Skip to content

Category Archives: Cybersecurity

Everybody is Vulnerable

By
Wednesday, July 30, 2014 at 8:01 PM

Even the vaunted Israelis. “A Chinese hacking team previously accused of being behind raids against US defence contractors has been accused of a new data heist: plundering the tech behind Israel’s Iron Dome missile defence system.”  Apparently this was in 2011-12 so it isn’t connected to the current conflict — except, of course, that it . . .
Read more »

True Lawfare — The Fight to Seize Iran’s Domain Name Continues

By
Wednesday, July 30, 2014 at 5:24 PM

A month ago, we wrote about an effort by several plaintiff’s lawyers, representing terrorist victims, to seize the Iran domain name (.IR).  Turns out there was even more to it than we were aware of at the time, as the same group of lawyers have filed similar writs of attachment against Syria (.SY) and North . . .
Read more »

Why Indictments Won’t Stop China’s Cybersnooping

By
Tuesday, July 29, 2014 at 8:58 AM

The Chinese government and its proxies have recently ratcheted up harassment of U.S. IT firms doing business in China.  In the last week, China has deployed its antitrust laws against Qualcomm and Microsoft.  This comes on the heels of recent attacks in China on Apple and Cisco and IBM.  China has also increased its harassment of . . .
Read more »

On NSA’s Subversion of NIST’s Algorithm

By
Friday, July 25, 2014 at 2:00 PM

Of all the revelations from the Snowden leaks, I find the NSA’s subversion of the National Institute of Standards’s (NIST) random number generator to be particularly disturbing. Our security is only as good as the tools we use to protect it, and compromising a widely used cryptography algorithm makes many Internet communications insecure. Last fall the Snowden . . .
Read more »

CISA Boom Bah …

By
Tuesday, July 22, 2014 at 4:53 PM

Sorry, I just couldn’t resist the title which does not reflect my true feelings about CISA, the Cybersecurity Information Sharing Act of 2014.  Approved earlier this month by the Senate Intelligence Committee, this bill awaits Senate floor action.  In the current environment, I think its legislative prospects are modest (though perhaps we might see it . . .
Read more »

A Taxonomy of Cyber War IHL Questions

By
Thursday, July 3, 2014 at 11:50 AM

I have been asked to write a chapter, tentatively entitled “Law and Warfare in the Cyber Domain,” for the next edition of Moore, Roberts & Turner, eds., National Security Law.  As part of that effort, I have been thinking about where the gaps are in the domain of international humanitarian law as applied in cyberspace.  . . .
Read more »

Bits and Bytes

By
Monday, June 30, 2014 at 11:56 AM

While the rest of the world is watching the Supreme Court’s final decision day of the year, it’s been a busy time in the cyber world as well.  Herewith seven (!) bits and bytes of interest, in no particular order: Facebook’s Psych Experiment.  You’ve no doubt read that Facebook manipulated news feeds as an experiment. . . .
Read more »

Seizing Iran’s Domain Name — .IR

By
Friday, June 27, 2014 at 3:08 PM

As we have noted in the past, there is a brewing fight over who controls the naming function for the internet.  I suspect that some who’ve read these posts have wondered if they were truly germane to national security — the nominal subject matter of this blog.  Today, we find a bit more evidence of . . .
Read more »

How Dumb Is This?

By
Monday, June 23, 2014 at 12:08 PM

I yield to nobody in my capacity to be surprised by Congress, but sometimes even I get a bit of a shock.  I totally get the idea that everyone is angry at the NSA.  And, indeed, I’ve spoken publicly about my particular disappointment that the NSA may have (if reports are accurate) deliberately degraded encryption . . .
Read more »

The Strange Demise of TrueCrypt and What It Says About Cybersecurity

By
Wednesday, June 18, 2014 at 11:31 AM

A small earthquake happened at the end of May – a well-regarded, widely known encryption program called TrueCrypt shut its doors. For those who care about surveillance, encryption, and open-source methodologies, the change was abrupt and disturbing. It’s the type of thing that goes unnoticed by the broader public, but has quiet effects that should . . .
Read more »

