Skip to content

Category Archives: Cybersecurity

Congressional Action on ICANN Accountability

By
Wednesday, November 19, 2014 at 11:51 AM

As readers of this blog know, the United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted by the Internet Corporation for Assigned Names and Numbers (ICANN) under contract to the Department of Commerce.  Current . . .
Read more »

The .IR, .KP and .SY Domains Are “Safe”

By
Friday, November 14, 2014 at 1:21 PM

A couple of months ago, I noted an interesting law suit brought by several victims of terrorist attacks. They had secured default money judgments against Iran, North Korea and Syria for those country’s alleged complicity in supporting terror and their own resulting injuries. Sadly, for the victims, none of these countries had assets subject to . . .
Read more »

More on Pass Phrases and Fingerprints …. Gestures

By
Saturday, November 8, 2014 at 9:36 AM

Yesterday I posted a short blog on an interesting VA decision regarding the application the Fifth Amendment privilege to the question of unlocking cell phones and other devices.  The short summary is that the court held that compelling disclosure of a pass phrase or code was protected and could not be compelled, but that the . . .
Read more »

The FBI Impersonates the Media: Some of the Rules Governing Cyber-Subterfuge

By
Friday, November 7, 2014 at 2:54 PM

The developing story of the FBI’s impersonation of journalists is, in a way, really the story of Timberline high school in Washington State. In June of 2007 Timberline had received a series of bomb threats, prompting a week of evacuations. The FBI and local law enforcement traced the problem to an anonymous account on the . . .
Read more »

Pass Phrases Protected; Fingerprints Not — Curiouser and Curiouser

By
Friday, November 7, 2014 at 8:58 AM

One of the most engaging contemporary debates is about the efficacy and utility of encryption as a means of protecting privacy. I’ve written, in the past, about how encryption works and about the growing body of Fifth Amendment law protecting users against compelled disclosure of their passphrases. The developing doctrine and technology is sufficiently alarming . . .
Read more »

How Not to Do Remote Computer Searches

By
Sunday, November 2, 2014 at 3:00 PM

Recently The Guardian reported on FBI demands new powers to hack into computers and carry out surveillance. The FBI is seeking to make several changes to Rule 41 of the Federal Rules of Criminal Procedure, which governs how law enforcement can conduct court-approved searches.  Under the proposal, in investigating compromised machines (e.g., those in a botnet), law . . .
Read more »

Axiom — A Chinese APT

By
Tuesday, October 28, 2014 at 4:39 PM

And just to prove that we are equal-opportunity victims, I also saw, today, this report from Novetta on “Operation SMN” – a report on a Chinese APT dubbed Axiom.  Here’s a bit of the Executive Summary: Axiom is responsible for directing highly sophisticated cyber espionage operations against numerous Fortune 500 companies, journalists, environmental groups, pro-democracy . . .
Read more »

Russian APT28

By
Tuesday, October 28, 2014 at 11:58 AM

We tend to focus our attention on Chinese APT cyber threats for good reason — they tend to be more overt and focus on American business interests.  But we should not lose sight of the fact that Russian cyber skills are just as good (perhaps even better) than Chinese ones. And now, FireEye has reminded . . .
Read more »

China’s Cyber War on the Protesters

By
Monday, October 6, 2014 at 8:30 AM

As Benjamin Bissell noted a few days ago, Hong Kong protestors have developed some interesting ways of trying to avoid Chinese repression, including the use of an app, FireChat, that allows them to communicate without using the internet at all.  But, as you might expect, China was not likely to stand idly by.  Consider this . . .
Read more »

So How Does Vladimir Putin Feel About Cyber, Anyway?

