This post was inspired by a recent post at contagio.blogspot.com. What appears to be a one-off attack using Zeus, I believe, is actually another round of a series of Zeus attacks. These attacks appear to be aimed at those interested in intelligence issues and those in the government and military, although the targeting appears to be general rather than targeted.

Round 1

On February 6th, 2010, Brian Krebs reported that attackers using the Zeus trojan targeted a variety of .gov and .mil email addresses in a spear phishing attack that appeared to be from the National Security Agency and enticed users to download a report called the “2020 Project.” The command and control server used in the attacks was updatekernel.com.

Round 2

Following the publication of the article by Brian Krebs, attackers took portions of his article and used them as lure in further spear phishing attacks. Sophos Labs analyzed the sample that used Kreb’s post. A post on Intelfusion.com by Jeff Carr regarding the spear phishing attack was also used in another attack. I documented these attacks in “The ‘Kneber’ Botnet, Spear Phishing Attacks and Crimeware“. The key command and control server in this case was also updatekernel.com.

Round 3

In early March 2010, more emails began circulating, one of which encouraged users to download malware from dhsorg.org (222.122.60.186). This malware used greylogic.org (222.122.60.186) as a command and control server. In addition to sharing an IP address, both domain were registered by hilarykneber@yahoo.com. The attack continued using the domain names dhsinfo.info, greylogic.info, and intelfusion.info (abuseemaildhcp@gmail.com) which were hosted on 218.240.28.34. The domain names used in these attacks were variations of domain names owned by Jeff Carr who has aptly characterized these attacks as a “Poisoning The Well” attack.

Round 4

In June 2010 another campaign began. The lure of the attack emphasizes Jeff Carr’s book “Inside Cyber Warfare: Mapping the Cyber Underworld” with the text copied from http://www.stratcom.mil/reading_list/. The command and control server in this case was from-us-with-love.com.

Round 5

Mila Parkour recently posted details of an interesting attack on contagiodump.blogspot.com. The email used in the attack appeared to be from “ifc@ifc.nato.int” with the subject “Intelligence Fusion Centre” and contained links to a report EuropeanUnion_MilitaryOperations_EN.pdf that exploits CVE-2010-1240 in order to drop a ZeuS binary.

File name: EuropeanUnion_MilitaryOperations_EN.pdf
MD5: 8b3a3c4386e4d59c6665762f53e6ec8e
VT: 11/41 (26.8%)

File name: exe.exe
MD5: 5fb94eef8bd57fe8e20ccc56e33570c5
VT: 3/41 (7.3%)

File name: ntos.exe
MD5: 28c4648f05f46a3ec37d664cee0d84a8
VT: 4/39 (10.3%)

First, the ZeuS malware connects to from-us-with-love.info (91.216.141.171) to receive the Zeus config file. Second, the malware connects to vittles.mobi (174.132.255.10) to download an infostealer. Finally, the infostealer connects to nicupdate.com (85.31.97.194).

logic.exe
MD5: 4f47b495caae1db79987b34afc971eaa
VT: 3/ 42 (7.1%)

The domain name from-us-with-love.info was registered by “Maria Laguer” with the email address admin@from-us-with-love.info, which was also used to register from-us-with-love.com (the name is also associated with other ZeuS domain, see MDL). The decrypted ZeuS config file from from-us-with-love.info contains two additional domain names: enigmazones.eu and askkairatik.net. The domain names were used as part of a previous ZeuS campaign that used from-us-with-love.com as a command and control server. IN addition the location of the malware, quimeras.com.mx, was also used in a previous campaign that had from-us-with-love.com as the command and control server.

One of the email addresses (www-data@nighthunter.ath.cx) that was used to propagate the malware associated with enigmazones.eu also delivered the emails containing malware hosted on dhsorg.org, which was registered by the infamous hilarykneber@yahoo.com and used in attacks in May. The domain dhsorg.org was hosted on 222.122.60.186 along with greylogic.org which was used as a command and control server.

The boundaries between the online crime and espionage appear to be blurring making issues of attribution increasingly more complex. Are online criminals simply targeting those interested in intelligence issues as well as members of the government and military for fraud? Have they determined that they can exploit such persons for fraud in addition to selling and sensitive data acquired to those who would be in the market for such information? Or is the campaign more specifically oriented toward espionage using ZeuS and the malware ecosystem as convenient cover? While these questions are unlikely to be ever definitively answered, we can begin to assess qualitative changes in attacks by tracking them overtime and carefully linking together seemingly disparate peices of data. This post was made possible by a wide variety of sources that each posted components of these attacks. While there is a need to protect certain sources as well as operation security so that the “bad guys” are not tipped off and continued research into their malicious activities remains possible, information sharing remains a key component malware research.

Even though it deals with a distinctly 21st-century problem, the strategy has echoes of the Cold War: America’s closest allies would be drawn into an early-warning network of collective cybersecurity; private industry would be mobilized in a kind of civil defense against attackers; and military commanders would be given authority to respond automatically to electronic invaders.

In place of “massive retaliation” against attackers whose country of origin may be unclear, the strategy proposes an alternative concept of deterrence based on making America’s infrastructure robust and redundant enough to survive any attack.

William J. Lynn III, the deputy secretary of defense, explained the new approach, known as “Cyberstrategy 3.0″ within the Pentagon, in an interview this week and in an article that appears in the new issue of Foreign Affairs.
Talking with Lynn, I was struck by the gap between the way defense experts see cyberspace — as a source of potentially crippling assault — and the public’s view of an Internet that is a generally benign companion. Although Lynn speaks of cyberspace as a “domain” that can be protected, such as airspace, it may be closer to the oxygen we breathe.

Source: David Ignatius, The Washington Post.

With little fanfare, the Pentagon is putting the finishing touches on a new strategy that will treat cyberspace as a domain of potential warfare — and apply instant “active defense” to counter attacks that, in theory, could shut down the nation’s transportation and commerce.

Even though it deals with a distinctly 21st-century problem, the strategy has echoes of the Cold War: America’s closest allies would be drawn into an early-warning network of collective cybersecurity; private industry would be mobilized in a kind of civil defense against attackers; and military commanders would be given authority to respond automatically to electronic invaders.

In place of “massive retaliation” against attackers whose country of origin may be unclear, the strategy proposes an alternative concept of deterrence based on making America’s infrastructure robust and redundant enough to survive any attack. The Department of Homeland Security would oversee this hardening of infrastructure, with help from the National Security Agency.

William J. Lynn III, the deputy secretary of defense, explained the new approach, known as “Cyberstrategy 3.0″ within the Pentagon, in an interview this week and in an article that appears in the new issue of Foreign Affairs. The formal policy should be completed by December, he said; meanwhile, the Pentagon’s new “Cyber Command” will have responsibility for “active defense” starting Oct. 1.

