Tag Archives: Washington

Libya’s Stuxnet?

A group of security professionals who have good credentials and strong links to the U.S. government have outlined a Stuxnet-type attack on Libyan infrastructure, according to a document released this week. But is the group outlining risks to regional stability, or is it advocating a cyber attack on Muammar Gadhafi?

The document, Project Cyber Dawn (PDF), was released on May 28 2011 by CSFI – the Cyber Security Forum Initiative, which describes itself as

non-profit organization headquartered in Omaha, NE and in Washington DC with a mission “to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training to assist the US Government, US Military, Commercial Interests, and International Partners.”

CSFI now numbers about 7,500 members and an active LinkedIn forum.

To be clear, the document does not advocate anything. It merely highlights vulnerabilities, and details scenarios. It concludes, for example:

CSFI recommends the United States of America, its allies and international partners take the necessary steps toward helping normalizing Libya‘s cyber domain as a way to minimize possible future social and economic disruptions taking place through the Internet.

But before that it does say:

A cyber-attack would be among the easiest and most direct means to initially inject into the systems if unable to gain physical engineering attacks against the facility. Numerous client-side attack vectors exist that support payloads capable of compromising SCADA application platforms.

Elsewhere it says:

The area most vulnerable to a cyber-attack, which could impact not only the Libyan‘s prime source of income, but also the primary source of energy to the country, would be a focused attack on their petroleum refining facilities. Without refined products, it is difficult to fuel the trucks, tanks and planes needed to wage any effective war campaign.

The document itself is definitely worth a read; it doesn’t just focus on the cyberweapon side of things. And complicating matters is that one of the contributors to the report, a company called Unveillance, was hacked by a group called LulzSec around the time that the report was being finished. It’s not clear whether this affected release of the report.

Emails stolen from Unveillance and posted online by LulzSec indicate that two versions of the report were planned: one public one, linked to above, and one that would “go to staffers in the White House.” In another email a correspondent mentions an imminent briefing for Department of Defense officials on the report.

The only difference between the two reports that I can find are that the names of some SCADA equipment in Libya have been blacked out in the public version. The reports were being finalized when the hack took place–apparently in the second half of May.

Other commentators have suggested that we seem to have a group of security researchers and companies linked to the U.S. government apparently advocating what the U.S. government has, in its own report International Strategy for Cyberspace released May 17, would define as an act of cyberwar.

I guess I’m surprised by something else: That we have come, within a few short months, from thinking as Stuxnet as an outlier, as a sobering and somewhat shocking wake-up call to the power of the Internet as a vector for taking out supposedly resilient and well-defended machinery to having a public document airily discussing the exact same thing, only this time against non-nuclear infrastructure.

(The irony probably won’t escape some people that, according to a report in the New York Times in January, it was surrendered Libyan equipment that was used to test the effectiveness of Stuxnet before it was launched. I’m yet to be convinced that that was true, but it seems to be conventional wisdom these days.)

Frankly, I think we have to be really careful how we go about discussing these kinds of things. Yes, everything is at arm’s length in the sense that just because bodies such as CSFI may have photos of generals on their web-page, and their members talk about their reports going to the White House, doesn’t mean that their advice is snapped up.

But we’re at an odd point in the evolution of cyberwar presently, and I don’t think we have really come to terms with what we can do, what others can do, and the ramifications of that. Advocating taking out Libyan infrastructure with Stuxnet 2.0 may sound good, but it’s a road we need to think carefully about.

The Splog Thickens

I was amused, and somewhat perplexed, to read on BuzzMachine yesterday about a bizarre splog—spam blog to the rest of us—which copies text and then converts it to synonyms. Jeff explains: 

New splog tricks

In my ego searches, I just saw a splog that copied text of mine but ran it through ridiculous almost-synonym replacements. I’m assuming this is done to fool Google into thinking it is original content and perhaps to fool the text cops folks like the AP hire.

I still can’t quite work out what the function of this is. But I did come across another one on one of my own ego searches. It took me a bit of time to figure out where it came from. (It’s from Betsy Weber’s blog.)

