The flood of news of breaches against high profile organizations that Ron Deibert has dubbed Breachfest 2011 remains in full force. Last week, LulzSec broke into the U.S. Senate’s computer network and released files while publicly stating, “We don’t like the U.S. government very much,” adding, “This is a small, just-for-kicks release of some internal data from Senate.gov—is this an act of war, gentlemen?” The group also claimed responsibility for a distributed denial of service (DDoS) attack against the CIA’s public Web site and released 62,000 email and password combinations from an unknown source.

Rafal Rohozinski contends that the rise of political as opposed to profit-driven breaches is an indication of the “digital-native generation” flexing its muscles—expressing its political views and social values via online activism—that “hacking is a nascent form of politics”:

You’ve got this new generation of digital natives, generally people between the ages of 14 to 25, who have grown up with this technology. That generation is coming of age, so to speak, in terms of having political views, social values, and the way they’re starting to express that is through online activism.”

For instance, it is understood that Lulzsec defaced the PBS website in reaction to the PBS documentary “WikiSecrets.” A few weeks ago, Anonymous declared action against the IMF, in protest against the austerity measures demanded by the country’s IMF bailout and amid call from within the country for protests and a general strike on June 15th. On Monday, the two groups announced that they were going to join forces under the “AntiSec” banner under Operation Anti-Security to expose and oppose security profiteers and government intervention in cyberspace, through tactics such as DDoS attacks and gathering and leaking classified information from banks, high profile establishments, and governments. On Monday, the group launched a DDoS attack against the British Serious Organized Crime Agency, forcing it to take its site offline.

Last week, politically-motivated DDoS attacks were launched against the Web site of Belarusian President Alexander Lukashenko—organizers of the mass DDoS action announced it as a protest against the President for “pissing away such a country.” Meanwhile, the Syrian Electronic Army apparently motivated by patriotic sentiments continues to deface foreign Web sites. Last week, protests in Hanoi and Ho Chi Minh city over China-Vietnamese territorial dispute over the South China Sea spilled over into the cyberspace as hackers from both countries attacked and defaced each others national Web sites, including government portals. Yesterday, a Brazilian “unit” of Lulzsec launched cyber attacks on the Web site of the Brazilian Presidency, rendering the Web site inaccessible. It also launched an attack against the Web site of the oil company, Petrobras, claiming, “Wake up Brazil! We no longer want to buy gas at 2.75 to 2.78 reals ($1.73 to $1.75) and export for half of that price!”

As Ron Deibert has pointed out, the culmination of recent online attacks—including, the high profile attacks on the IMF—has had the effect of forcing people and governments to seriously start thinking about the lack of proper security in the Internet’s infrastructure. It has been reported that companies are now taking out cyber insurance worth hundreds of millions of dollars, while cybersecurity companies are slated to be a key focal point on Wall Street. Meanwhile, in the US, the National Security Agency is now actively working with Internet carriers (AT&T, Verizon and Century Link) to deploy new tools which will scan emails and online traffic in order to prevent cyberattacks against 15 defense firms, including the recently breached Lockheed Martin, and Northrop Grumman. As this Washington Post article points out, the pilot program has been praised as an “elegant solution” to the ongoing problem of how to use the agency’s expertise while avoiding domestic government surveillance on private Internet traffic.

Nonetheless, Deibert remains concerned that in attempting to manage online threats, governments may take the wrong approach—through building borders and asserting control by cracking down on anonymity and blocking access.

A cyber attack blocked traffic to the website of the Brazilian presidency and two other government sites on Wednesday, authorities said.

The self-styled Brazilian branch of the Lulz Security hacking collective claimed responsibility for the attacks.

Hours later, people who claimed to be Lulz members said on Twitter that they had taken down the website of oil company Petrobras, whose website was down Wednesday afternoon. Petrobras would not confirm whether the problems with its website were caused by an attack.

On a Twitter page in the name of the Brazilian branch of Lulz, posters justified the apparent attack on the Petrobras website by complaining about the price of gasoline in Brazil.

“Wake up Brazil! We no longer want to buy gas at 2.75 to 2.78 reals ($1.73 to $1.75) and export for half of that price!” stated one tweet from the group.

…

For full original article, see here

“Some unknown foreign power … broke into the Department of Defence, to the Department of State, the Department of Commerce, probably the Department of Energy, probably Nasa. They broke into all of the high tech agencies, all of the military agencies and downloaded terabytes of information,” said Lewis.

