Category Archives: Cyber War

Pelosi/Schumer Against Wall, Why? Quanergy Systems

Posted on by

This could be the real ah hah!

A stealth wall and they are tapping Pelosi and Schumer:

And how cool is it that Quanergy completed Series C financing with a valuation surpassing $2 BILLION only happened last October. Really? Yuppers and an IPO process is on track. It is all about Silicon Valley and we know those pesky democrats are quite tied, obligation and dependent on Silicon Valley money.

A stealth wall? A digital wall? A virtual wall? Yuppers again.

You see Silicon Valley wants Nancy and all the other democrats to win over this wall debate and not Trump. Other companies include advances in artificial intelligence, digital cameras, lidar, advanced and surveillance technology.

Oh wait there is more. We have yet another company called Anduril. The founder of Anduril is Palmer Luckey who built a a virtual reality enterprise and sold it to who? Oh—–> FACEBOOK in 2014 for a mere $2BILLION.

Okay, how about Cogniac? Well they offer technology identifying people and objects in digital images and cameras.

Okay, I am all for VERY advanced technology and this could be a real prudent solution to several variations of miles along our southern border.

This all seems to go back as far as 2008 and lil Ms. Nancy was on board back then.

Speaker of the House Nancy Pelosi called upon Silicon Valley leaders on Monday to send Washington their ideas on how the United States can reverse global warming, improve education and health care and rebuild U.S. infrastructure.

‘We have to pass this planet on to the next generation better than we found it,’ she told a meeting of the Silicon Valley Leadership Group, which celebrated its 30th anniversary in Santa Clara Convention Center with coffee and cake for several hundred people. ‘I will compete with any initiative anyone wants to put forward for funding.’

The group was founded by David Packard in 1978 as the Santa Clara County Manufacturing Group. Packard wanted to improve the region’s economy and quality of life, and the group started with 33 companies. It has evolved into a policymaking forum for 260 companies that tackle issues of global importance.

Pelosi, D-San Francisco, was one of a many speakers who talked Monday about how the country can stay competitive in the global economy. She got a standing ovation as she took the stage.

She called for ‘a massive infusion of resources’ into basic biomedical research, investment in electronic health records, preventive medical care and innovations in green technology to create American jobs.

She also called on Silicon Valley leaders to follow in the footsteps of Presidents Thomas Jefferson, who built roads and canals through the territories of the Louisiana Purchase, and Theodore Roosevelt, who established the national park system.

‘We have a responsibility to build infrastructure in America … and to do it in a green way and think in an entrepreneurial way,’ she said. ‘Our competitors are way ahead of us on this.’

The group also heard from U.S. Reps. Anna Eshoo, D-Palo Alto; George Miller, D-Martinez; and Zoe Lofgren, D-San Jose, who is working on a bill to help the United States retain talented immigrants who graduate from American universities. ‘Why send them home to compete with us when they could be part of our team?’ Lofgren asked.

Bill Watkins, chief executive officer of Seagate Technology in Scotts Valley Santa Cruz County, said the United States and California in particular has to improve its schools and provide health insurance for children. ‘We have the best military in the world because someone sticks up and demands it,’ he said. ‘People in this room need to start demanding the best education system.’

Other speakers included Mike Splinter, the CEO of Applied Materials, and venture capitalist John Doerr of Kleiner Perkins Caufield & Byers, who called on companies to contribute to his Middle School Math Initiative, which trains teachers to teach math, by adopting at least one school in Silicon Valley for $5,000 a piece. ‘If these kids don’t have a math ‘Aha!’ moment, we’re going to lose them,’ he said.

Not to be left out is Senator Kamala Harris and her overwhelming admiration for social planning by the ‘Valley’.

President Trump is not against advanced technology along the border either, in fact he has said there should be various types of barriers and technology where feasible. Of note, Quanergy Systems is constructing a pilot program applying lidar border security along the India-Pakistan border. The founder of Quanergy, Mr. Eldada declares that concrete walls are an eyesore and they intrude on the environmental landscape impeding the free movement of wildlife.

The time is now to get on with the solution to the government shutdown and begin the pilot programs at our border with perhaps variations of technology and concrete…at least Pelosi and Schumer should go through those open doors and the White House and get on with it all.

Does Sen. Gillibrand Know this About ICE?

Posted on by
In recent days, Senator Kirsten Gillibrand while wanting to shut down ICE and ‘re-imagine’ the agency has tweeted about silencing women, children with mothers not being allowed to cross the border illegally and then about how real climate change is, perhaps should have her staff research a little further on the duties and work that ICE performs.

