2) There are people who know how to store data made available on the internet.
(3) People know how to steal data from places where the internet is used.
(4) People are VERY good at #3.
(5) For every security tool we have put in, they have a tool that will get past it in time.
Now given al
Billions of people... (Score:2)
...are eager to punch George W. Bush in the face. News at 11.
Bullshit (Score:2)
They just want more money in their budgets. If .gov or .mil computers on the interet are resulting in any serious threat to national security, then GET THEM OFF THE INTERNET! It's the people who insist on putting them ON the internet who are doing the real damage, not the hackers from Bogie Land.
yeah right (Score:1)
Define:incredible (Score:2)
The actual meaning of "incredible" :
beyond belief or understanding;
wordnet.princeton.edu/perl/webwn
overused as a hyperbole for "good." It means "too improbable to believe":
www.iolani.honolulu.hi.us/Keables/KeablesGuide/PartThree/Letters/I.htm
Too implausible to be credible; beyond belief; unbelievable;
en.wiktionary.org/wiki/incredible
The Hawaii phrasing is particularly apt. So, by it's own words, the US Govt has had success "too imp