Lynn’s proposals are provocative. But the strategy could be costly and perhaps cumbersome, and it involves threats that aren’t well understood by the public — even by many of the companies that could be targets of attacks. So the first order of business should be more public information: Everyone needs to understand the risks of attack, and the costs and benefits of mobilizing against it.

Talking with Lynn, I was struck by the gap between the way defense experts see cyberspace — as a source of potentially crippling assault — and the public’s view of an Internet that is a generally benign companion. Although Lynn speaks of cyberspace as a “domain” that can be protected, such as airspace, it may be closer to the oxygen we breathe.

The Pentagon is already recruiting allies on cybersecurity. Lynn has shared ideas with America’s longtime partners on signals intelligence — Britain, Canada and Australia. He plans to meet with a wider circle of NATO allies next month. One topic will be surveillance against cyberattacks — a sort of Internet version of the old “DEW Line” radar network or the undersea listening devices that monitored Soviet submarines.

Lynn’s defense scheme would be “part sensor, part sentry, part sharpshooter.” The first two are noncontroversial, but I asked him what he meant by “sharpshooter.” He explained that if Cyber Command detected an incoming attack, it would instantly “quarantine the malicious code” by “diverting it into a place where it would be harmless.” The challenge, he said, was to stop the attack without doing “collateral damage,” such as disrupting global commerce.

Lynn wouldn’t talk much about America’s offensive weapons in cyberspace, except to say that “we have developed a wide range of capabilities.” The United States is probably more vulnerable to such attacks than other countries because our economy is more wired. But Lynn rejected the idea of banning cyberweapons, through a new version of arms control, because it would be so easy for others to cheat.

In cyberplanning, the phrase “military-industrial complex” has special resonance. Since at least 2007, the Pentagon has been informing defense contractors about hostile penetrations of their networks. This has evolved into the “Enduring Security Framework,” a partnership that includes CEOs of many of the big technology and defense companies. Lynn said the Pentagon is working with contractors to protect their systems from cyberattack.

An intriguing aspect of cyberstrategy is that it turns “globalization” inside out. A U.S. laptop maker that once would have boasted that its components were assembled in 50 countries must now worry about 50 points where an intruder could plant malicious code. The Defense Department calls this problem “supply chain vulnerability.” Lynn said he hopes companies will monitor their plants and suppliers to reduce the risk that products sent to the United States are contaminated, but he conceded that “you can’t build everything inside a fence.”

In the debate about cyberstrategy, I hope officials will recognize the dangers of militarizing the global highway for commerce and communication. Of course we want to protect ourselves against threats. But as with human viruses, hostile computer bugs will evade our best efforts at quarantine. A new (and expensive) obsession with cybersecurity is not what this traumatized country needs.

http://www.washingtonpost.com/wp-dyn/content/article/2010/08/25/AR2010082505962.html

The national and international laws of armed conflict that govern conventional warfare don’t adequately address issues raised about fighting a war online with digital weapons against enemies who cannot be identified, panelists said.

Offensive action by the military will require policy decisions and legal authorities that have not yet been made, said Herb Lin, chief scientist on the Computer Science and Telecommunications Board at the National Academies’ National Research Council.

Although defensive activities are well established, “the offensive side of it is not very much talked about,” Lin said.

Source: William Jackson, GCN.

The United States is hamstrung in defending itself in cyberspace by a lack of policies and legal framework for waging war in the new military domain, a panel of government and private-sector experts said today.

The national and international laws of armed conflict that govern conventional warfare don’t adequately address issues raised about fighting a war online with digital weapons against enemies who cannot be identified, panelists said.

Offensive action by the military will require policy decisions and legal authorities that have not yet been made, said Herb Lin, chief scientist on the Computer Science and Telecommunications Board at the National Academies’ National Research Council.

Although defensive activities are well established, “the offensive side of it is not very much talked about,” Lin said.

Establishing a framework for conducting cyber war without jeopardizing the privacy and civil liberties of civilians who use the Internet is possible but complicated, said Steven Bucci, former deputy assistant secretary for homeland defense at the Defense Department and now cybersecurity lead for the Global Leadership Initiative at IBM Global Services. Striking the appropriate balance will require both national policy and laws that establish definitions and limits of actions, he added.

“We’ve got to do it soon,” he said. Cyber war “is not as theoretical as some people think. It is not that difficult to cause great amounts of damage.”

The discussion of the nation’s preparedness for cyber war and cyber terrorism was part of a five-day series of programs on homeland security hosted by the Heritage Foundation in Washington. Also participating on the panel was Alejandra Bolanos, assistant professor of international security studies at National Defense University.

The discussion comes at a time when DOD is ramping up its U.S. Cyber Command, which has been tasked with conducting offensive and defensive activities in cyberspace. The command, which will draw on the capabilities of the National Security Agency, is due to become fully operational in October but is still without an overarching strategy for conducting its mission.

“We’ve got to do it soon,” he said. Cyber war “is not as theoretical as some people think. It is not that difficult to cause great amounts of damage.”

The discussion of the nation’s preparedness for cyber war and cyber terrorism was part of a five-day series of programs on homeland security hosted by the Heritage Foundation in Washington. Also participating on the panel was Alejandra Bolanos, assistant professor of international security studies at National Defense University.

The discussion comes at a time when DOD is ramping up its U.S. Cyber Command, which has been tasked with conducting offensive and defensive activities in cyberspace. The command, which will draw on the capabilities of the National Security Agency, is due to become fully operational in October but is still without an overarching strategy for conducting its mission.

Deputy Defense Secretary William Lynn said Aug. 25 that a formal strategy document will be drafted this fall and completed by the end of the year. The document will build on Cold War strategies, including international cooperation with allies to provide early warning of threats, and will extend the military’s protection to cover some nonmilitary elements of the nation’s critical infrastructure.

Lynn said that in drafting the strategy, DOD will consult with Congress about the possible need for new legislation to provide explicit authority for offensive action.

Developing a policy on which legislation could be based is complicated because we still have no working definition for cyber war. Defining the points at which intrusions become espionage or an act of war still remains to be done, Lynn said.

“We are still working through where these thresholds are,” he said. “This is far less clear than for nuclear” warfare, which defined the strategies of the Cold War.

Attribution, or the ability to identify the source of an attack, is a particular problem. “Attribution is very difficult,” Lynn said. “Even when you can do it, it takes a long time.”

Because of this, the country’s cyber defense strategy is likely to rely more on defensive strategies than on retaliation, which was the backbone of the U.S. Cold War strategy.

Bucci said an effective cyber war strategy should address both the most dangerous though unlikely threats, which include attacks by nation states, and the most likely threats, such as cyber terrorism.

Bolanos, who has monitored online activity by al Qaeda organizations, said that despite the organization’s use of the Internet for informational and support purposes, offensive capability has yet to materialize. But she has observed a sharp learning curve among terrorists that is coupled with the intent to conduct cyber jihad. This does not foreshadow a cyber Armageddon, she said, but it cannot be ignored.

