Dirty Tricks, Cyber-style

ThinkProgress is reporting that the law firm of the US Chamber of Commerce (an NGO) hired several cyber-security firms to help them sabotage their political opponents:
"[A] law firm representing the US Chamber of Commerce ... is working with set of “private security” companies and lobbying firms to undermine their political opponents ... with a surreptitious sabotage campaign."
"According to e-mails ... the Chamber hired the lobbying firm Hunton and Williams [whose] attorney Richard Wyatt ... was hired by the Chamber in October of last year. To assist the Chamber, Wyatt and his associates, John Woods and Bob Quackenboss, solicited a set of private security firms — HB Gary Federal, Palantir, and Berico Technologies (collectively called Team Themis) — to develop tactics for damaging progressive groups and labor unions, in particular ThinkProgress, the labor coalition called Change to Win, the SEIU, US Chamber Watch, and StopTheChamber.com."
This sabotage campaign included feeding false information to discredit opponents, but also spying on the personal lives of opponents and their families:
"New emails reveal that the private spy company investigated the families and children of the Chamber’s political opponents. The apparent spearhead of this project was Aaron Barr, an executive at HB Gary. Barr circulated numerous emails and documents detailing information about political opponents’ children, spouses, and personal lives. One of the targets was Mike Gehrke, a former staffer with Change to Win. Among the information circulated about Gehrke was the specific “Jewish church” he attended and a link to pictures of his wife and two children ..."
Given how amazing their software is, I'm a bit bummed that Palantir was involved in this.


"Night Dragon" stalks big oil

According to a new report by McAfee (pdf):
"Attackers using several locations in China have [waged] attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the US to acquire proprietary and highly confidential information."
These attacks (nicknamed "Night Dragon" by McAfee analysts) include social engineering, shrink-wrapped toolkits, and a handful of IE exploits. Hackers have been able to access sensitive data, both business-related and personal.

McAfee is calling 2010 a watershed year for computer security, at which hacking evolved from dangerous nuisance (e.g., Code Red, Sasser, Conficker) to genuine threat (e.g., Stuxnet). For a long time, hacking was brushed off as vandalism and petty crime. As critical systems discover the magnitude of their vulnerability, computing security is rapidly becoming part of national security.


Internet 'kill switches'

Shutting off the Egyptian Internet has (finally) drawn attention to a US Senate bill that seeks to permit the same sort of thing here. CNET has a nice summary:
In December, a Senate committee approved a bill introduced last summer and scheduled to be re-introduced soon, by senators Lieberman (I-CT) and Collins (R-ME) [with the support of at least some Democrats], which would [give American presidents] power over privately-owned computer systems during a "national cyber emergency." The latest public version includes controversial new language saying that the federal government's designation of vital Internet or other computer systems "shall not be subject to judicial review."
Say it ain't so, Joe.


Science enters the network age

Writing at SEED magazine, John Wilbanks has drawn attention to the transformation currently taking place in academic publishing, namely the slow shift from paper to digital that is also gradually opening models of knowledge sharing in bold new ways.
"Publishers like Hindawi and BioMed Central and the Public Library of Science use Creative Commons copyright licenses to grant all rights to their users to make and distribute copies, to remake and remix the knowledge, reserving only the mandate for attribution. ... This is how we maximize our societal investment in science: by making sure it can be read, understood, and used by the network culture."
Imagine a world where scientific knowledge were not trapped behind proprietary walls, where anyone could access cutting-edge research, participating according to their ability. Imagine how this might accelerate the pace of innovation and change, speed discovery of errors, and expand the community of scholars.


The Tweet of Damocles

Clearly, social media are expanding dialogue throughout the world, and have the potential to radically reduce the costs of grassroots organizing. But they can also make it easy to track the words (if not deeds) of users, especially those naive enough to believe new media can somehow transcend traditional power politics. Writing for the New York Times, Scott Shane writes of how repressive governments are using social platforms like Facebook and Twitter to build profiles of dissidents, map the networks of their friends and allies, and to sow misinformation.
"The Iranian police eagerly followed the electronic trails left by activists, which assisted them in making thousands of arrests in the crackdown that followed. The government even crowd-sourced its hunt for enemies, posting on the Web the photos of unidentified demonstrators and inviting Iranians to identify them."
Of course, the ability to track the movement of memes through networks can also be used for good. It's also likely that savvy users may always find lower-risk ways to connect. But there's a serious problem with assuming that any technology is an unqualified social good, or rather, that any technology is beyond corruption. While they may not have anticipated that the Mubarak government would completely quash the Egyptian Internet, organizers were well aware that both Facebook and Twitter could be used against them, and urged protesters to communicate by more direct means (photocopies and faxes).

