Skip to content

Category Archives: Cybersecurity

The 2014 Cato Institute Surveillance Conference

By
Tuesday, December 16, 2014 at 8:00 PM

Last Friday, the Cato Institute held an all-day conference to explore the questions raised by the growth of government surveillance, the revelations of NSA activities by Edward Snowden, and how these newly disclosed technologies should be regulated by the Fourth Amendment and federal law. Ben took part in the conversation on the second panel, which included Charlie . . .
Read more »

Sony Counter Attacks

By
Thursday, December 11, 2014 at 11:32 AM

The reality of conflict (not war) in the cyber domain — Sony is now reported to be launching DDoS attacks against the hackers attempting to distribute its confidential documents: Sony has launched a counterattack against people trying to download leaked files stolen from its servers after a massive hack. Re/code is reporting that Sony is . . .
Read more »

Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era

By
Wednesday, December 10, 2014 at 1:47 PM

Bloomberg has the story.  For those who think that cyber conflict is a bit of a myth, this is a cautionary tale.  From the opening: The pipeline was outfitted with sensors and cameras to monitor every step of its 1,099 miles from the Caspian Sea to the Mediterranean. The blast that blew it out of . . .
Read more »

Congress Tries To Stop the IANA Transition — But Does It?

By
Wednesday, December 10, 2014 at 10:57 AM

By now, readers of this blog are aware of the decision by the Obama Administration to relinquish the last vestiges of control of the Internet Assigned Numbers Authority (known as the IANA function).  The IANA function is currently operated by a non-profit corporation, the Internet Corporation for Assigned Names and Numbers (ICANN), under contract to . . .
Read more »

Lawfare Buys a Bitcoin — Introduction

By
Tuesday, December 9, 2014 at 8:04 AM

Lawfare has decided to buy a bitcoin. We do this not as an investment but as an experiment in journalism. Buying a bitcoin will let us explore the mechanics of how the market works and also give us a fun platform to look at some of the legal and policy issues surrounding crypto-currency. This introductory . . .
Read more »

NSA Hacking of Cell Phone Networks

By
Monday, December 8, 2014 at 3:01 PM

The Intercept has published an article—based on the Snowden documents—about AURORAGOLD, an NSA surveillance operation against cell phone network operators and standards bodies worldwide. This is not a typical NSA surveillance operation where agents identify the bad guys and spy on them. This is an operation where the NSA spies on people designing and building . . .
Read more »

New CNAS Report on China’s Cybersecurity Strategy

By
Thursday, December 4, 2014 at 12:06 PM

Over at the Center for a New American Security, researcher Amy Chang is out with a detailed report entitled, “Warring State: China’s Cybersecurity Strategy.” As the report points out: Devising an optimal strategy to address the challenges in the U.S.-China cyber relationship first requires an understanding of the motives, agendas, and stakeholders embedded in the . . .
Read more »

Cyber Supply Chain Security

By
Tuesday, December 2, 2014 at 11:30 AM

There are many ways to think about enhancing cybersecurity.  One, for example, is the prospect of software liability, which would, drive safer code. Another, interesting take on the problem has just been offered by Representative Ed Royce, the Chairman of the House Committee on Foreign Affairs — a proposal that he dubs the “Cyber Supply . . .
Read more »

Huawei at Fed Ex Field

By
Monday, November 24, 2014 at 3:16 PM

So … Huawei has announced that it will sponsor the Wi-Fi at Fed Ex field for the Suite level.  Any one out there worried, in the least, that Huawei might tap the communications there?  Given how “movers and shakers” all use the Suite level, the richness of the target environment is insanely large.  And how . . .
Read more »

Congressional Action on ICANN Accountability

By
Wednesday, November 19, 2014 at 11:51 AM

As readers of this blog know, the United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted by the Internet Corporation for Assigned Names and Numbers (ICANN) under contract to the Department of Commerce.  Current . . .
Read more »

The .IR, .KP and .SY Domains Are “Safe”