She said cyber war is likely to be analogous to the current fight against terrorism, which does not conveniently fit current laws of armed conflict because the fight is not being waged against nation states, the combatants are difficult to recognize and identify, and they exploit neutral parties and use go-betweens to mask their activities.

Conducting the war against terror has led the United States into strategic and legal complications because accepted policies and laws do not apply very well to new circumstances. Work is needed to prevent similar complications in cyberspace, Bolanos said.

http://gcn.com/Articles/2010/08/26/Heritage-panel-challenges-cyberwar-readiness.aspx?Page=1

The article makes the point that fighting cybercrime requires global law enforcement cooperation. But the article adds that while the U.S. sees fighting cybercrime as a law enforcement issue, the Russians have pushed for an international treaty focused on restricting use of “online weapons” by military or espionage agencies. The U.S. has entered treaty talks with Russia, but there seems to be a fundamental disagreement on what is the right approach.

Source: Robert Mullins, Networkworld.

That headline was not written to make me sound like an apologist for Microsoft. A lot of the security breaches happen because people with bad intentions exploited weaknesses in ubiquitous Windows operating systems in computers worldwide. Try as they might, Microsoft and other software companies still need to diligently patch security leaks in the virtual world. But there is also a need for security in the physical world, although a recent report shows not all the cops on the beat are doing their jobs.

The New York Times reported Monday that U.S. authorities arrested a Russian resident in France earlier this month who has been indicted in the U.S. on charges of identity theft and fraud for allegedly managing Web sites that sold stolen credit card numbers to those who would use the numbers to run up fraudulent bills. The article points out that the suspect, Vladislav Horohorin, who went by the Internet moniker BadB, worked with impunity in Moscow due to lax efforts by Russian law enforcement.

Online fraud is not a high priority in Russia even when specific hackers there have been identified by outside groups, the Times reported, because most of the time, fraud victims aren’t in Russia, but are in Europe or the United States. A nonprofit group aimed at fighting spam and other online fraud, the Spamhous Project, told the newspaper that seven out of 10 spammers in the world operate out of Estonia, Russia and Ukraine, all once part of the Soviet Union.

The article again makes the point that has been made before on this blog that fighting cybercrime requires global law enforcement cooperation. But the article adds that while the U.S. sees fighting cybercrime as a law enforcement issue, the Russians have pushed for an international treaty focused on restricting use of “online weapons” by military or espionage agencies. The U.S. has entered treaty talks with Russia, but there seems to be a fundamental disagreement on what is the right approach.

The idea of a treaty among nations to require enforcement of laws against cybercrime first came up on this blog back in March at RSA Conference 2010 when cybersecurity consultants said they felt the risk of a cyberattack is high but that preparedness is low. The “Pearl Harbor” warning made at that panel discussion continues to spark comments on this blog from skeptics who question the analogy and think the threat may be overstated by consultants who sell security. They were Richard Clarke, an adviser to three presidents and Michael Chertoff, secretary of homeland security under President George W. Bush. By the way, it was Chertoff who said it might take the cyber equivalent of the attack on Pearl Harbor in 1941 to serve as a wake-up call to step up security.

Commentors called out the hyperbole of this writer as well as the cybersecurity consultants for the Pearl Harbor analogy and for using terms like “catastrophic” to describe the cyberthreat. Fair enough. But whether it’s the nuisance of spam, the financial loss of credit card fraud, or the far more serious taking down of an electrical grid, cybercrime needs to be addressed both by technology companies and nations.

http://www.networkworld.com/community/node/65413

Townsend sees “Russia and China as the most aggressive adversaries in the cyber arena. They have tremendous capability and probe our systems both in government and commercially. China is using their intelligence capabilities to ping our cyber systems to steal commercial information, and we don’t call them on that, either.” Americans should look no further than the recent cyber-attacks against Google, which underscore Townsend’s point. Google threatened to pull out of China after it learned of a “sophisticated and targeted” cyber-attack that would have gained access to the e-mail accounts of Chinese human rights activists. The Chinese officials kept pushing Google to conform to their will. They wanted only favorable news and the names of Google users who searched for unapproved topics. Yet, the most outrageous demand was to be allowed to spy on Google’s American customers, after which they attempted to hack into hundreds of American corporations. The cyber-Cold War espionage waged by China shows the dangers and the need for an ongoing solution.

A lot of the capabilities and resources in solving this problem are with the private sector. There must be a partnership between the government and industry where they share information capabilities. Since every six months, the cyber industry is evolving, with the infrastructure quickly becoming obsolete, solutions must evolve as well. A government homeland security official pointed out that unfortunately, “there is no such thing as a 100% pure solution, so we will always be behind the ball. Remember, it takes only one. If I stop 99 out of 100 things, but fail to stop that one, it could be potentially devastating.”

Source: Elise Cooper, American Thinker.

In Newt Gingrich’s latest book, To Save America, he reflects on the five potentially catastrophic threats to the United States. Gingrich lists the threats as “Terrorists with nuclear weapons, Electromagnetic pulse attack, Cyber warfare, Biological warfare, and the potential gap between Chinese and American capabilities.” Gingrich stated to American Thinker that “there is a definite need to understand your opponent. We cannot greatly under estimate the enemy, who can be very smart and very dangerous.”

Newt Gingrich commented that “Henry Kissinger once said to me that when he was Secretary of State, he got up in the morning and worried about Beijing and Moscow and occasionally worried about the Middle East. Now we live in a multi-polar world where there are different issues happening simultaneously.” Former CIA Director Michael Hayden noted that “[m]y priorities as director were counter-terrorism, counter-proliferation (nuclear, biological, and chemical), and the rest of the world, which would be China.”

Gingrich hammers the point home that an old adversary, China, is an emerging threat because of its climbing status as a superpower. It was recently reported that China has emerged as having the second-largest world economy. However, China is still dependent on its exports to the American market. Logically, there is no reason for the U.S. and China to be enemies. There should be many areas for potential cooperation between these two countries. Peter Brookes, a senior fellow for national security affairs at the Heritage Foundation, commented that “the relationship between China and the U.S. is interdependent and complex.”

Yet China’s recent policies have been disturbing to those such as Joint Chief Admiral Mullen. His concern is that a huge gap seems to be forming between China’s stated intent and its military program. Lately, China has acted more like an adversary than a friendly competitor: China resisted hard sanctions against Iran, they did not want Secretary of Defense Gates to visit, and they have become economically aggressive.

It appears that China is challenging America’s position of being number one by modernizing its military, developing an economy that could become the largest in the world, and wanting to prevail politically. The U.S. has partisan gridlock and many political hurdles to overcome, and we are becoming a nation that provides services more than products.

