The tally of digital certificates stolen from a Dutch company in July has exploded to more than 500, including ones for intelligence services like the CIA, the U.K.’s MI6 and Israel’s Mossad, a Mozilla developer said Sunday.

The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531, said Gervase Markham, a Mozilla developer who is part of the team that has been working to modify Firefox to blocks all sites signed with the purloined certificates.

Among the affected domains, said Markham, are those for the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft’s Windows Update service.

For the full article, see here.

U.S. government cyber security experts are warning that the Stuxnet virus could become more menacing, more than a year after it surfaced in an attack believed to be targeted against Iran’s nuclear program.

The Department of Homeland Security has spent the past year studying the sophisticated malicious software, the first of its type designed to attack computer systems that control industrial processes, two officials said in testimony prepared for a congressional hearing.

Stuxnet targeted industrial control systems sold by Siemens that are widely used around the globe to manage everything from nuclear power generators and chemical factories to water distribution systems and pharmaceuticals plants.

“This code can automatically enter a system, steal the formula for the product being manufactured, alter the ingredients being mixed in the product, and indicate to the operator and the operator’s anti-virus software that everything is functioning normally,” the officials said. (For full written testimony click: http://bit.ly/mQxhFU )

…

For full original article, see here

Anonymous has hacked into Iranian government servers and procured over 10,000 email messages from the Ministry of Foreign Affairs.

The Ministry’s website is still down as of this writing, and the servers are under Anonymous control. One of the Iranian members of Anonymous involved with the operation sent me a message from the compromised email servers as evidence that they were still under Anonymous control.

While email addresses can be spoofed, the collection of 10,000 emails is a pretty good indication that they have no need for spoofing.

The email archive includes approvals and rejections for a variety of visas and passports, among other requests and correspondence.

“It’s near the election’s anniversary. We had to do something,” said one of the Iranian members of Anonymous from #OpIran.

He said they take down Iranian government servers on a regular basis for operation days, but that obviously retrieving information required a different approach to the group’s signature DDoS attack.

He also indicated an as-yet unannounced attack. “For the election’s anniversary, we have a complete DDoS attack day” planned, he said.

It’s not clear who the specific target of the day will be, but it will be part of the Iranian government.

“We don’t attack the media,” said my source, though he indicated that propaganda masquerading as news was fair game. For instance, this site publishes photographs of “rioters”, asking other citizens to identify them so the government can subject them to any of a number of horrific punishments.

If you need to get into Iran, now would be a good time to talk to Anonymous. “Are you sure you don’t want a visa?” was the last thing my source said to me.

On May 16, the United States revealed its foreign policy strategy for cyberspace in a thirty page document entitled International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World. The document outlines the foreign policy goals of United States for the cyber domain. One commentator, Chris Bronk, pointed out that the strategy is not a cybersecurity plan, but rather, a broad set of prescriptions relating to the Internet and information more generally. Bronk states, “To borrow from Ronald Deibert and Rafal Rohozinski, the U.S. government has decided to pursue the protection of a global cyber commons.”

The document declares that the US will work with like minded states to establish a set of international expectations / norms of behaviour in which to guide defense policies, international partnerships and interstate conduct. These norms will be based on five principles: upholding fundamental freedoms, respect for property, valuing privacy, protection from crime, and the right of self-defense. Deriving from these principles, the document states, are core responsibilities in cyberspace, including global interoperability, network stability, reliable access, multi-stakeholder governance, and cybersecurity due diligence. To ensure that the United States will be able to implement its vision of cyberspace, the document outlines that the strategy will be realized through bilateral and multilateral partnerships, international and multi-stakeholder organizations, and private sector collaboration.

The document also explains that this vision of cyberspace will be enforced through the means of defense against “terrorists, cybercriminals, or states and their proxies.” An important paragraph states that “When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners. We reserve the right to use all necessary means diplomatic, informational, military, and economic as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests.” This statement has become a point of contention for some commentators, with Mikko Hypponen, Chief Research Officer for F-Secure tweeting, “So, basically, USA is saying ‘Try to DDoS us and we’ll launch missiles at you.’”