Here’s the splog text, with the original in italics first. My questions:

  • How the hell does group become “Washington entranceway”?
  • and member become “sorority girl”?
  • I kind of like the fact that loose wire blog has become “Unfixed Twist Blog” and the WSJ has become the “Commodity Exchange Annual”;
  • But somehow which you can see here became “which her philander play against hither”.
  • And the last two paragraphs are so full of weirdness I don’t know where to start.

Join the New Screencast Group on Facebook

Clique with the Untouched Screencast Colligate in reference to Facebook

Are you addicted to Facebook like I am? I recently joined and find myself checking my Facebook page daily! Facebook is a great way to keep up with friends all over the world. Anyone can join Facebook for free.

Are them addicted up to Facebook freak out on You double sideband? Yourselves before heaped and decree myself checking my Facebook serve weekly newspaper! Facebook is a severe want as far as bear in cooperation with friends under the sun the people. Anyone heap up build up Facebook so footloose.

I was excited to see that Amit Agarwal from the Digital Inspiration Blog recently started a new group in Facebook all about Screencasting (link will not work unless you are a member of Facebook). I’m excited to learn and swap tips with fellow members in the group. I’m in very good company – I know expert screencasters, Beth Kanter and Long Zheng have joined the group. Plus, technology expert Jeremy Wagstaff of the Loose Wire Blog and Wall Street Journal is in there too! Remember Jeremy? He wrote a great directory of screencast resources which you can see here.

I was chafing over against run in that Amit Agarwal off the Radical Direct communication Blog previously started a fashionable Washington entranceway Facebook all nigh about Screencasting (deduction plan not lick excepting alter are a sorority girl re Facebook). Ba’m fidgety into go into training and trading tips with fellow members fellow feeling the peer group. Ba’m in very noble cohort- I savvy technical expert screencasters, Beth Kanter and Unrelenting Zheng force twin the collect. And, craft informed in Jeremy Wagstaff re the Unfixed Twist Blog and Commodity exchange Annual is ultra-ultra there inter alia! Think back Jeremy Yourselves wrote a commanding business directory upon screencast capital goods which her philander play against hither.

You cannot access the Screencasting group without being a member on Facebook. But, it’s painless to sign up for Facebook. Click here to register. And, if you join, feel free to add me as a friend!

You cannot access the Screencasting dig up except existing a belonger wherewith Facebook. Unless that, ego’s Mickey Mouse so do a tour in behalf of Facebook. Go as of now up bound. And, if number one knit, glance freely in contemplation of figure out you now a playmate!

Hope to see you join Facebook and in the Screencasting group to share your tips and tricks! Now I have an excuse to go into Facebook while at work. 😉

Hope into smell subliminal self link up Facebook and in the Screencasting detail up to quantum your tips and tricks! The present hour Better self buy an breast-beating up to talk Facebook lastingness at advanced work.

So could someone explain the point of these? There are no ads on the page—it’s a WordPress.com blog, so there can’t be. And, more importantly, what kind of synonym engine are these guys using?

I’m off to register unfixedtwist.com and, while I’m at it, numberoneknit.com.

BuzzMachine » Blog Archive » New splog tricks

IVR Cheat Sheets, And Dirty Tricks?

The IVR debate rumbles on. Could automated voice phone systems be better than just having a human answering the phone? Is it better to cheat the system? Paul English’s cheat sheet has appeared more than 100 TV and radio stations in a month. One company, Angel.com, has been fighting back, first with a pretty harsh broadside, but now appears to have replaced it (the page redirects) with a more measured ‘IVR Cheat Sheet for Businesses’, figuring, I guess, that if you can’t beat ‘em, join ‘em.

Anyway, I got an interesting take on it this morning as a comment appended to my blog from someone who identified herself as Kate, with a believable-looking email address. ‘She’ wrote:

Paul English makes some great points. I saw his piece on ABC World News Tonight and he’s bringing to light that most companies operating in the IVR space have shoddy systems. In my opinion, Angel.com is one of the few companies in the IVR industry trying to change things, however, with web-based next generation systems that link to CRM systems. Small businesses are finally able to create IVR systems (using a self service model if they wish) that are even more sophisticated than what large industry is using. My Dad uses the system for his online ebay store selling vintage posters and autographed baseballs. He’s able to provide far better customer service using Angel.com’s system than he would ever be able to provide on his own. The boon to small business of using these inexpensive, next generation IVR systems is getting lost in the debate.