The Chinese, along with Russia, Iran, and possibly North Korea, threaten America’s national security by developing electromagnetic pulse (EMP) weapons. Frances Townsend, former Bush Homeland Security Advisor, felt that electromagnetic pulse weapons are “a big deal and we are solely unprepared for it. I think Gingrich is right.” A nuclear warhead, detonated at a certain atmosphere above the earth (25 to 400 miles) can release an EMP. This weapon can deliver the greatest blow with the least amount of investment. It destroys electrical circuits through large voltages by overloading (frying) them.

Currently we can try to prevent this threat, but there is no way to defend against it because society is so interconnected, particularly in the delivery of food, water, and medicine. It appears that this is a threat that falls under the radar, with little time or energy spent on solutions. The death toll would climb in unexpected ways. Clare Lopez, a former CIA official who is currently a senior fellow at the Center for Security Policy, told of a scary scenario where people would “no longer be able to buy groceries or gasoline. You would no longer have electricity to power anything in your home. You are unable to count on hospitals, banks, and the financial systems because their systems are wiped out as well. You can’t communicate by phone or computer. Disease becomes rampant. Over a period of years, eighty to ninety percent of the population would be wiped out or affected. Everyday life for ordinary people would go back to Little House on the Prairie Days.”

One way to protect electronic systems is to “harden” them through metallic shielding. A more practical response, according to Brookes, is the development of a robust space missile defense program, since EMP is most effective if it is launched high into the atmosphere. Gingrich told American Thinker that “missile defense is vital because of the dangers posed by a nuclear Iran and Korea, including the threat of EMP, in which a single weapon could have catastrophic consequences.”

Gingrich feels the government must invest highly in cyber-capabilities. A government expert felt that cyber-attacks could cause massive casualties and cripple our economy. Computer systems control electrical power grids, dams, and the financial network. This July, more than 460 computers were infected, including those at the White House. The threat is multifaceted and includes nation-states such as China, Korea, and Russia, as well as terrorist and organized criminal groups. The threats range from intelligence collection to the theft of personal information.

Townsend sees “Russia and China as the most aggressive adversaries in the cyber arena. They have tremendous capability and probe our systems both in government and commercially. China is using their intelligence capabilities to ping our cyber systems to steal commercial information, and we don’t call them on that, either.” Americans should look no further than the recent cyber-attacks against Google, which underscore Townsend’s point. Google threatened to pull out of China after it learned of a “sophisticated and targeted” cyber-attack that would have gained access to the e-mail accounts of Chinese human rights activists. The Chinese officials kept pushing Google to conform to their will. They wanted only favorable news and the names of Google users who searched for unapproved topics. Yet, the most outrageous demand was to be allowed to spy on Google’s American customers, after which they attempted to hack into hundreds of American corporations. The cyber-Cold War espionage waged by China shows the dangers and the need for an ongoing solution.

A lot of the capabilities and resources in solving this problem are with the private sector. There must be a partnership between the government and industry where they share information capabilities. Since every six months, the cyber industry is evolving, with the infrastructure quickly becoming obsolete, solutions must evolve as well. A government homeland security official pointed out that unfortunately, “there is no such thing as a 100% pure solution, so we will always be behind the ball. Remember, it takes only one. If I stop 99 out of 100 things, but fail to stop that one, it could be potentially devastating.”

Gingrich has it correct when he comments that there are new threats to America’s national security, EMP and cyber, but there is a need not to forget the threats from the different forms of weapons of mass destruction: nuclear, biological, and chemical. Within each form, there are different threat potentials. It is obvious that a terrorist group who obtains a nuclear weapon will use it against the United States. A terrorist will not hesitate to use a dirty bomb passed off from an Iranian proxy, Hezb’allah or al-Qaeda. It would not cause a lot of casualties outside the immediate area of dispersal; yet the contaminated area would be completely shut down, closed off for decades, and would be uninhabitable. Although the areas with possible enriched uranium are more secure, there is a need to continue to be diligent through intelligence-gathering mechanisms. Terrorism and the WMD potential constitute a potential nightmare.

There is also concern not that al-Qaeda terrorists will become biologists, but that the biologists of Iran, Syria, and Pakistan will become terrorists. These countries, as well as North Korea, are working on synthetic biological weapons. Unfortunately an antidote does not exist because the synthetic composition is unknown. A former high-ranking CIA official felt this is a very serious problem. He gave an example of being able to mount a sprayer on the back of a truck by which the biological pathogen could be spread through a mist.

A way to combat this threat is by expanding the national biosurveillance integration center, established in 2008. This center integrates clinical data, regular intelligence information, and Biowatch data so that decision-makers have an early, immediate, and comprehensive picture of the dangerous pathogens. Since in the U.S. alone, there are approximately four hundred research facilities with 15,000 people approved for working in these labs, there has to be more regulatory oversight. There is ongoing research on microbiological forensics, in which a pathogen can be traced to the user. Some government officials argue that this could be used as a form of deterrence.

The experts agree with Gingrich that the five threats he explores are a serious danger to America’s national security. Gingrich told American Thinker that “on the issue of our nation’s security, our elites have clearly retreated to a pre-9/11 mindset.” To communicate this point, he and others are planning on making the documentary America at Risk. Gingrich is correct in emphasizing that “[w]e do not get to pick and choose which threat we will meet and which we will ignore. Any threat we ignore will potentially destroy us, so we must develop a national and homeland security system that meets all the dangers.”

http://www.americanthinker.com/2010/08/the_new_generation_of_security.html

North Korea opened consecutive accounts on U.S.-operated popular micro-blogging and social networking services this month, gathering thousands of “followers” and “friends” from all over the world including South Korea.

The unusual move by one of the world’s most secretive nations on Twitter and Facebook has been sparking concerns and disputes in Seoul, which has a mutual agreement with the communist North to refrain from propaganda activities.

The “cyber war” comes as tensions are running high between the two Koreas after a team of multinational experts concluded that Pyongyang torpedoed a South Korean warship and killed 46 young sailors in March.

Source: Shin Hae-in, The Korean Herald.

Guns and cannons may have vanished from the public’s sight, but a new form of battle is surfacing on the divided Korean Peninsula, with an apparently cyber-savvy North Korea using the Internet as a way of spreading propaganda.

North Korea opened consecutive accounts on U.S.-operated popular micro-blogging and social networking services this month, gathering thousands of “followers” and “friends” from all over the world including South Korea.

The unusual move by one of the world’s most secretive nations on Twitter and Facebook has been sparking concerns and disputes in Seoul, which has a mutual agreement with the communist North to refrain from propaganda activities.

The “cyber war” comes as tensions are running high between the two Koreas after a team of multinational experts concluded that Pyongyang torpedoed a South Korean warship and killed 46 young sailors in March.

North Korea, which continues to deny its role in the disaster, appears to be expanding its propaganda warfare in response to the move by Seoul and Washington to slap it with additional sanctions to deepen its economic and diplomatic isolation, pundits here say. Seoul and Pyongyang are technically still at war as their 1950-53 war, during which Washington fought on South Korea’s side, ended in an armistice.