Bolstering the strategy’s commitment in fighting infringement of intellectual property is the release of a draft version of the “Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011” last week. If passed, this act would grant the government power to shutter Web sites that infringe on intellectual property rights. The IP Protect Act grants the government power to order Internet service providers to use DNS blocking to prevent domestic access to such sites; to order search engines from displaying links to the offending site; and rights holders would be allowed to instruct online services from partnering with offending sites. Touted as an Internet censorship bill by some, Google’s
Eric Schmidt cautioned that this action may set off a dangerous precedent for global freedom of expression: “So, let’s whack off the DNS. Okay, that seems like an appealing solution but it sets a very bad precedent because now another country will say, ‘I don’t like free speech so I’ll whack off all those that country would be China.”

Meanwhile, the United States has been strengthening bilateral relations with states. Last week, the U.S. Secret Service set up an office in Estonia to combat cyber and financial crimes, while the Economic Times of India reported on closer cooperation between India and the US on cybersecurity. Against the backdrop of increasing cyberattacks, India is currently in the process of setting up a Cyber Command Control Authority.

Amid these new developments, other states have implemented new measures to defend themselves against cyberattacks. Following the footsteps of other countries that have set up cyber commands, it was reported this week that Iran is doing the same. At the same time, it was been reported that Israel is also on the verge of setting up a national task force whose prime responsibility will be to “defend vital infrastructure networks against cybernetic terrorist attacks perpetrated by foreign countries and terrorist elements.” Meanwhile, Malaysia has partnered up with US security provider, Fortinet, to deal with cyberthreats.

IDG News Service — Israel is setting up a national task force to expand the state’s ability to defend vital infrastructure networks from cyberterrorist attacks by foreign countries and terrorist elements, according to a report on Wednesday by the country’s prime minister’s office.

The task force is being established following several cyberattacks that have taken place around the world in recent years, including those which disrupted the electricity grid in Brazil, banks in Estonia and elections in Myanmar, the report said.

Israeli electronic networks are also under permanent threat, it added.

Prime Minister Benjamin Netanyahu has directed the allocation of a special budget to implement a five-year plan, which includes investments in academic research and development, establishment of a super computer-based center at an Israeli university, the establishment of academic centers of excellence, and accelerated activity to bring researchers and academics back to Israel, significantly increasing the number of cybernetics students and upgrading university research infrastructures.

Iran, Israel’s bitter opponent, also plans to set up its first cybercommand to counter cyberthreats, according to a report by the country’s semi-official Mehr News Agency.

The report did not provide details on the cybercommand, though it indicated that it would be similar to the U.S. Cyber Command (USCYBERCOM) and similar organizations set up in some countries in Europe.
In June, 2009, the U.S. Secretary of Defense directed the Commander of U.S. Strategic Command to establish USCYBERCOM to handle the operations and defense of specified Department of Defense information networks and conduct full-spectrum military cyberspace operations when required. Initial operational capability was achieved in May 2010, the Department of Defense said.

The Mehr report comes about a month after the general investigating the Stuxnet attack on Iran’s nuclear program told Mehr News that the country was hit by a second targeted attack, from a worm dubbed Stars. Brigadier General Gholam-Reza Jalali, director of Iran’s Passive Defense Organization, did not give any details about what facilities the worm targeted or when experts first detected it.

Iran has completed the preliminary studies for the new cybercommand, Brigadier General Masood Jazayeri of the Islamic Revolution Guards Corps told Mehr.

Iran’s Revolutionary Guard is often accused of directing cyberattacks in other countries.

More than a week after Iran said it had been the victim of another cyber attack by its enemies, foreign computer experts say they have seen no evidence, and some doubt its existence.

On April 25, the commander of Iran’s civil defence agency, Gholamreza Jalali, told the semi-official Mehr news agency that experts were probing a virus they called “Stars”, but gave no details of its apparent target or intended impact.

Last year, Iran said computers at its first nuclear plant had been infected with the Stuxnet computer worm, widely believed to have been designed by a foreign intelligence agency to attack its nuclear program.

Stuxnet — believed to work by corrupting the plant’s industrial processes to cause physical damage — spread around the world, allowing computer experts to analyse it and close programming holes to halt its spread.

In contrast, no one at any of the range of anti-virus firms, technology consultancies and think tanks contacted by Reuters had any further details of “Stars”.