By
Friday, November 14, 2014 at 1:21 PM

A couple of months ago, I noted an interesting law suit brought by several victims of terrorist attacks. They had secured default money judgments against Iran, North Korea and Syria for those country’s alleged complicity in supporting terror and their own resulting injuries. Sadly, for the victims, none of these countries had assets subject to . . .
Read more »

More on Pass Phrases and Fingerprints …. Gestures

By
Saturday, November 8, 2014 at 9:36 AM

Yesterday I posted a short blog on an interesting VA decision regarding the application the Fifth Amendment privilege to the question of unlocking cell phones and other devices.  The short summary is that the court held that compelling disclosure of a pass phrase or code was protected and could not be compelled, but that the . . .
Read more »

The FBI Impersonates the Media: Some of the Rules Governing Cyber-Subterfuge

By
Friday, November 7, 2014 at 2:54 PM

The developing story of the FBI’s impersonation of journalists is, in a way, really the story of Timberline high school in Washington State. In June of 2007 Timberline had received a series of bomb threats, prompting a week of evacuations. The FBI and local law enforcement traced the problem to an anonymous account on the . . .
Read more »

Pass Phrases Protected; Fingerprints Not — Curiouser and Curiouser

By
Friday, November 7, 2014 at 8:58 AM

One of the most engaging contemporary debates is about the efficacy and utility of encryption as a means of protecting privacy. I’ve written, in the past, about how encryption works and about the growing body of Fifth Amendment law protecting users against compelled disclosure of their passphrases. The developing doctrine and technology is sufficiently alarming . . .
Read more »

How Not to Do Remote Computer Searches

By
Sunday, November 2, 2014 at 3:00 PM

Recently The Guardian reported on FBI demands new powers to hack into computers and carry out surveillance. The FBI is seeking to make several changes to Rule 41 of the Federal Rules of Criminal Procedure, which governs how law enforcement can conduct court-approved searches.  Under the proposal, in investigating compromised machines (e.g., those in a botnet), law . . .
Read more »

Axiom — A Chinese APT

By
Tuesday, October 28, 2014 at 4:39 PM

And just to prove that we are equal-opportunity victims, I also saw, today, this report from Novetta on “Operation SMN” – a report on a Chinese APT dubbed Axiom.  Here’s a bit of the Executive Summary: Axiom is responsible for directing highly sophisticated cyber espionage operations against numerous Fortune 500 companies, journalists, environmental groups, pro-democracy . . .
Read more »

Russian APT28

By
Tuesday, October 28, 2014 at 11:58 AM

We tend to focus our attention on Chinese APT cyber threats for good reason — they tend to be more overt and focus on American business interests.  But we should not lose sight of the fact that Russian cyber skills are just as good (perhaps even better) than Chinese ones. And now, FireEye has reminded . . .
Read more »

China’s Cyber War on the Protesters

By
Monday, October 6, 2014 at 8:30 AM

As Benjamin Bissell noted a few days ago, Hong Kong protestors have developed some interesting ways of trying to avoid Chinese repression, including the use of an app, FireChat, that allows them to communicate without using the internet at all.  But, as you might expect, China was not likely to stand idly by.  Consider this . . .
Read more »

So How Does Vladimir Putin Feel About Cyber, Anyway?

By
Friday, October 3, 2014 at 4:15 PM

Two days ago, Russian President Vladimir Putin gave a significant cybersecurity speech to Russia’s Security Council. For all you Russian speakers, the original text and video can be found on the Kremlin’s website here.  For everyone else, I have translated the speech and posted it below. Though the speech is interesting for all sorts of . . .
Read more »

The 2014 National Intelligence Strategy Roadmap

By
Tuesday, September 30, 2014 at 11:52 AM

The Office of the Director of National Intelligence recently released its 2014 Strategy Roadmap, which can be found here. From the ODNI press release: Director of National Intelligence James R. Clapper unveiled last week the 2014 National Intelligence Strategy – the blueprint that will drive the priorities for the nation’s 17 intelligence community (IC) components over the . . .
Read more »