South Korea, one of the most wired countries in the world and a leading information technology nation, has so far responded by blocking its citizens from direct access to North Korea’s Twitter page, threatening offenders with jail. The North, in turn, engineered ways to bypass some of the censorship. The purported North Korean Twitter had more than 8,000 followers before it was blocked, reports say.

Pyongyang also used a link on its Twitter account to redirect micro-bloggers to a related page on Facebook, a global social networking forum that later deleted the page saying it violated the site’s terms of use.

North Korea has also been uploading video clips ridiculing officials in Seoul and Washington on global video-sharing site YouTube since last month.

Officials in Seoul said they believe such online activities are “conducted directly” by Pyongyang.

“North Korea does not allow its own people to go online for information-gathering or other purposes. This is among many reasons why we cannot view this as an ordinary activity,” a Unification Ministry official in Seoul said, requesting not to be named due to the sensitivity of the issue.

Right-wingers here support the government’s move to block access to North Korea-operated Web pages and say the government should take action on its plan to resume psychological warfare operations.

As part of countermeasures to the March 26 sinking of naval corvette Cheonan, Seoul’s Defense Ministry was seeking to resume broadcasting anti-communist propaganda through loudspeakers arranged near the heavily fortified border with the North and sending propaganda leaflets by balloon.

The plan was put on hold, however, due to concerns of deepening tensions.

The ministry said it had “no immediate plans” regarding the issue.

Conservatives also emphasize the need for the government to come up with active countermeasures to Pyongyang’s cyber terrorism, which is anticipated to grow into a larger threat as the reclusive state becomes more familiar with information technologies.

North Korea is believed to operate an elite team of hackers. This team reportedly attacked websites of South Korean and U.S. government agencies and businesses last year.

But others here say the government is overreacting.

“I actually think this is an interesting issue. I want to welcome North Korea on Twitter,” said Roh Hoi-chan, a lawmaker of the left-leaning New Progressive Party and an active micro-blogger himself. “It is impossible to unilaterally promote oneself in Twitter. I am actually surprised our government feels threatened by this.”

The lawmaker also said such online activities “cannot be seen as violation” of the inter-Korean exchanges law as the government claims.

“If we apply the law in such a broad sense, we should also have to control our own associations flying leaflets across the border,” he said. “We live in a world in which any South Korean could meet and talk to a North Korean overseas. It is too closed-minded of the government, and also virtually impossible, to block access to Internet pages.“

http://www.koreaherald.com/national/Detail.jsp?newsMLId=20100825000714

There’s a broad, hazy difference between American and European philosophy on the cyber threat. Recommendations in Europe — from The Economist, the U.N. and Russia — involve nuclear-style arms treaties to manage the cyber-arms race now under way. These agreements would set rules for international response to cyber-attacks and authorize sanctions against nations that engage in them. But a treaty would be easy to cheat on and tough to enforce; a hacker who can set a logic bomb can also cover his tracks.

The Economist and the U.N. both argue that the world needs ground rules because the shape of future cyberweapons is so hard to predict. Both want commitments from all governments not to launch attacks or harbor cyberterrorists — commitments that again would need more domestic surveillance and more mutual oversight. The New York Times pointed out last year that such treaties could also provide cover for totalitarian regimes that want to censor their own citizens.

Source: Michael Scott Moore, Miller-McCune.

The U.S. established a new military brain center in Maryland this year called Cyber Command, the geek soldier’s answer to Central Command, where our military hackers work to protect military networks from enemy hackers abroad. Along with this year’s “cybersecurity bill” in Congress, the command center belongs to a larger effort to protect the nation from “cyberwar” … whatever that might mean.

Cyberwar has become one of the “foreign frights of 2010,” and not just in the U.S. Some 20 nations have been setting up cyberdefense headquarters to develop new “weapons” and steel their networks against electronic attack. American experts, including former Director of National Intelligence Mike McConnell and the more palatable former government terrorism adviser Richard Clarke, have called up visions of blown gas pipelines and blackened power grids as a result of a hacker assault through our domestic Internet.

There’s a broad, hazy difference between American and European philosophy on the cyber threat. Recommendations in Europe — from The Economist, the U.N. and Russia — involve nuclear-style arms treaties to manage the cyber-arms race now under way. These agreements would set rules for international response to cyber-attacks and authorize sanctions against nations that engage in them. But a treaty would be easy to cheat on and tough to enforce; a hacker who can set a logic bomb can also cover his tracks.

Just the same, high-ranking people are sounding the cyberwar alarm and calling for concerted international action.

“A cyberwar would be worse than a tsunami — a catastrophe,” warned Hamadoun Touré, a U.N. official who pushed for a global treaty at the World Economic Forum this year. He cited, rather unpersuasively, the Russian attacks on Estonian computer systems in 2007. Estonia fell victim to (perhaps) the first Web-based “war” in history when it displeased Moscow by moving an old Soviet war memorial from the middle of the capital city Tallinn to an outlying graveyard. A mysterious denial-of-service attack disrupted Estonian networks for about three weeks.

No one can quite pin blame on the Kremlin, but the attacks originated in Russia, and it seems clear that Moscow has control over homegrown hacker groups and likes to experiment with online tactics. But it’s also clear that “cyberwar,” so far, is not worthy of the name. No pipelines have exploded, no trains have derailed, no one has died.

“The risk of an online attack taking down the grid — that’s a movie plot,” says Ryan Singel, who covers Internet security for Wired News. In a scathing review of Clarke’s book Cyberwar, he added, “The Chinese and Russians don’t have secret backdoors into the transformer outside your house, and if it blows up, it’s more likely a rodent chewing through the casing than a cyberwarrior sitting in an Internet cafe in Shanghai.”

Of course, we don’t want the power grid or other major infrastructure to be sabotaged, now or in the future. But the best way to prevent such disasters is to keep critical controls well away from the Internet. “The notion that it’s unsafe to have the power grid connected to the Internet? That’s correct,” Singel says. “But you also can’t just tell a generator to explode.”

Governments know how to separate critical systems from the public Web. No nuclear-armed state has linked its missile-launch systems to anything near a public Internet service provider. The same governments now have to enforce these precautions on private power grids, pipelines and rail systems. Clarke sounds the reasonable warning that American power companies have so far failed to keep a safe distance from the Internet.

But there are hysterical voices on both sides of the Atlantic who want to go beyond infrastructure safeguards to restrict the open Web. Mike McConnell is one. He thinks the Internet needs to be “re-engineered” to make it easier to trace people online. International treaties envisioned by the Russians would call for similar government oversight.