This isn’t just America’s pulp fiction tale either. Russia allegedly swarmed the computers of most major facets of Estonian life in 2007, hitting banks, newspapers, broadcasters, telephones and Parliament, allegedly in anger over Estonia’s plans to relocate a bronze soldier.

It is still disputed whether Brazil, a nation with reputedly the highest number of cyber criminals in the world, was hit with a cyber attack that blacked out the electrical grid north of Rio in 2005 and 2007. A bigger blackout this November plunged half the nation into darkness.

This past year University of Toronto researchers were called in to help the Dalai Lama’s infiltrated network. They uncovered what has now been dubbed GhostNet, a huge spy network based in China that has infiltrated embassies, foreign ministries and media in 103 countries. The malware even has the ability to turn on a computer’s camera and microphone to record a user’s conversations in the room.

Indeed, in a survey done at this year’s World Economic Forum by McAfee, 54 per cent of IT security executives report their systems had already been attacked, almost two-thirds of them believe by foreign governments. Power and fuel companies were hit hardest.

Who do they believe are the two most likely threats? The United States [36 per cent] and China [33 per cent].

But it was last month’s Operation Aurora that I believe will go down in the history books as the day our airy information age crashed headlong into the real-world political arena.

You might know Operation Aurora more familiarly as the breach that triggered Google to threaten to pull out of China. Google found its servers being used to target Chinese dissidents and 34 US companies, from Adobe to Dow Chemical.

Why should this story be any different from any of the others that have come before?

Simply put, how it was played. Not only did we find out about this attack quickly, but Google and the US Government gave it to us on a plate, standing like twin countries on the world stage.

Hillary Clinton shook her finger directly at China. Instead of hiding the breach for years until consumers could hear it was safely fixed, one of the world’s most powerful corporations very publicly used the attack to try to leverage another nation’s international policy.

While US reports mused over lost market share, Ernest J. Wilson, Dean of the Annenberg School for Communication and Journalism wrote in the Huffington Post, “They ignored what may be the biggest really important story, which is Google’s impact on the future of US international relations in the coming decades.”

Governments spent the last century fighting to defend the open dissemination of the building blocks of our industrial age, from steel to cars. While we were distracted with talk of terrorism at the turn of this new millennium, the first significant battles of the information age were raging when we weren’t looking.

Google’s spin that this is about human rights is a red herring. This is about the age-old battle for access to open markets. The difference today is that nearly the entire value of Google’s product is the free worldwide access itself.

In a game of chicken, Google is playing as if they were any other nation state. I’ll face-shame you to every potential foreign investor if you don’t play by our rules, Google has threatened.

The irony is that China is rightly making the exact same argument but with real, not virtual, muscle to back it up. Google’s timing couldn’t be worse.

This week China is now spitting tacks at the news of America’s sale of arms to Taiwan. That won’t bode well for the Chinese seeing Google as a pawn, not a player.

I believe Google will lose this battle, and badly. The bigger question is who will be the new political players in a new world order that will, by necessity, fight for control of what is now the world’s most valuable currency – information.

www.traceybarnett.co.nz

Reports that hacker-extortionists triggered at least one blackout outside the U.S. first surfaced last year, based on comments made by the CIA’s chief cybersecurity officer, Tom Donahue, who declined to identify any country or the specifics of the alleged attacks. In an interview with Threat Level’s Kim Zetter last month, former cybersecurity czar Richard Clarke publicly named Brazil as a hack attack blackout victim for the first time, but didn’t go into details.

60 Minutes hasn’t distinguished itself with its cyber reporting in the past: the show’s alarmist piece on the Conficker botnet showed a picture of a gang of ruthless Russian hackers that turned out to be a bunch of school kids from Finland, and the show’s recent report on internet piracy was rank with unchecked Hollywood talking points. Earlier reports from other media sources about hacker-triggered blackouts within the U.S. proved false.

But it seems unlikely that CBS would pin itself to a claim like this — naming specific, and real blackouts — without solid investigative sourcing beyond the usual suspects in the U.S. intelligence community and cyber security vendors. If they were wrong, their claims would be quickly disputed from within Brazil.

So Threat Level will be tuning in Sunday, and beginning Monday may have to be a little less snarky in its Cybarmageddon coverage. We might even have to rethink those Finnish kids.