Skip to content

Category Archives: Cybersecurity: Crime and Espionage

What We Must Do about Cyber

By
Tuesday, March 10, 2015 at 3:00 PM

Last week Amy Zegart noted the rapid rise of cyber in the DNI Annual Threat Assessment. As she observed, Cyber is listed as threat number 1 but it’s only been number 1 since 2012, suggesting just how fast the cyber threat landscape is changing. As late as 2009, cyber appeared toward the very end of . . .
Read more »

On Cyber Arms Control (Apropos of the New York Times Editorial)

By
Saturday, March 7, 2015 at 1:57 PM

A bit late, but one more observation about the New York Times editorial calling for cyber arms control. In their words, “the best way forward [to reduce cyber threats] is to accelerate international efforts to negotiate limits on the cyberarms race,” in much the same way that we did with the nuclear arms control treaties . . .
Read more »

FREAK: Security Rollback Attack Against SSL

By
Friday, March 6, 2015 at 11:00 AM

This week we learned about an attack called “FREAK”—“Factoring Attack on RSA-EXPORT Keys”—that can break the encryption of many websites. Basically, some sites’ implementations of secure sockets layer technology, or “SSL,” contain both strong encryption algorithms and weak encryption algorithms. Connections are supposed to use the strong algorithms, but in many cases an attacker can . . .
Read more »

Live: Herb Lin Testifies Before House Energy and Commerce Committee

By
Tuesday, March 3, 2015 at 1:45 PM

Today at 2:00 pm, Lawfare’s Herb Lin, along with Richard Bejtlich and Gregory Shannon, will provide testimony before the House Energy and Commerce Committee on “Understanding the Cyber Threat and Implications for the 21st Century Economy.” Herb’s remarks as prepared are available here.

The Equation Group’s Sophisticated Hacking and Exploitation Tools

By
Tuesday, February 17, 2015 at 12:31 PM

This week, Kaspersky Labs published detailed information on what it calls the Equation Group — almost certainly the NSA — and its abilities to embed spyware deep inside computers, gaining pretty much total control of those computers while maintaining persistence in the face of reboots, operating system reinstalls, and commercial anti-virus products. The details are . . .
Read more »

Two Reflections on the White House Cybersecurity Summit

By
Friday, February 13, 2015 at 10:27 PM

As many know, the White House held a summit on cybersecurity and consumer protection at Stanford University today.  In addition to President Obama, a number of CEOs also spoke on privacy and security issues in the context of consumer protection, and of course the backdrop for much of the summit was the Snowden revelations and . . .
Read more »

On the Anthem Hack

By
Tuesday, February 10, 2015 at 7:00 AM

On February 5, 2015, Anthem—a health insurance company—announced that hackers had been able to access records containing tens of millions of names, birthdays, Social Security numbers, addresses and employment data. Because such information can easily be used by identity thieves, concerns have arisen about a rash of identity thefts in the future. Such accounts are . . .
Read more »

Searching the Dark Web

By
Monday, February 9, 2015 at 11:15 AM

“By some estimates Google, Microsoft Bing, and Yahoo only give us access to around 5% of the content on the Web.” The Dark Web is vast and difficult to search — you have to know where you are going to get there.  Until now … Memex is a new, DARPA-funded search engine that allows law . . .
Read more »

Live: Bob Litt Speaks at Brookings on Intelligence and Surveillance Reform

By
Wednesday, February 4, 2015 at 11:58 AM

At the top of the hour, Robert S. Litt, General Counsel at the Office of the Director of National Intelligence will speak at the Brookings Institution. His address is expected to examine what has been done so far to implement the directives announced in President Obama’s January 2014 speech at the Department of Justice as . . .
Read more »

Learning from the Attack against Sony

By
Friday, January 23, 2015 at 10:38 AM

On June 26, 2014, the BBC reported that North Korea threatened war against the United States if a Sony-produced movie (“The Interview”) was released. On November 24, 2014, Sony Pictures Entertainment was the victim of a cyberattack that compromised unreleased films, private correspondence, and other sensitive information. A group calling itself Guardians of Peace (GOP) . . .
Read more »