The Economist and the U.N. both argue that the world needs ground rules because the shape of future cyberweapons is so hard to predict. Both want commitments from all governments not to launch attacks or harbor cyberterrorists — commitments that again would need more domestic surveillance and more mutual oversight. The New York Times pointed out last year that such treaties could also provide cover for totalitarian regimes that want to censor their own citizens. The very fact that Russia wants a treaty to prevent the sort of chaos it seems bent on learning to cause should make everyone a little skeptical.

Real protection from electronic apocalypse is much simpler. Governments need to make sure major control systems and backup servers are not connected to the public Web.

That’s right. Once upon a time it was all disconnected, and if it’s important enough, it still is. The right precautions now will need some government oversight, but at least they won’t require endless, impossible, high-tech espionage or treaties to excuse governments for gathering ever more data on their own people.

http://www.miller-mccune.com/politics/dont-panic-its-only-the-internet-20133/

“Our efforts to strengthen our cyber defences are part of a continuous process – they are not geared specifically for the upcoming Independence Day,” Husin said. “We have just concluded the third National Cyber Crisis Exercise (on 5th August 2010) in order to enhance our readiness against any possible cyber attack.”

Raising awareness of cyber security issues and capacity building have been key focus areas of the agency, which falls under the purview of the Ministry of Science, Technology & Innovation (MOSTI).

Crucially, the agency’s approach to cyber security has been comprehensive and holistic, Husin noted.

Source: Robin Hicks, Asia Pacific.

There is one week to go before Hari Medeka, Malaysia’s Independence Day celebrations (August 31st), which last year were blighted by attacks by Indonesian hackers on Malaysian web sites. In an interview with FutureGov, the head of national security agency CyberSecurity Malaysia revealed how the government has been securing its cyber borders.

Lt. Col. Husin Jazri (retired), CEO, CyberSecurity Malaysia, said that there was no evidence to suggest that there would be a repeat of the incident in 2009, which he called an “isolated case”. Indonesian hackers attacked more than 120 web sites as retribution for Malaysia’s alleged theft of Indonesian cultural items and abuse of migrant workers.

“Our efforts to strengthen our cyber defences are part of a continuous process – they are not geared specifically for the upcoming Independence Day,” Husin said. “We have just concluded the third National Cyber Crisis Exercise (on 5th August 2010) in order to enhance our readiness against any possible cyber attack.”

Raising awareness of cyber security issues and capacity building have been key focus areas of the agency, which falls under the purview of the Ministry of Science, Technology & Innovation (MOSTI).

Crucially, the agency’s approach to cyber security has been comprehensive and holistic, Husin noted.

“Other than the hardcore CERT and Digital Forensics Team, there is the Information Security Management System (ISMS) ISO 27001 implementation programme for organisations, the CyberSAFE programme to raise security awareness among the public, and the Information Security Professional Development Programme.”

On the risks of cyber attacks, Husin said that the media had a role to play to avoid causing friction between countries.

“Any dispute in the physical world will also become a dispute in the cyber world,” he said. “What gets published on the internet strongly influences people due to the vast number of people reading information on the web. Therefore, any discussions or news reports that could provoke cyber attack should be avoided.”

He added: “We need to create awareness in such a way that people use diplomatic means to resolve conflicts and not take matters into their own hands – or employ hackers to launch cyber attacks.”

Earlier this month, Husin received a lifetime achievement award from ISC², a global information security organisation, for his efforts in improving the info-security profession and raising awareness. He was credited with implementing a national cyber emergency hotline and educating Malaysians on internet safety.

http://www.futuregov.asia/articles/2010/aug/23/malaysias-cyber-defences-ready-independence-day/

The exploits of russian cyber-criminals are widely reported. For instance, a cheque scam was exposed at last month’s Black Hat event, and last year, it was alleged at the RSA show in London, that network provider the Russian Businesss Network, was aided by both Internet registrars and the Russian Police.

In an effort to improve the level of understanding of today’s black hats, security researchers Fyodor Yarochkin and “The Grugq” have spent several months looking at Russian hacker forums.

What the two found was that the image of a highly organised cyber-underworld run by hardcore criminals is not the order of the day. Instead, the dozen or so hacker forums they analysed illustrated that many of the users are “geeks, not gangsters,” the researchers said.

Source: Brian Prince, eWeek Europe

When people think of cyber-crime, the typical image being pushed today is that of highly organised criminal operations. New research, however, suggests the underbelly of cyber-space may be less Mafia-like than some think.

The exploits of russian cyber-criminals are widely reported. For instance, a cheque scam was exposed at last month’s Black Hat event, and last year, it was alleged at the RSA show in London, that network provider the Russian Businesss Network, was aided by both Internet registrars and the Russian Police.

Scanning the forums

In an effort to improve the level of understanding of today’s black hats, security researchers Fyodor Yarochkin and “The Grugq” have spent several months looking at Russian hacker forums.

“It is an ongoing project that we started about 18 months ago,” Grugq told eWEEK. “Originally it started when Fyodor investigated some service offerings from Russian hacker forums for a specific project that I was working on. It turned out to be extremely interesting and amusing, so we discussed doing more long-term monitoring on the forums. It grew from there into what is now a continuous monitoring program.” Their research was presented last month at the Hack in the Box 2010 conference in Amsterdam.

Geeks not gangsters

What the two found was that the image of a highly organised cyber-underworld run by hardcore criminals is not the order of the day. Instead, the dozen or so hacker forums they analysed illustrated that many of the users are “geeks, not gangsters,” the researchers said.

“Basically, from what we’ve seen on the forums much of what goes on with the sales of services is much more petty criminal activity, or crimes of opportunity,” Grugq said. “Often poor students who like to hack for fun will sell access to a server they’ve owned. Many don’t even realise that this is an illegal activity. This sale will be for $20 or $30 (£!3 or £19), which is a lot of money for a poor student in Russia, but for a hardened criminal mastermind bent on destroying Western civilization — not so much.”

Similarly, many of the sales of stolen assets tend to be at a very low price point, Yarochkin said. Even a distributed denial of service attack only costs $80 (£51.50) a day to carry out, he added.

“These are not prices that are attractive to serious criminals,” he said.

“In terms of percentage, there’d be two to three guys working on stuff professionally, versus 10 to 20 hobbyists,” he continued. “Most of the activity is essentially petty criminal activity where guys are trying to make a little extra cash on the side. You can think of it as a self-organising hierarchical system with needs and people able to provide goods and services to satisfy the needs.”

Other security pros agreed with the researchers’ general characterisation. Though there are “top-feeders” that set up affiliate programs to maximise their profit and let lower-level criminals do the dirty work, these are the closest examples of “mob bosses” to be found, said Joe Stewart, director of malware research at SecureWorks’ Counter Threat Unit.

Most participants are students with computer skills that have “grown up with this underground economy and have found a niche for themselves in the criminal marketplace,” he said.