Back in July, Senator Gillibrand declared that when the Democrats assume control of Congress, abolishing ICE is the first thing they should do.
Well how about counterfeit goods and websites? Seems she and her staff have no clue.
Over a million websites seized in global operation
Over a million websites seized in global operation
Over a million websites seized in global operation

WASHINGTON – More than 1 million copyright-infringing website domain names selling counterfeit automotive parts, electrical components, personal care items and other fake goods were criminally and civilly seized in the past year through the combined efforts of law-enforcement agencies across the world, high-profile industry representatives and anti-counterfeiting associations.

The ongoing intellectual property enforcement initiative targeting fake websites, dubbed Operation In Our Sites, was facilitated by the National Intellectual Property Rights Coordination Center (IPR Center), a joint-task force agency led by U.S. Immigration and Customs Enforcement. The IPR Center, which stands at the forefront of the U.S. government’s response to IP theft, worked directly with key international law-enforcement authorities and industry organizations representing the electronics sector, luxury brand-name designers, film and entertainment and several entities specializing in apparel and accessories through the major enforcement effort.

Roughly 33,600 website domain names were criminally seized in a collaborative effort between ICE’s Homeland Security Investigations (HSI), Europol, Interpol and police agencies from 26 different countries. Industry partners participating in the operation were fully responsible for civilly seizing 1.21 million domain names and shutting down 2.2 million erroneous ecommerce links featured on social media platforms and third-party marketplaces.

“The IPR Center is committed to supporting enforcement actions that target copyright-infringing websites threatening the health and safety of unsuspecting consumers by offering dangerous counterfeit goods,” said IPR Center Director Alex Khu. “Collaborative efforts with external law enforcement agencies and industry have led to a crackdown on intellectual property theft that negatively impacts economies and funds organizations involved in other criminal activities.”

Investigations led by HSI resulted in the removal of copyright-infringing websites that sold counterfeit airbags and integrated sensors, both commodities that present a potential safety hazard. An investigation based in Louisiana led to the seizure of five website domain names – including Chinaseatbelt.com; Airbagpart.com; Chinasafetybelt.com; Fareurope.com; and Far-europe.com – involved in the sale of fake automotive parts. A joint case between HSI and Department of Defense investigative agencies resulted in the removal of PRBlogics.com, a copyright-infringing website offering counterfeit integrated sensors.

Each year, the market is flooded with counterfeit products being sold at stores, on street corners and online. Additionally, criminals have taken advantage of the internet to deceive, sell and ship fake products directly to American consumers. The most popular counterfeit products seized each year include watches, jewelry, handbags, wallets, wearing apparel/accessories, consumer electronics/parts, pharmaceuticals and personal care products.

The IPR Center – formally codified in the Trade Facilitation and Trade Enforcement Act of 2015 – is one of the U.S. government’s key weapons in the fight against criminal counterfeiting and piracy. The center uses the expertise of its 24 member agencies to share information, develop initiatives, coordinate enforcement actions, and conduct investigations related to IP theft. Through this strategic interagency partnership, the IPR Center protects the public’s health and safety, the U.S. economy and the warfighters.

DHS Concerns on Election Related Incidents, Facebook Doesn’t Care

Posted on by

The Department of Homeland Security notices an increase of election-related incidents, but thinks midterm voting will go off relatively unproblematically. Anomali reports a surge in black-market trafficking of voter records.

Voting Records of Over 40 Million Americans for Sale on ...

But you wont find out from Facebook if there are any issues….Facebook is going to block all posts regarding voting issues.

What could be the issues?

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering a large quantity of voter databases for sale. The databases include valuable personally identifiable information and voting history. The disclosure reportedly affects 19 states and includes 23 million records for just three of the 19 states. No record counts were provided for the remaining 16 states, but do include prices for each state. We estimate that the entire contents of the disclosure could exceed 35 million records. Researchers have reviewed a sample of the database records and determined the data to be valid with a high degree of confidence.

Of note, the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.

To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including US voters’ personally identifiable information and voting history. With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft. More here.

Meanwhile, over to Facebook…. (who are they to determine what is false? See something, say something and Facebook will punish us all.)

MENLO PARK, Calif. (Reuters) – Facebook Inc will ban false information about voting requirements and fact-check fake reports of violence or long lines at polling stations ahead of next month’s U.S. midterm elections, company executives told Reuters, the latest effort to reduce voter manipulation on its service.

The world’s largest online social network, with 1.5 billion daily users, has stopped short of banning all false or misleading posts, something that Facebook has shied away from as it would likely increase its expenses and leave it open to charges of censorship.