By
Friday, October 3, 2014 at 4:15 PM

Two days ago, Russian President Vladimir Putin gave a significant cybersecurity speech to Russia’s Security Council. For all you Russian speakers, the original text and video can be found on the Kremlin’s website here.  For everyone else, I have translated the speech and posted it below. Though the speech is interesting for all sorts of . . .
Read more »

The 2014 National Intelligence Strategy Roadmap

By
Tuesday, September 30, 2014 at 11:52 AM

The Office of the Director of National Intelligence recently released its 2014 Strategy Roadmap, which can be found here. From the ODNI press release: Director of National Intelligence James R. Clapper unveiled last week the 2014 National Intelligence Strategy – the blueprint that will drive the priorities for the nation’s 17 intelligence community (IC) components over the . . .
Read more »

Neustar? What’s a Neustar?

By
Monday, September 29, 2014 at 4:16 PM

Today’s New York Times opened with an above-the-fold story entitled “Spy Agencies Urge Caution on Phone Deal.”  The Wall Street Journal had a similar report, about “Security Concerns Arise with Phone Database Contract.”  The gravamen of both articles was the potential national security implications of a relatively obscure decision to consider transferring a phone switching . . .
Read more »

More Tightening of Internet Restrictions by China

By
Tuesday, September 23, 2014 at 4:00 PM

The Chinese Communist Party (“CCP”), already infamous for its deep censorship of internet in the People’s Republic, seems to be squeezing the web’s net even tighter. Since coming to power, President Xi Jinping has consolidated internet regulatory agencies into a new, streamlined entity: the State Internet Information Office (SIIO). According to noted China specialist Bill . . .
Read more »

The Encryption Wars Continue

By
Saturday, September 20, 2014 at 12:31 PM

For quite a while it has been the case that properly implemented encryption will defeat efforts to crack it (at least using current technology). Yet it has been the case for an equally long time that very few people actually use encryption to protect their vital secrets – not journalists, not criminals, and most assuredly . . .
Read more »

Cyber Jumps The Shark

By
Wednesday, September 17, 2014 at 12:23 PM

To “jump the shark” is a symbol for when a phenomenon (usually a TV show) reaches its apex and begin declining in quality.  It’s named after a famous “Happy Days” episode where Fonzie gets on a water skis and actually jumps over a shark.  Though usually directed at artistic media, the phrase sometimes resonates with . . .
Read more »

Exploding Gas Tanks: Risk, Liability and Internet of Things

By
Sunday, September 7, 2014 at 10:24 AM

Well, summer is over now and it’s time to get back to the real world.  For starters, I had a chance to participate in a podcast for The Security Ledger on the topic of the vulnerability of the Internet of Things.  Here’s a summary and the full podcast is at the Security Ledger web page: . . .
Read more »

Reflections on DefCon and Black Hat

By
Tuesday, August 12, 2014 at 10:53 AM

I had the opportunity to go to Las Vegas last week to attend the annual events surrounding DefCon and Black Hat.  DefCon is a 22-year old convention of hackers (a/k/a security researchers) and Black Hat is its more “corporate” adjunct.  It tells you almost everything you need to know about the difference between them that . . .
Read more »

Dan Geer Cybersecurity Keynote at Black Hat

By
Friday, August 8, 2014 at 8:47 AM

Dan Geer gave this keynote address at the Black Hat conference yesterday.  It is entitled Cybersecurity as Realpolitik.  It begins with some general thoughts on the state of play in cybersecurity, addresses ten pressing policy issues, and is characteristically filled with insights throughout.  The speech is very much worth a read.  Or a watch – . . .
Read more »

Everybody is Vulnerable

By
Wednesday, July 30, 2014 at 8:01 PM

Even the vaunted Israelis. “A Chinese hacking team previously accused of being behind raids against US defence contractors has been accused of a new data heist: plundering the tech behind Israel’s Iron Dome missile defence system.”  Apparently this was in 2011-12 so it isn’t connected to the current conflict — except, of course, that it . . .
Read more »

True Lawfare — The Fight to Seize Iran’s Domain Name Continues

By
Wednesday, July 30, 2014 at 5:24 PM

A month ago, we wrote about an effort by several plaintiff’s lawyers, representing terrorist victims, to seize the Iran domain name (.IR).  Turns out there was even more to it than we were aware of at the time, as the same group of lawyers have filed similar writs of attachment against Syria (.SY) and North . . .
Read more »