“Given the ease of anonymous money transfer in Russia, there’s no need for criminals to be part of a classic Mafia gang where they work for a boss, everyone meets in person and there is some sort of trust/fear relationship that protects the organisation and its leaders,” Stewart said. “What you have these days is organised but they don’t necessarily know each other’s real name or ever meet in person, and trust is earned by reputation in past transactions.”

Hackers bicker on forums

The level of discourse on the forums is typically similar to 4chan or other online communities where users bicker and snipe at each other, Grugq said. Users who are respected are blessed with endorsements; those who aren’t can be blacklisted, he said.

Just about everything is for sale: Skype accounts, botnet software, domain names and dedicated servers, and much, much more.

“Credit cards [are] getting more attention from authorities,” Yarochkin said. “So for credit card trading, there are mostly specific, closed forums where you’d need to buy your access. Everything else is being traded in open.”

The mob keeps its distance

Yarochkin noted that there are criminal groups operating outside the forums the two analysed that would therefore be invisible to the duo.

“From what we can guess,” Grugq said, “any [mob] involvement is more along the lines of some people at the very top of the stack have to pay off the real gangsters. … So, for example, if you are organising a massive credit card cash-out scam which nets millions of dollars, you’ll have to pay protection money to the mob to not get robbed. It doesn’t look like the mob itself is organising these cash-outs though.

“We’re not disputing that organised crime is involved with cyber-crime, but the popular conception of leather jacketed thugs running around with firearms and laptops is not in line with what we have observed from the actual communities,” he said. “It seems like it is very useful for some companies to popularise the scary idea of Russian cyber-gangsters, but honestly the involvement seems to be much more hands off.”

http://www.eweekeurope.co.uk/knowledge/russian-cybercrime-geeks-not-gangsters-9182/2

The Internet has become a headache for policymakers struggling to police criminal activity in an intangible web of code that spans territories outside of their jurisdictions.

Failing to tackle the problem at a national level, European policymakers have been trying to write laws and create new bodies to make binding decisions about unlawful content and activity online.

Their attempts are highly contested by MEPs and legislators in national parliaments, who fearthat draconian rules on Internet filtering would eventually dilute fundamental freedoms like free speech.

Source: EurActiv.com

Policymakers worldwide are at loggerheads over how to crack down on cyber-criminals, unlawful content and illegal downloading. But laws have been slow to arrive as legislators try to reconcile fundamental rights and Internet security.

Milestones

* 1 Sep. 2005: European Network and Information Security Agency (ENISA) became fully operational.
* 29 June 2006: Commission opens consultation on review of telecoms sector.
* May 2007: Security portal ‘Check the Web’ established by Europol to monitor terrorism online
* 13 Nov. 2007: Commission presents telecoms ‘package’ of reforms (EurActiv 14/11/07).
* 29 Apr. 2009: Parliament and Council seal landmark deal on main issues of the telecoms package (EurActiv 30/04/09).
* 6 May 2009: In a surprise move, MEPs reject the agreement previously reached with the Council and propose a more rigorous text in defence of Internet users’ rights (EurActiv 7/05/09).
* 24 Nov. 2009: Final adoption of telecoms package.
* 29 Mar. 2010: Commission tables proposals to filter out child pornography online.
* April 2010: EU ministers ask Commission to examine need for centralised cybercrime agency.
* Oct. 2010: Commission plans to propose new directive for attacks against information systems.
* 9 Dec. 2010: Deadline for implementation in each member state of Framework Decision on Combating Terrorism including online radicalisation.
* 2011: Planned communication to counter radicalisation and recruitment.

Policy Summary

The Internet has become a headache for policymakers struggling to police criminal activity in an intangible web of code that spans territories outside of their jurisdictions.

For example, parliamentarians in the UK have tried to legislate against pornographic images of children on the Internet, but ran into problems when they realised these images were on websites outside their country.

Failing to tackle the problem at a national level, European policymakers have been trying to write laws and create new bodies to make binding decisions about unlawful content and activity online.

Their attempts are highly contested by MEPs and legislators in national parliaments, who fearthat draconian rules on Internet filtering would eventually dilute fundamental freedoms like free speech.

A global solution for illegal downloading is currently being discussed under the banner of the Anti-Counterfeiting Trade Agreement (ACTA), but the high level of secrecy surrounding the global talks has unnerved both businesses and legislators.

Leaks from the talks show that governments want stricter laws to prosecute illegal downloading and filesharing of content. Internet service providers fear that this would change their business models and make them less competitive.
Issues

Internet security has become a priority as by 2020, Brussels wants all Europeans to have high-speed broadband.

The EU’s Internet security agency, ENISA, works to secure information networks, but at the moment it is largely a hub of expertise with no legal teeth to tackle the issue.

For example, in 2008, the agency released information about how vulnerable mobile communications were to security threats.

Europol is also involved in policing cybercrime. The agency oversees working groups that try to help law enforcement agencies solve cross-border cybercrime like child pornography, for instance.

However, as more and more users put their private information on the Internet via social networking sites, the breeding ground for cybercrime has grown enormously.

Cybercrime

Risks emanating from websites like Facebook and MySpace top the list of electronic dangers outlined in a recent report by Sophos, a web security firm. Traditional phishing, email threats and attacks on new devices, such as BlackBerries and iPhones, come next in the ranking of annoyances for digital consumers.

Some countries have well-established units to police the Internet. In the Netherlands, Dutch police set up an Internet Brigade to fight cybercrime and in the UK, the Internet Watch Foundation operates an Internet ‘Hotline’ for the public and IT professionals to report potentially illegal online content.

In addition, ENISA monitors spam, botnets, phishing, identity theft, route hijacking, instant messaging, peer-to-peer systems, malware on cell phones, hackers in stock markets, software vulnerabilities and lack of protection (e.g. antivirus software) in some devices.

Recognising the lack of legal power at their disposal, in April 2010, EU ministers asked the European Commission to assess whether it should set up a centralised agency on tackling cybercrime to prevent online fraud and child pornography.

In the past, the biggest opponents of a centralised EU body on cybercrime have been the UK, Germany and France, who feared an EU agency would tread on the toes of operations already underway in their own countries.

The European Commission has started work on a new directive for attacks against information systems and plans to present an EU Internal Security Strategy in October 2010, a major component of which will be cyber security.

The EU executive claims that the cost of cybercrime in the EU, at €750 billion annually, vastly exceeds drug trafficking and is equivalent to 1% of global GDP.

As part of its efforts, the Commission is planning to establish a European rapid response system for cyber attacks, including a network of computer emergency response teams (Certs), and wants to boost the role of ENISA.

Piracy on the Internet

Over a million jobs and up to €240 billion in business could be lost in the European Union over the next five years as a result of illegal downloading, according to a new study on Internet piracy by Paris-based consultancy TERA.

Three quarters of illegal shipments stopped by EU customs officials in 2009 were shipped by post or air, suggesting that Internet sales of illegal items have increased, according to an annual report on illegal trade flows published by the European Commission’s department for taxation and customs union.