The latest move addresses a sensitive area for the company, which has come under fire for its lax approach to fake news reports and disinformation campaigns, which many believe affected the outcome of the 2016 presidential election, won by Donald Trump.

The new policy was disclosed by Facebook’s cybersecurity policy chief, Nathaniel Gleicher, and other company executives.

The ban on false information about voting methods, set to be announced later on Monday, comes six weeks after Senator Ron Wyden asked Chief Operating Officer Sheryl Sandberg how Facebook would counter posts aimed at suppressing votes, such as by telling certain users they could vote by text, a hoax that has been used to reduce turnout in the past.

The information on voting methods becomes one of the few areas in which falsehoods are prohibited on Facebook, a policy enforced by what the company calls “community standards” moderators, although application of its standards has been uneven. It will not stop the vast majority of untruthful posts about candidates or other election issues.

“We don’t believe we should remove things from Facebook that are shared by authentic people if they don’t violate those community standards, even if they are false,” said Tessa Lyons, product manager for Facebook’s News Feed feature that shows users what friends are sharing.

Links to discouraging reports about polling places that may be inflated or misleading will be referred to fact-checkers under the new policy, Facebook said. If then marked as false, the reports will not be removed but will be seen by fewer of the poster’s friends.

Such partial measures leave Facebook more open to manipulation by users seeking to affect the election, critics say. Russia, and potentially other foreign parties, are already making “pervasive” efforts to interfere in upcoming U.S. elections, the leader of Trump’s national security team said in early August.

Just days before that, Facebook said it uncovered a coordinated political influence campaign to mislead its users and sow dissension among voters, removing 32 pages and accounts from Facebook and Instagram. Members of Congress briefed by Facebook said the methodology suggested Russian involvement.

Trump has disputed claims that Russia has attempted to interfere in U.S. elections. Russian President Vladimir Putin has denied it.

WEIGHING BAN ON HACKED MATERIAL

Facebook instituted a global ban on false information about when and where to vote in 2016, but Monday’s move goes further, including posts about exaggerated identification requirements.

Facebook executives are also debating whether to follow Twitter Inc’s recent policy change to ban posts linking to hacked material, Gleicher told Reuters in an interview.

The dissemination of hacked emails from Democratic party officials likely played a role in tipping the 2016 presidential election to Trump, and Director of National Intelligence Dan Coats has warned that Russia has recently been attempting to hack and steal information from U.S. candidates and government officials. More here.

5G Coming with Major Risks from China

Posted on by

Primer: Samsung Galaxy S10 Coming with 5G Data Speeds ...

Stuart Madnick, who’s been professor of information technology at the Massachusetts Institute of Technology since 1972, tells Inverse that the FCC and ISPs are casting a double-edged sword in their rush to implement 5G.

“It’s like going from fireworks to dynamite sticks,” Madnick says. “5G encourages further evolution and expansion of Internet of Things related networks. All of the good news and bad news that comes along with this technology gets magnified.”

He’s especially concerned about the risk of denial of service attacks — or DDoS for short — becoming more powerful than ever before. One of the advertised benefits of 5G is that it will allow even more IoT devices, like refrigerators or light bulbs, to come online. This would allow users to remotely check the contents of their fridge or dim their bedroom lights using their phones, but these devices can also be harnessed for nefarious purposes.

One of the most notorious DDoS incidents in history — the 2016 Dyn cyberattack — was facilitated by unsecured IoT devices, like security cameras, printers, and baby monitors. Hacker groups Anonymous and New World Hackers allegedly took control of thousand of electronics that still had their default passwords to amass an army of zombie devices, known as a botnet.

This network was used to overwhelm the servers of internet performance management company, Dyn. Websites like Twitter, SoundCloud, Spotify, and Shopify were inaccessible for a day. Madnick believes this could happen again, to a degree that hasn’t even been imagined yet. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity.

*** Related reading: Lessons Learned from WannaCry attack

How 5G will Power the Future Internet of Things - iQ by Intel

Ex-security minister Admiral Lord West calls for urgent government action after Chinese firms are banned in Australia and the US.

Security threats from Chinese companies building 5G networks could end up “putting all of us at risk” if they are not tackled quickly, according to a former security minister.

Speaking to Sky News, Admiral Lord West, a former First Sea Lord who served under Gordon Brown as a security minister, urged the government to set up a unit reporting directly to the prime minister to monitor the risk posed by Chinese equipment in 5G.

5G has been hailed as the next great leap for mobile communications, enabling everything from smart cities to hologram calls.

However, the best 5G technology comes from Chinese companies, raising the fear that China’s government could have ground-level access to – even control of – the UK’s critical data infrastructure.

