Wednesday, December 30, 2009

Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts



http://livehacking.com/


Dr. Ali Jahangiri, a world-renowned information technology (IT) expert, brings us the next must-have in IT training: Live Hacking, the definitive and comprehensive guide to computer hacking. Groundbreaking, insightful, and practical, this guide serves to inform IT professionals about and challenge existing conceptions of hacking, its victims, and its consequences, but with an eye to empowering prospective victims with the knowledge they need to thwart the criminal elements in cyberspace. Whether you work in a Fortune 500 company or if you’re just looking to protect your home office from hackers, this book will provide you with all the information you need to protect your valuable information. Don’t be a victim; be ready!
Live Hacking is straightforward, easy to read, and a reference that you’ll use again and again. It’s the kind of book you’ll want to keep in your back pocket! With a user-friendly writing style and easy-to-follow diagrams and computer screenshots, Dr. Jahangiri expounds on all of the major issues—and more—in hacking:
- Basic Hacking Terminology
- Reconnaissance
- Google Hacking
- Scanning
- Enumeration
- Password Cracking
- Windows Hacking
- Malware
- Data Packet Sniffers
- Web Server and Web Application Hacking
- Denial of Service
- Wireless Network Hacking


Learn How To Hack

Learn How To Hack

 
Rest assured, Dr. Jahangiri knows all of the tools of the trade to help protect your organization’s IT assets. He brings his many years of academic, professional, and practical experience to the fore in order to equip you and your organization with the know-how needed in this day and age to defend your data against the ever-increasing cyber-thieves on the Internet. Millions of dollars are lost each year to these criminals. Dr. Jahangiri shows you in this brand new book—the most complete guide on the market—how to avoid becoming another statistic.
Dr. Jahangiri conducts thousands of hours of training per year, has patents in network security, and speaks on a variety of computer security-related issues all over the world. He even offers advice on his web site www.alijahangiri.org . His new book Live Hacking is like having your own private IT security guard. With his knowledge at your fingertips, you can fight back and stay on the offensive!

Saturday, December 26, 2009

Thursday, December 24, 2009

As attacks increase, U.S. struggles to recruit computer security experts

Washington Post Staff Writer
Wednesday, December 23, 2009


The federal government is struggling to fill a growing demand for skilled computer-security workers, from technicians to policymakers, at a time when network attacks are rising in frequency and sophistication.

Demand is so intense that it has sparked a bidding war among agencies and contractors for a small pool of special talent: skilled technicians with security clearances. Their scarcity is driving up salaries, depriving agencies of skills, and in some cases affecting project quality, industry officials said.

The crunch hits as the Pentagon is attempting to staff a new Cyber Command to fuse offensive and defensive computer-security missions and the Department of Homeland Security plans to expand its own "cyber" force by up to 1,000 people in the next three years. Even President Obama struggled to fill one critical position: Seven months after Obama pledged to name a national cyber-adviser, the White House announced Tuesday that Howard Schmidt, a former Bush administration official and Microsoft chief security officer, will lead the nation's efforts to better protect its critical computer networks.

The lack of trained defenders for these networks is leading to serious gaps in protection and significant losses of intelligence, national security experts said. The Government Accountability Office told a Senate panel in November that the number of scans, probes and attacks reported to the Department of Homeland Security's U.S. Computer Emergency Readiness Team has more than tripled, from 5,500 in 2006 to 16,840 in 2008.

"We know how we can be penetrated," said Sen. Benjamin L. Cardin (D-Md.), chairman of the Judiciary subcommittee on terrorism and homeland security. "We don't know how to prevent it effectively."

Indeed, the protection of critical computer systems and sensitive data, said former National Security Agency director William Studeman, may be the "biggest single problem" facing the national security establishment.

Agencies under attack

One evening in May 2006, a U.S. embassy employee in East Asia clicked on an innocent-looking e-mail attachment that opened the door to the most significant cyberattack the State Department has yet faced, allowing attackers operating through computers in China to send malicious computer code into the department's networks in the region.

State's cyber-emergency response team immediately went into action, working round-the-clock for two weeks to isolate the harmful code and craft a temporary patch that officials said prevented a massive data theft.