The European Parliament is grappling with the issue of tackling online piracy, with many MEPs insisting that criminalising piracy would be too draconian and would punish people who share files sporadically rather than those who are pirating content en masse and for commercial gain.

France was the first country to propose legislation on the issue, and its law is considered too stringent by many policymakers. The three strikes rule, which would see users disconnected from their networks after being caught downloading content illegally for the third time, is still making its way through the French national parliament.

In early May, Ireland was the first country to introduce a three-strikes policy after its Internet service provider, Eircom, was taken to court by the Irish Recorded Music Association for the level of content that had been illegally downloaded on its network.

The UK government and Internet service providers (ISPs) BT and Talk Talk are currently embroiled in a high court challenge to the country’s digital economy bill, which asks them to send letters and even disconnect customers who are downloading illegal content.

The role of Internet service providers in illegal downloading is a hotly debated issue at both an EU and global level. Currently the European Parliament is struggling to understand the implications of ACTA (Anti-Counterfeiting Trade Agreement): global negotiations which, according to leaks, would see ISPs punish customers who have downloaded illegal content.

There are 12 countries involved in the ACTA talks, at which European interests are being represented by negotiators from the European Commission.

Christian Engström, a Swedish Greens/European Free Alliance MEP and a founder member of the Swedish Pirate Party, who has a close eye on the negotiations, recently abandoned talks with the European Commission when he discovered that he was not allowed to share information from ACTA with his fellow legislators.

Terrorism

In 2007, the EU established a high-security portal – called ‘Check the Web’ – to allow the EU’s 27 member states to pool data on Islamist propaganda at the European Police Office (Europol) in The Hague.

Internet service providers and private companies operating on the Web will also likely be increasingly required to collaborate in the fight against terror.

The tougher line on Internet-based propaganda and radicalisation activities stems from an EU Framework Decision on combating terrorism, which was adopted in November 2008.

The document clearly states that “the Internet is used to inspire and mobilise local terrorist networks and individuals in Europe and also serves as a source of information on terrorist means and methods, thus functioning as a virtual training camp”.

The European Commission believes that new measures in the pipeline will allow for easy persecutions of the perpetrators and planners of attacks, but also of those who indirectly support terrorism through a variety of means, such as disseminating bomb-making recipes on the Internet.

A new set of measures will be proposed in 2011 on countering radicalisation and recruitment, including Internet-based activity.

Child pornography

In addition, the European Commission wants member states to filter out child pornography from the Internet and impose harsher sentences on human trafficking, but the European Parliament has expressed doubt as to whether new EU laws would be tough enough.

The new rules proposed in March 2010 would block child porn websites from the Internet, prosecute grooming – luring victims via online chat forums – and seek to ensure that abusers cannot re-offend in another EU country.

But the EU faces internal strife from member states on the proposal, with many arguing that Internet filtering will damage free speech by allowing governments to block other forms of undesirable content.

Germany, which said it would block the proposal, argues that banning child pornography altogether would be more sensible than filtering content.
Positions

Commenting on new measures to tackle cybercrime, EU Home Affairs Commissioner Cecilia Malmström said “citizens should have the right to know what personal data are kept and exchanged about them”.

Commenting on new measures to filter websites carrying child pornography, Commissioner Malmström argued: “If the police can confiscate leaflets, books and videos with child pornography, it should also be able to shut down sites. The Internet is not a safe haven for criminals.”

German Justice Minister Sabine Schnarrenberger disagreed with Malmström: “I expect a broad debate in the upcoming discussions in which I shall be representing the principle of ‘removing [child porn sites] instead of blocking’ and lobbying for as broad support as possible in the Council and in the European Parliament.”

Regarding the security risks posed by social networking websites, a paper by the European Network and Information Security Agency concluded: “Users are often not aware of the size or nature of the audience accessing their profile data and the sense of intimacy created by being among digital ‘friends’ often leads to disclosures which are not appropriate for a public forum. Such commercial and social pressures have led to a number of privacy and security risks for SN members.”

The European Commission recently issued a paper which argued for greater scrutiny of terrorist activity online. “Activities of public provocation to commit terrorist offences, recruitment for terrorism and training for terrorism have multiplied at very low cost and risk,” stressed the document.

Commenting on Europol’s online policing portal ‘Check the Web’, the agency’s head, Max-Peter Ratzel, said: “We allow EU member states to share their responsibilities in checking the web.”

“If you see that a web site is [already being] checked by another country, you can save energy,” Ratzel added.

Criticising the secrecy surrounding the ACTA talks, Swedish Greens/European Free Alliance MEP and founder member of the Pirate Party Christian Engström said: “It is disgraceful that MEPs have to rely on unofficial leaks.”

“We will try to request the release of these documents so Europe can see that we do what we say and we say what we do,” said Luc Devigne from the European Commission’s trade unit.

Commenting on “rumours” that ACTA will pave the way for a three-strikes law against piracy, Devigne said “there will be no three strikes, there will be no change to the liability of Internet service providers [and] there will be full respect of data privacy and no provisions on customs searches”.

“ETNO is concerned that disproportionate and wide-ranging measures such as filtering or the possibility of disconnecting Internet users could be introduced through the Anti-Counterfeiting Trade Agreement currently negotiated by the EU and the US among others. Such a move would fully contradict users’ rights as currently enshrined in EU law and reinforced by the recently adopted EU Telecoms Package,” said Michael Bartholomew, director of EU telecoms federation ETNO.

“By creating legal uncertainty for the Internet operators, ACTA will force them to bend under the pressure of entertainment industries. ACTA will compel Internet service providers to filter and remove content and services, turning them into private police and justice auxiliaries,” according to Jérémie Zimmermann, spokesperson for citizens’ advocacy group La Quadrature du Net.

Marielle Gallo, a French centre-right MEP overseeing legislation on copyright, has said she is in favour of a Spanish draft law which would simply shut down websites caught by a judge for providing illegal downloads to users.

Commenting exclusively for EurActiv, Veni Markovski, a Bulgarian Internet pioneer, said there were fundamental flaws in the European Commission’s Internet policy.

”What we have seen in recent years is that some EU member states have created policies not to ensure more secure Internet, but rather ones that punish end-users,” he said.

”The so-called ‘three-strike rule’ does not provide more security, but rather more fear and concerns over users’ privacy,” he added.

Calling for more cooperation with users, business and governments instead, Markovski gave an example of an alternative being rejected: ”10 years ago, in Bulgaria, Internet operators suggested a working model to the copyright associations, but they rejected it. The model would have brought the copyright holders about 50 million euro for 2009 from Bulgaria alone,” he said.

”In the fight against online crime, the EU should not sacrifice online freedom for the interests of big software and music producers,” he added.

http://www.euractiv.com/en/infosociety/policing-internet-linksdossier-496811