“We’ve got to see there’s a risk,” Lord West said. “Yes, we want 5G, but for goodness sake we need to do all of these things to make sure it’s not putting all of us at risk.”

In April, the United States banned Chinese multinationals Huawei and ZTE – both specialists in 5G – from selling equipment to the federal government.

In August, the Australian government banned the same two firms from supplying technology for its 5G network, a decision foreign minister Marise Payne described as necessary for “the protection of Australia’s national security”.

In a statement, Huawei called the decision “politically motivated, not the result of a fact-based, transparent, or equitable decision-making process,” adding that “there is no fundamental difference between 5G and 4G network architecture… 5G has stronger guarantees around privacy and security protection than 3G and 4G”.

Robert Hannigan, former director of GCHQ, told Sky News an outright ban in the UK would not make 5G safe.

“The best companies in 5G are probably the Chinese ones and there aren’t many alternatives,” he said, before warning that new measures were needed to test the security of the network.

“We do need to find a way of scrutinising what is being installed in our network, and how it is being overseen and how it is being controlled and how it’s being upgraded in the future. And we have to find a more effective way of doing that at scale.”

In April, GCHQ’s National Cyber Security Centre warned ZTE could pose a national security risk to the UK.

Two months later, the UK’s Huawei Cyber Security Evaluation Centre, a group set up by the government to monitor the Chinese firm, announced that it had “only limited assurance” that Huawei posed no threat to national security

“It was a bit of a warning to Huawei,” said Mr Hannigan. “They needed to get better at cooperating and take this more seriously.”

The difficulty for the Huawei Cyber Security Evaluation Centre is knowing for certain that the code it vets and approves is the same code that is going into networks.

“That’s been a persistent problem,” said Mr Hannigan. “That needs more work.”

The government has put £200m into the development of 5G. Last month, the first 5G pilot centre launched in the West Midlands, testing the technology before a national roll-out.

BT, which uses Huawei to supply parts for its network, told Sky News that it would “apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government”.

GAO Report on Weapons Systems Hacking Vulnerabilities

Posted on by

Cant make this up and further there is a huge element of deniability that such vulnerabilities exists.

GAO report reveals new Pentagon weapon systems vulnerable ...

GAO: In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected.

DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD did not make weapon cybersecurity a priority. Over the past few years, DOD has taken steps towards improvement, like updating policies and increasing testing.

Federal information security—another term for cybersecurity—has been on our list of High Risk issues since 1997.

Today’s weapon systems are heavily computerized, which opens more attack opportunities for adversaries (represented below in a fictitious weapon system for classification reasons). The full report here.

APKWS on target | Jane's 360

*** From Wired in part:

In other cases, the report states that automated systems did detect the testers, but that the humans responsible for monitoring those systems didn’t understand what the intrusion technology was trying to tell them.

Like most unclassified reports about classified subjects, the GAO report is rich in scope but poor in specifics, mentioning various officials and systems without identifying them. The report also cautions that “cybersecurity assessment findings are as of a specific date so vulnerabilities identified during system development may no longer exist when the system is fielded.” Even so, it paints a picture of a Defense Department playing catch-up to the realities of cyberwarfare, even in 2018.

Edelman says the report reminded him of the opening scene of Battlestar Galactica, in which a cybernetic enemy called the Cylons wipes out humanity’s entire fleet of advanced fighter jets by infecting their computers. (The titular ship is spared, thanks to its outdated systems.) “A trillion dollars of hardware is worthless if you can’t get the first shot off,” Edelman says. That kind of asymmetrical cyberattack has long worried cybersecurity experts, and has been an operational doctrine of some of the United States’ biggest adversaries, including, Edelman says, China, Russia, and North Korea. Yet the report underscores a troubling disconnect between how vulnerable DOD weapons systems are, and how secure DOD officials believe them to be.

“In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic,” the report reads. DOD officials noted, for instance, that testers had access that real-world hackers might not. But the GAO also interviewed NSA officials who dismissed those concerns, saying in the report that “adversaries are not subject to the types of limitations imposed on test teams, such as time constraints and limited funding—and this information and access are granted to testers to more closely simulate moderate to advanced threats.”

It’s important to be clear that when the DOD dismisses these results, they are dismissing the testing from their own department. The GAO didn’t conduct any tests itself; rather, it audited the assessments of Defense Department testing teams. But arguments over what constitutes a realistic testing condition are a staple of the defense community, says Caolionn O’Connell, a military acquisition and technology expert at Rand Corporation, which has contracts with the DOD.