Rogers Throws A Flag

By
Wednesday, June 18, 2014 at 8:00 AM

Last week, as I noted in Bits and Bytes, the Chairman of the FCC, Tom Wheeler, gave a speech at AEI in which he claimed a role for the FCC in advancing cybersecurity. Today, Rep. Mike Rogers threw a flag.  In a letter to the FCC, he wrote that the speech “lead[s] us [Rep. Pompeo . . .
Read more »

Feinstein-Chambliss Cybersecurity Info Sharing Bill

By
Tuesday, June 17, 2014 at 3:18 PM

The Chair and Vice-Chair of the Senate Select Committee on Intelligence, Senators Feinstein and Chambliss have introduced a draft cybersecurity information sharing bill.  Early coverage of the bill from Inside Cybersecurity is here.  My own quick analysis: The requirement to remove personally identifying information from shared cyber threat information is both critical to securing buy . . .
Read more »

Reforms and Standards for the ICANN Transition

By
Monday, June 16, 2014 at 2:37 PM

Along with three co-authors, I’ve just released a paper through The Heritage Foundation entitled: “Protecting Internet Freedom and American Interests: Required Reforms and Standards for ICANN Transition.”  In the paper we lay out a series of recommendations for the transition of control over the internet naming function to ICANN.  Here is the abstract: The U.S. . . .
Read more »

“Greetings from the Chinese Embassy”

By
Friday, June 13, 2014 at 8:00 AM

“Greetings from the Chinese Embassy.”  That’s how the email opened.  It was an invitation to lunch (or tea) with a counselor in the embassy to discuss cybersecurity.  How could I say “no?”  So I went to lunch the other day.  It was, on the whole, altogether pleasant, and relatively unsurprising, but worth noting nonetheless for . . .
Read more »

New McAfee/CSIS Report on Cybercrime

By
Monday, June 9, 2014 at 11:56 AM

I participated today in a CSIS/McAfee roll-out of their latest report on the economic impact of cybercrime.  Their bottom line is that cybercrime has an annual effect of roughly $455 billion globally, with 200K jobs lost in the US alone as a result.  A nice summary of the report by the Washington Post is available here, . . .
Read more »

Paul on Audible on Cyber

By
Saturday, June 7, 2014 at 11:07 AM

I listen to a lot of books from audible.com, and especially enjoy the “Great Courses” series, which in my experience is, on a number of topics, very high quality.  I just this morning noticed that our own Paul Rosenzweig has a course called Thinking About Cybersecurity: From Cyber Crime to Cyber Warfare.  I have not yet listened to it . . .
Read more »

Germany’s Prosecutor Rolls Up His Sleeves On NSA Surveillance

By
Friday, June 6, 2014 at 10:34 AM

A few weeks ago, Ben posted some comments about a Der Spiegel article that suggested the tensions between the United States and Germany were likely to die down. Not so fast, it appears. Germany’s top prosecutor has announced that he is opening an investigation into the alleged tapping of Chancellor Angela Merkel’s cell phone. A statement . . .
Read more »

Net Neutrality Explained

By
Tuesday, June 3, 2014 at 4:00 PM

The topic of net neutrality (i.e. the question of whether or not all content on the network should be transmitted equally or whether some content providers can pay a premium to have their content transmitted at a faster pace than general) is not one that Lawfare readers will regularly concern themselves with.  Nonetheless, it bears . . .
Read more »

The GameOver Zeus/CryptoLocker Indictment

By
Tuesday, June 3, 2014 at 11:42 AM

Following up on last weeks indictment of 5 Chinese PLA members for economic espionage, the Department of Justice continued yesterday its apparent prosecutorial offensive against cyber criminals.  The case, brought again in W.D. Pa. charges a Russian gang led by Evgeniy Bogachev with operating a huge botnet, known as GameOver Zeus.  Comprising perhaps as many as . . .
Read more »

Bits and Bytes

By
Wednesday, May 28, 2014 at 12:15 PM

Two interesting items today: Shane Harris has a look inside the FBI’s efforts to track the Chinese hackers.  Here’s the intro: “SolarWorld was fighting a losing battle. The U.S. subsidiary of the German solar panel manufacturer knew that its Chinese competitors, backed by generous government subsidies, were flooding the American market with steeply discounted solar . . .
Read more »