“Until the Iranians provide some more information or someone else can verify the nature of this apparent new threat, I think I need to remain sceptical,” said John Bassett, associate fellow at Britain’s Royal United Services Institute and former senior official at Britain’s signals intelligence agency GCHQ.

“We can’t exclude the possibility of exaggeration or even invention in such claims for domestic political purposes, particularly given the current unrest across the region.”

Iran — which crushed widespread protests after disputed elections in 2009 — has proved largely immune to the wave of dissent pressuring governments across the Middle East this year.

Iranian leaders have praised uprisings in the Arab world as “the Islamic awakening”, saying that they have been inspired by the 1979 Islamic Revolution that toppled its U.S.-backed shah.

But some foreign analysts suspect Iran and potentially in Syria might step up anti-Western and anti-Israeli rhetoric to distract from problems at home and entrench their positions.

Iranian officials declined to provide further updated comment on the “stars” attack. RUSI’s Bassett said that if it was genuine, Tehran should swiftly share details to stop it spreading globally and potentially inflicting more damage.

REAL OR HOAX?

Experts said it was possible Iran was overreacting to a conventional computer virus or piece of malware. But it was also possible Iran had simply chosen not to share information.

“If it is real or a hoax is impossible to tell,” said Toralv Dirro, security strategist at the anti-virus firm McAfee. “There’s a possibility that they are working with some anti-virus company under a non-disclosure agreement for analysis/remediation, something that is not uncommon.”

Even if “stars” was a genuine foreign attack, it might be designed to extract information rather than do physical damage.

“It sounds more like cyber espionage than cyber sabotage,” said Mikko Hypponen, chief research officer at security firm F-Secure. “Cyber espionage happens all the time. Cyber sabotage doesn’t.”

Gauging the success of the original Stuxnet attack is still far from easy. Iran said at the time it had neutralised the worm before it do any damage, but foreign experts say it probably slowed Tehran’s pursuit of a nuclear weapon.

No country has claimed responsibility, although in Febuary, Israeli Deputy Prime Minister Dan Meridor said cyber warfare offered advanced nations an alternative to “ugly war”. In an age of rolling television news, he said traditional military strikes now had a much higher political cost.

Since Stuxnet was unleashed, there has been much less talk of a possible Israeli or U.S. strike on Iranian nuclear facilities, where Western powers believe it is working to develop a nuclear weapon, something Iran vehemently denies.

Many states are believed to be working on ever-more sophisticated cyber attack capabilities, but the time and effort required to design a weapon for a single target is considerable.

One veteran former government official described it as akin to “handcrafting nuclear weapons” that could become obsolete in a matter of months if left unused, while others say cyber defences are also becoming increasingly effective.

“Stuxnet is something that will work brilliantly the first time, less well the second time (and) hardly at all the third,” said Richard Aldrich, professor of international relations at the University of Warwick and a historian of GCHQ. “Maybe Stuxnet and similar forms of attack have already had their day.” (additional reporting by William Maclean and Dan Williams in Jerusalem)

Iranian computers are again being targeted by a computer virus in what the country’s commander of civil defense described Monday as a “cyber war,” according to Reuters.

“Fortunately, our young experts have been able to discover this virus and the Stars virus is now in the laboratory for more investigations,” Gholamreza Jalali was quoted as saying. The civil defense commander did not detail the targets of the attack.
“The particular characteristics of the Stars virus have been discovered,” Jalali said. “The virus is congruous and harmonious with the [computer] system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations.”

Last year, Iranian nuclear facilities were apparently the main target of the Stuxnet computer worm—a Windows-specific computer threat that spies on and reprograms industrial control systems—which infected tens of thousands IP addresses in the country.

Jalali said that the mutating Stuxnet worm still put Iranian systems at risk, though Iranian officials have claimed to have neutralized the threat.

Stuxnet was first discovered at the Bushehr nuclear reactor last August when Iran began loading fuel into its first such facility. Iranian officials have claimed that Israel and U.S. were behind the Stuxnet worm.

A recent report from McAfee and the Center for Strategic and International Studies (CSIS) warned that sophisticated computer threats like Stuxnet that target critical infrastructure would only increase in the future.