That’s one well-written comment. I was impressed (as I imagine, would be Angel.com. Not only can they be linked with the little guy (and who wants to bash the little guy?) but they get to bash some of their competitors too). But not being cynical about the posting, I allowed it through and emailed ‘Kate’ with a request to interview her father. If true, it’s a valid point and one to explore.

What I didn’t expect was for the email to bounce. Not that unusual, especially with comment spam, but not when the given name (‘Kate’) jibes with the email address (‘katerobins@yahoo.com’). Why go to the trouble of putting a believable fake email address, especially when you presumably would be quite happy if someone followed up and got a bit of publicity for your eBay-selling dad? Baffled, I checked the IP address where the comment came from: a Verizon address in Washington DC. Not, coincidentally, that far from Angel.com HQ in McLean, Virginia.

I wish I could say my sleuthing took me further. But I could find no Kate Robins in the phone book, no sign of someone with that Yahoo address on Google, or anyone on eBay who might be her dad (not that surprising; it’s a big place). I’ll keep looking, but if anyone knows Kate Robins, her dad, or could shed any light on this, I’d love to hear from them. I’d hate to think that my blog is being used by anonymous shills to do damage limitation exercises for the IVR/CRM industry. On the other hand, if Kate does exist and just mistyped her email address, I’d love to follow up the angle she suggests.

Jim’s Answer To The Moleskine

My friend Jim was passing through town the other day, and we compared Moleskines. Or rather, I brought out my immaculate Moleskine and he brought out a black pile of something or other. I asked him to tell me about it in response to a comment from someone about the benefits of the Moleskine pocket on an earlier post. Jim posted his comments here but I reproduce them here in full, along with pictures:

To add to the great debate, Moleskin versus Miquelrius.

My qualifications, in brief, included 14 years in journalism, consulting, peacekeeping and roaming the world for other NGOs and international organizations. As a shorthand writer as well as one time foreign correspondent and official diplomatic notetaker, I think the old fashioned paper notebook is more reliable, in the long run, and less intimidating. It can transition gracefully from presidential palace to remote village. It doesn’t get crushed, run out of batteries or attract attention. Wrap it in a Zip Loc bag and its waterproof.

While I like the Moleskine’s “high end” features such as the strap, pagemarker and back pocket useful, it has drawbacks. The Moleksin has less volume, therefore I use one every three months as compared to a Miquelrius every eight months, even with extensive notetaking. This means the Moleskin is less useful as a portable archive.

Size does matter, but the Miqquelrius is still small enough to fit in a trouser pocket.

Jim's Miquelrius Notebook (open)

The Moleskine is also more expensive, so using them more frequently adds to the cost.

It is narrower more difficult to do good shorthand. The width also limits your ability to sketch and draw, everything from organigrams to the scenery.

My solution? Improvise with the Miquelrius to get something just right. Add a small envelope to the back. I use left over wedding RSVP envelopes:

Jim's Miquelrius Notebook pocket #3

I generally use two green elastic bands for section dividers. I picked those up wrapped around my vegetables from Trader Joes. The elastic bands the postman leaves behind also work:

Jim's Miquelrius Notebook (wide)

Pages can also be marked with Post-It Flags, paper clips and regular Post-It Notes folded back into the page you last used. My pictured notebook has been around the world a few times, including to a few remote African and Indonesian villages. It looks a bit tattered by the time you get it back to Washington, but I reckon there is nothing better for your “street cred” as a guy who knows what’s going on in the field than walking into a meeting with a weathered notebook.

Thanks, Jim.

Want Some Wi-Fi In Your Shopping Cart?

Amazing how Wi-Fi has come, in three or so years, from a very obscure and slightly geeky thing to something supermarkets sell, both in terms of devices and services.

Robert Jaques of VNUNet today reports that Linksys “will begin marketing a special line of wireless networking products for home users at selected Tesco superstores in the UK”. Linksys, the report says, is “the only consumer networking vendor in all three of the world’s top retailers, i.e. Tesco, Wal-Mart and Carrefour”.