The same tools that move us towards a world of ends can also be used by those who desperately want to hold the center of that world. Mind the gap.


How Egypt pulled the plug

GigaOM has an interesting piece on how Egypt Switched Off the Internet.
"Plenty of nations place limitations on communications, sometimes very severe ones. But there are only a few examples of regimes shutting down communications entirely — Burma’s military leaders notably cut connectivity during the protests of 2007, and Nepal did a similar thing after the king took control of the government in 2005 as part of his battle against insurgents. Local Chinese authorities have also conducted similar, short-lived blockades."
That Egypt's Internet could be smothered so easily should be sobering for the "Internet will set us free" crowd, but that news is still emerging shows that it's still not so easy to control the external message.

Perhaps we'll ultimately see support for Keck and Sikkink's "boomerang effect," but events in Egypt (and Iran) show how the power of social and mobile media to coordinate collective action at local levels can be blunted. Moreover, it shows why protest organizers should be prepared for the sudden loss of such tools.


Egypt: 404

CNET and many others are reporting that all Internet traffic in Egypt has gone offline.
I hadn't realized we would be importing the Internet kill switch. Perhaps Malcolm Gladwell and Evgeny Morozov are onto something?

Addendum: It appears that the darkness is not (yet) total.


Sedition in a box

Symantec just released its Mid-Term Internet Security Threat Report, and surprise, surprise - the Wild West is getting wilder. It used to be that knocking a server offline, or stealing confidential data took programming savvy. Not anymore.

According to Symantec, the greatest threat to the Internet today are plug-and-play "Web Attack Toolkits," which enable script kiddies to roll with the big boys.


Nerdcore could rise up

Estonia could get elevated - NCS is reporting that the country has formed the Computer Emergency Response Team of Estonia (CERT-E, also known as the Cyber Defense League), a militia intended to protect the country should someone try to out-do the 2007 attacks on the country:
"The league, made up of a group of Estonian programmers, computer scientists and software engineers would be the country’s main leg of defense in the event of a second cyberwar, but an all-volunteer unit may not pack enough nerdpower for confident security. Instead, Estonian officials are considering a draft among the country’s IT work force, Defense Minister Jaak Aaviksoo told NPR this week."
"We are thinking of introducing this conscript service, a cyber service,” Aaviksoo said. “This is an idea that we’ve been playing around [with]."
Sort of like the Global Frequency, but with uniforms.


US strategy to prevent leaks, leaked

TechSpot News is reporting that MSNBC has received a memo detailing the US' government strategy to prevent leaks in a "post-Wikileaks environment."
Each initial assessment should be completed by January 28, 2011, and should include the following ...
  1. Assess what your agency has done or plans to do to address any perceived vulnerabilities, weaknesses, or gaps on automated systems ...
  2. Assess weakness or gaps ... and formulate plans to resolve the issues or to shift or acquire resources to address those weaknesses or gaps.
  3. Assess your agency's plans for changes and upgrades to current classified networks, systems, applications, databases, websites, and online collaboration environments ­ as well as for all new classified networks, systems, applications, databases, websites or online collaboration environments that are in the planning, implementation, or testing phases ...
  4. Assess all security, counterintelligence, and information assurance policy and regulatory documents that have been established by and for your department or agency.


Censorship, Digg?

Alternet has posted an article about an effort by self-identified conservatives to censor Digg rankings. For those unfamiliar with Digg, it's essentially a platform for crowd-sourced submission and ranking of websites and postings.

A year-long investigation has uncovered a rather effective campaign to "bury" new submissions contrary to the agenda of these conservative activists. These "Digg Patriots" (there are several similar groups) gave such Diggs an avalanche of negative votes (thus elevating "conservative-supporting" posts), coordinating their attacks and using multiple account profiles.

So much for the inherent democracy of the Interwebs.