The United Kingdom government has announced that the GBP 650 million delegated to the National Cyber Security Programme will be used to prop up four pillars of the programme: national cybersecurity, cyberdefense of critical infrastructure, countering cybercrime, and improving education and skills. 65 per cent of the funds will be allocated to increasing capabilities. Meanwhile, in the United States, defence contractor Booz Allen Hamilton Inc. was granted a USD 71.5 million cybersecurity contract with the US Navy. This is the company’s second contract of the year with the Navy—the first was awarded in late January, also worth USD 71.5 million—and is contributing to the emergence of the cyber-military industrial complex.

In Russia—following cyber attacks on LiveJournal and opposition newspaper Novaya Gazeta (as we documented here two weeks ago)—authorities are expressing concern over the lack of Internet regulation in the country. As a result, a state tender released this week is calling for researchers to look at “foreign experience in regulating” the Internet. A spokesperson for Prime Minister Putin followed up by stating that state researchers would begin studying best practices in online regulation from countries such as China.

Meanwhile, Iran has announced that it will assert its sovereignty over cyberspace via the creation of a nationalized cyberspace—a “halal Internet”—to combat Western influence of the space and to potentially decouple from the open Internet. The head of economic affairs in Iran announced to the state run news agency, IRNA, that Iran “will soon create an internet that conforms to Islamic principles, to improve its communication and trade links with the world.” This new network may eventually replace the open Internet. It has been reported that authorities have praised China’s Internet policy—an indication that the government, like its Russian counterpart, is lesson drawing from the country.

Increasingly, like-minded countries sharing similar concerns appear to be turning towards one another to seek out best practices, policy innovations, and solutions as pertaining to cyberspace (for instance, the Iranian and Chinese state have both expressed concern about Western hegemony over the space). The emergence of online controls as a “norm” has given rise to a contestation of norms in cyberspace. In what appears to be a promotion of normative change, the United States announced just this week that it is set to dedicate USD 28 million in new grants (to go towards projects such as circumvention/anonymity tools) to online activists—particularly in countries with major cyber controls.

In the past, US promotion of “net freedom” has been met with suspicion. Following Hillary Clinton’s 2010 “Internet freedom” speech, Chinese authorities accused the United States of information imperialism. In this case, a Chinese op-ed stated: “countries disadvantaged by the unequal and undemocratic information flow have to protect their national interest, and take steps toward this. This is essential for their political stability as well as normal conduct of economic and social life. These facts about the difficulties of developing nations, though understood by politicians like Clinton, are not communicated to the people of Western countries. Instead, those politicians publicize and pursue their claims purely from a Western standpoint.”

Like the idea of humanitarian intervention, Internet freedom promotion may be seen as a disguised form of aggressive Western imperialism by some. As Ma Zhaoxu of the Chinese Foreign Ministry stated after Clinton’s speech, “We urge the US to respect facts and stop attacking China under the excuse of the so-called freedom of Internet.” We can expect to see continued contestation over such meanings.

In short, the current situation with cyberattacks is ominous, and more effective methods must be provided to potential victims to permit them to protect themselves. The time to act is now, and we must legally solidify the right to use self-defense in cyberspace, while also protecting the rights of potential uninvolved third parties who might be harmed by mitigative counterstrikes.

Source: Jay P. Kesan, Selected Works of Jay P. Kesan.

Abstract

Cyberwar has become a reality. The question is no longer “if” the United States will experience a major cyberattack aimed at disrupting critical infrastructure, but “when.” In July of 2010, Iranian uranium enrichment activities were severely hindered by the Stuxnet worm, which used a number of zero-day exploits and damaged the Iranian nuclear infrastructure. In early 2011, documents leaked from the files of a computer security company provide evidence that there are “cyber contractors” in the United States that provide subscriptions to lists of exploitable vulnerabilities in popular software. Additionally, there exists the threat of Distributed Denial of Service (DDoS) attacks that could be used to knock a system’s defenses off-line and render the system more vulnerable to further attacks.

