jump to navigation

More detail surfaces about the attack on Google April 20, 2010

Posted by jonathanpenn in cyberwar/CIP.
add a comment

John Markoff’s article yesterday in the New York Times reveals that Google’s authentication system, code-named Gaia, was one of the targets of attack.

The target wasn’t Google users’ passwords, but the authentication system itself (Markoff refers to it as a “single sign-on” system; I’m reluctant to do that, since my own experience shows it to be a rather confusing mesh of both interconnected and disconnected authenticators…seems like Google could do a lot more to help users link and manage their IDs under one master account of their choosing). Why not the passwords? It’s far more valuable to gain access to the code and learn the intricacies – and weaknesses – of the system itself, rather than gain access to a few (or even a few thousand) accounts. My own theory is this is why Adobe and various antimalware companies were targeted by the same network of attacks: the former to find more weaknesses in Flash and Acrobat to exploit, and the latter to learn how to bypass security mechanisms designed to defeat such attacks.

Markoff has several other excellent articles on the cyber attacks made public by Google in January, most notably this one.


Hyping the Hackorist Threat February 9, 2010

Posted by jonathanpenn in cyberwar/CIP, news.
add a comment

The cyber-espionage threat is certainly news these days thanks to Google,  but it is not new. It’s been going on for quite some time and it represents a significant risk to many companies, most of whom underestimate that risk. What concerns me about much of the commentary coming from the cybersecurity community is that it uses the Google incident as a springboard to pump up the cyber-war / cyber-terrorism rhetoric. Couldn’t we focus on cyber-espionage for just a minute before turning things over to the defense community?

Yes, we should pay attention to the potential cyber-terrorism threat. But we need to be careful that our attempts to proactively address a digital 9/11 don’t come at the expense of defending against corporate espionage. We have an excellent opportunity to start building that public-private partnership we all recognize as necessary to the critical infrastructure protection effort. Corporate espionage is a perfect area for public-private collaboration. We’ll have squandered that if we overly focus on the hackorist threat.

What Google v. China tells us about how the security market is changing January 15, 2010

Posted by jonathanpenn in cyberwar/CIP, trends & futures.
add a comment

Rather than discuss the extent of the cyber threat from China, or whether Google should effectively pull out of China by ending the censoring of search results (or why it was even in China to begin with), the most interesting and telling thing I’m seeing from all the discussion on this is the visibility of the defense contracting and intelligence consulting community, and how that visibility and even dominance is going without much comment by industry watchers and without much challenge by traditional security firms. Who is going to analyze and say with confidence whether the attack came from proxies or direct representatives of the Chinese state? It’s the defense contractors. Like the July 4 attacks targeting the US and South Korea, the traditional defense contractors — Lockheed Martin, Northop Grumman (also targeted), and Raytheon, most notably) are the go-to authorities on this, while Symantec (which was also one of the targets in the multi-pronged attack), McAfee and others are left merely to talk about how the attacks in and of themselves might fuel greater interest in their security technologies.

Traditional defense contractors (Lockheed Martin, Northop Grumman, and Raytheon, most notably…but also BAE, Boeing, and General Dynamics, among many more) have successfully expanded from military and aerospace to cyber-surveillance and from the predominantly physical security aspects of homeland security to cyber-defense. Being so well-resourced and well-connected, they are extremely powerful and effective competitors to the traditional security vendors and security services (MSS, security consulting, and security integration) players.   Some estimates for the size the cyber-defense market place it at already about one-fourth the traditional IT Security market, and growing at a far faster rate. Given this, and that it should now be extremely clear that private sector IT lies within the cyber-warfare theater of operation, we can expect a formidable battle ahead.

Tip of the Hat to Richard Stiennon for posting similar thoughts — but even more pointedly and vociferously — here at ThreatChaos.com prior to these attacks.

And if I were to comment on Google’s effective exit from China, I’d ask: What’s exactly is Google’s goal in pulling out? Given that other tech companies that don’t host email accounts of Chinese human rights activists were also targeted, pulling out of the China market won’t likely remove it from the target list in future attacks.

[This entry is cross posted to Forrester’s Security & Risk Management Blog]

Will World War III be fought in cyberspace? October 23, 2009

Posted by jonathanpenn in cyberwar/CIP.

So warns Hamadoun Touré, secretary general of the International Telecommunication Union.

Now, as far as World War 3’s go, isn’t that a good thing? Crippling the IT infrastructure would certainly be devastating, but it’s no nuke.