What David Cameron Doesn’t Get

By
Tuesday, January 20, 2015 at 10:30 AM

Last week British Prime Minister David Cameron gave an extraordinary speech in which he urged the the banning of private communications, that is communications to which the government could not listen into when legally authorized to do so. Cameron is not the first government official to do so; GCHQ Director Robert Hannigan urged the same . . .
Read more »

New NSA Documents on Offensive Cyberoperations

By
Sunday, January 18, 2015 at 2:10 PM

Jacob Appelbaum, Laura Poitras and others have another NSA aticle with an enormous Snowden document dump on Der Spiegel, giving details on a variety of offensive NSA cyberoperations to infiltrate and exploit networks around the world. There’s a lot here: 199 pages. (Here it is in one compressed archive.) Paired with the 666 pages released . . .
Read more »

FBI Director James Comey’s Remarks at International Conference on Cyber Security

By
Thursday, January 8, 2015 at 5:55 PM

Yesterday, FBI Director James Comey delivered a speech entitled “Addressing the Cyber Security Threat” at the International Conference on Cyber Security at Fordham University. During the speech, Director Comey doubled down on the FBI’s assertion that North Korea was behind the cyber attack on Sony Pictures, saying the hackers who attacked Sony had operated on . . .
Read more »

FBI Director James Comey’s Remarks Today

By
Thursday, January 8, 2015 at 12:23 AM

I have been unable to find video or audio of FBI Director James Comey’s remarks today adding to his prior attribution of the Sony hack to North Korea. Nor has the FBI itself released the text. That said, Fortune magazine has published the following, describing it as “Comey’s remarks in full”: As you know, we . . .
Read more »

North Korean Internet Down

By
Monday, December 22, 2014 at 3:36 PM

The New York Times is reporting that the entire North Korean network is off line as of right now.  No information at all on the cause.  Here is the opening from the article: North Korea’s already tenuous links to the Internet went completely dark on Monday after days of instability, in what Internet monitors described . . .
Read more »

The Sony Hack: Will the United States Take Countermeasures Against North Korea?

By
Friday, December 19, 2014 at 3:56 PM

Now that the United States has concluded that North Korea was responsible for the hack into Sony’s computers, it has begun to make noises about responding to that hack in some way. If the United States wants to make its response consistent with international law, how should it think about how to proceed? Mike Schmitt posted an . . .
Read more »

On the Sony Hack

By
Friday, December 19, 2014 at 1:28 PM

I’ve written two essays on the Sony hack, one for the Wall Street Journal, and the other for Vice Motherboard. The former opens: Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment’s computer systems and began revealing many of the Hollywood studio’s best-kept secrets, from details about unreleased . . .
Read more »

Sony Counter Attacks

By
Thursday, December 11, 2014 at 11:32 AM

The reality of conflict (not war) in the cyber domain — Sony is now reported to be launching DDoS attacks against the hackers attempting to distribute its confidential documents: Sony has launched a counterattack against people trying to download leaked files stolen from its servers after a massive hack. Re/code is reporting that Sony is . . .
Read more »

Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era

By
Wednesday, December 10, 2014 at 1:47 PM

Bloomberg has the story.  For those who think that cyber conflict is a bit of a myth, this is a cautionary tale.  From the opening: The pipeline was outfitted with sensors and cameras to monitor every step of its 1,099 miles from the Caspian Sea to the Mediterranean. The blast that blew it out of . . .
Read more »

Lawfare Buys a Bitcoin — Introduction

By
Tuesday, December 9, 2014 at 8:04 AM

Lawfare has decided to buy a bitcoin. We do this not as an investment but as an experiment in journalism. Buying a bitcoin will let us explore the mechanics of how the market works and also give us a fun platform to look at some of the legal and policy issues surrounding crypto-currency. This introductory . . .
Read more »