In the United States, highly visible corporations and privately owned critical infrastructure are both likely targets for debilitating cyberattacks, and there is an urgent need to ensure that these groups are protected. Currently, there is no consistently effective domestic or international criminal law regime to deter these sorts of attacks, and resorting to civil litigation is likely to prove impractical. A major barrier to punishing cyberattackers is the difficulty of identifying individual attackers. Passive defense methods, like firewalls, software patches, and antivirus software, do not require potential attackers to be identified to be effective. However, passive defense methods are not used consistently enough to have a perfect deterrent effect, and are all but useless against attacks utilizing zero-day exploits. For these reasons, we strongly urge a regulatory regime that would govern the use of active defense technologies, especially technologies that would enable mitigative counterstriking.

Active defense, however, has been a controversial subject, and it is this controversy that we seek to engage in. The reason that commentary about active defense has been so tentative and inconclusive up to this point is that active defense is intuitively bothersome and seen as amounting to vigilantism that carries significant danger of collateral damage. We assert that researchers have been analyzing this topic incorrectly as a unitary whole, instead of by looking at the different aspects of active defense (detecting, tracing, and counterstriking) and the two possible characterizations of counterstrikes (mitigative and retributive). A mitigative counterstrike would involve actions taken in self-defense in order to interrupt an attack in progress and mitigate immediate harm to a target system. Self-defense in cyberspace is a necessity, especially to protect critical infrastructure. Our analysis concludes that cyber counterstriking is readily justifiable under a self-defense framework, provided principles of mitigation are observed. Mitigative counterstriking is also legally justifiable under several areas of domestic and international law, and can be made consistent with other areas of law by amending the law or by reinterpreting it.

After evaluating the technologies, the potential types of attacks, and the legal context, we conclude that mitigative counterstriking would be the most effective when used in response to DDoS attacks originating from botnets. Such a counterstrike would interrupt the attack and mitigate harm to the victim system, while also preserving the victim system’s defenses against additional attacks. Harming non-attackers through counterstrikes is also a potential concern, but we observe that the technological capabilities to engage in self-defense are advancing rapidly and provide the capability to avoid unnecessary harm to third parties. We urge that the government should regulate active defense and oversee mitigative counterstriking, perhaps as part of a public-private partnership to take advantage of the core competencies of both the public and private sectors on this topic. Our recommended regime to permit mitigative counterstrikes as self-defense would also include liability rules to protect third parties in the event that a counterstrike causes harm to a party other than the initial attacker.

In short, the current situation with cyberattacks is ominous, and more effective methods must be provided to potential victims to permit them to protect themselves. The time to act is now, and we must legally solidify the right to use self-defense in cyberspace, while also protecting the rights of potential uninvolved third parties who might be harmed by mitigative counterstrikes.

http://works.bepress.com/jay_kesan/4/

On Friday, Ali Aghamohammadi, the Ahmadinejad Administration’s head of economic affairs was quoted in IRNA, a state-run news agency that Iran was working on a “halal Internet.”

“Iran will soon create an internet that conforms to Islamic principles, to improve its communication and trade links with the world,” he said, apparently explaining that the new network would operate in parallel to the regular Internet and would possibly eventually replace the open Internet in Muslim countries in the regions.

Source: Cyrus Farivar, The Internet of Elsewhere.

On Friday, Ali Aghamohammadi, the Ahmadinejad Administration’s head of economic affairs was quoted in IRNA, a state-run news agency that Iran was working on a “halal Internet.”

“Iran will soon create an internet that conforms to Islamic principles, to improve its communication and trade links with the world,” he said, apparently explaining that the new network would operate in parallel to the regular Internet and would possibly eventually replace the open Internet in Muslim countries in the regions.

“We can describe it as a genuinely ‘halal’ network aimed at Muslims on a ethical and moral level,” he said.

“The aim of this network is to increase Iran and the Farsi language’s presence in what has become the most important source of international communication.”

In other Iranian Internet news, the commander of the Iranian civil defence organisation, Gholam Reza Jalali was also quoted in IRNA on Saturday that Iran believes the United States and Israel were behind the creation of the Stuxnet worm.

“Investigations and studies show that the source of Stuxnet originates from America and the Zionist regime,” he said.

In the same IRNA interview, Jalali was also quoted as saying that Iran was creating the “1390 Program” — 1390 being the current year in the Persian calendar — which would add six cyberdefense master’s degree programs and one doctoral program across various Iranian universities.

“The final solution to problems of [cyberdefense and the] formation of Jihad, is to achieve economic self-sufficiency in the production of basic software such as operating systems and software,” he said.