A piece in this month’s Grocery Headquarters magazine, meanwhile (yes, I read it all the time) says “the supermarket industry is starting to use wi-fi cafes to drive incremental sales and customer loyalty one latte at a time”. Supermarkets in the U.S., the report says, are using their own wireless LANs to offer customers Wi-Fi. Wegmans Food Markets is already testing the technology in two Pennsylvania stores. Quality Food Centers (QFC), a division of Cincinnati-based Kroger Co., offers shoppers wi-fi access in half a dozen stores in the state of Washington.

Soon Wi-Fi will just be something that everyone has, everyone expects, and nobody pays for. Just as it should be.

WSJ.com – Russian Sites Sell Song Downloads For Pennies, But Are They Legal?

Good piece today on WSJ.com by Vauhini Vara about the legality Russian MP3 download sites like allofmp3.com: Russian Sites Sell Song Downloads For Pennies, But Are They Legal? (subscription only).

Vauhini quotes lawyers as saying “buying music from the sites is as illegal as downloading it for free over a file-swapping network. “It doesn’t matter if somebody downloads in the U.S. and believes that it’s legal because the site tells them so,” says Evan Cox, an intellectual property lawyer at the firm Covington & Burling in San Francisco.” Elsewhere in the story, Vauhini quotes Peter Necarsulmer, president of the Coalition for Intellectual Property Rights, a Washington, D.C.-based group that watches copyright-related activity in Russia as saying: “Russian legislation is the same as the rest of the world…Therefore, placing music on a Web page without the author’s permission is, of course, illegal.”

The problem, according to Vauhini, is that going after the services “could be difficult. “You’d have to subpoena the sites to get their records, and if they’re operated out of Russia, it may not be such an easy task,” says Michael S. Poster, a corporate and entertainment lawyer at Katten Muchin Zavis Rosenman in New York.”

Big Boys To Get Tough On Spam Together?

The big players are about to get tough on spam. Maybe.

An announcement on behalf of America Online, EarthLink, Microsoft, and Yahoo!, four leading e-mail providers and founders of the anti-spam industry alliance formed a year ago, says they will “make a joint announcement regarding the results of its first industry collaboration aimed at stopping spam at its source”. The statement said nothing else, apart from the fact the press conference will be held at 10:30 a.m. EST / 7:30 a.m. PST at the St. Regis Hotel in             Washington, D.C.

Internetnews.com reckons it might be a good reflection of cooperation between the big four. Although they’ve been talking for some time together, ”most of the actions taken by these players are independent motions to establish themselves as the heavyweight”.

 ”If they have managed to actually coordinate and cooperate among themselves in an effort to advance the fight against spam, that’s wonderful,” internetnews.com quotes Anne P. Mitchell, CEO of the Institute for Spam and Internet Public Policy, an organization that consults with business and government, as saying.

News: The MP3 Party Is Over?

 CNN reports that more than a million households deleted all the digital music files they had saved on their PCs in August, a sign that the record industry’s anti-piracy tactics are hitting home. It quoted research company NPD Group as crediting the ongoing anti-piracy campaign by the Recording Industry Association of America (RIAA) and said publicity about the move led more consumers to delete musical files. In August, 1.4 million households deleted all music files, whereas prior to August, deletions were at much lower levels, according to Port Washington.

Update: One Of Microsoft Security Report Authors Fired

 One of the authors of the security paper (PDF file) that said Microsoft was a threat to national security has been fired, according to CNET. Cambridge, Mass-based @Stake, where Dan Geer worked as chief technical officer, said in a statement Thursday that the researcher had not gotten his employers’ approval for the study’s release, and that he was no longer associated with the company. Although independently financed and researched, the study was distributed by the Computer and Communications Industry Association (CCIA), a Washington-based trade association largely made up of Microsoft’s rivals.
 
A Microsoft spokesman said the software maker had not pressured @Stake to make any decision on Geer’s status. Bruce
Schneier, a security expert and co-author of the report, saw things differently, according to CNET. He said the idea for the report had come from Geer and the other researchers, not from the CCIA or other Microsoft rivals. The group had found it hard to find other researchers to sign on to the idea, even if those approached agreed with the study’s premises, he said. “When we were conceiving and writing the report, a surprising number of researchers said ‘No,’ because of the fear of Microsoft,” Schneier said. “Dan was not talking for @Stake. We were speaking as researchers. The fact that @Stake couldn’t get around that shows the pressure that Microsoft brings to bear.”