The department's response to the attack highlights how skills matter, experts said. In 2000, State had hired technicians -- the vast majority contractors -- who custom-built an intrusion detection system and trained people to identify malicious software and reverse-engineer it to determine an attack's goals and methods. As a result, department technicians in 2006 were able to contain the attack quickly, said Alan Paller of the SANS Institute, who has analyzed the case for the Center for Strategic and International Studies.

Unlike State, most government agencies and private companies lack the skills and resources to muster a robust containment effort.

Two months after the East Asia intrusion, the Commerce Department detected a similar attack -- but only after a deputy undersecretary was unable to log on to his computer. Contractor technicians were never able to identify the initial date of penetration into the computers of the Bureau of Industry and Security, which controls sensitive exports of technology that has both commercial and military uses.

It took eight days once the attack was discovered for technicians to install a filter to prevent leaks, and then they installed the wrong kind of filter, said Paller, sharing previously undisclosed findings about the incident, first reported in The Washington Post in October 2006.

Because of "operational security concerns," the Commerce Department declined to comment for this article. But a senior Commerce official told a House Homeland Security panel in 2007 that the agency had no evidence that data were compromised. Still, the department replaced hundreds of workstations and blocked employees from regular Internet use for more than a month.

Commerce is trying to improve, but it can take years to put the people, processes and technology in place to wage an effective defense, said Mischel Kwon, former director of the Department of Homeland Security's readiness team. For years, she said, most civilian agencies were forced by federal law to spend their cyber-funds on security audits as opposed to crafting a strong security program.

And most federal information technology managers do not know what advanced skills are needed to combat cyberattacks, said Karen Evans, information technology administrator in the Bush administration.

"Skills," Paller said, "are much more important than hardware."

The federal pay gap

A pillar of the federal government's effort to develop talent is the National Science Foundation's Scholarship for Service program, which pays for up to two years of college in exchange for an equal number of years of federal service. However, the program has placed fewer than 1,000 students since its inception in 2001.

The career of a 30-year-old computer scientist named Brian Denny shows how the government is often outbid by the private sector in recruiting cyber-warriors.

Denny earned a computer science masters degree in 2004 from Purdue University on an NSF scholarship. In return, he spent two years at the National Security Agency, identifying novel security flaws in computer systems and software. Then Booz Allen Hamilton, a major intelligence contractor, hired him at a 45 percent pay raise.

Today, Denny works for a small employee-owned firm that has federal government and private-sector contracts, and his pay is higher still. "You can still do a lot of cool national-security-related work as a contractor," said Denny, chief security architect for Ponte Technologies in Ellicott City, Md., near the NSA. "The pay difference is so dramatic now," he said, "you can't ignore it."

Recently, a military officer with 20 years' cybersecurity experience and a coveted security clearance sauntered out of a job interview with Northrop Grumman, a major defense contractor that is making an aggressive play for potentially billions of dollars in government cyber-business.

"It's mind-roasting," said the officer, who is about to retire. "I've had people call my house, recruiters for defense contractors . . . probably 20 calls."

The labor shortage is torquing up salaries, a cost that often gets passed on to the government. Some young people with three years' experience and a clearance are commanding salaries above $100,000. "Companies are paying people to jump from one company to another," said Ed Giorgio, a former NSA official and Ponte Technologies co-founder. The job-hopping can undermine the firm's performance on a contract, he said.

Philip Reitinger, deputy undersecretary of Homeland Security's National Protection and Programs Directorate, conceded that the government generally cannot match industry pay scales. "But in government, one can have a bigger ability to effect change at an earlier place in your career than anywhere else," he said. "And -- your country needs you."

Homeland Security officials acknowledged that hiring 1,000 people will be difficult, so they are also looking at training people already in the federal government.

Cybersecurity lawyers, researchers and policymakers are also in short supply. The Pentagon, for instance, lacks a career path to develop "expert decision-making in the cyber field," said Robert D. Gourley, a former Defense Intelligence Agency chief technology officer. "The great cyber-generals are few and far between."

Tuesday, December 22, 2009

Information Security Forum




https://www.securityforum.org/



Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit organisation that supplies authoritative opinion and guidance on all aspects of information security. By harnessing our world-renowned expertise and the collective knowledge and experience of our 300 members, the ISF delivers practical solutions to overcome wide-ranging security challenges impacting business information today.


Four main areas of service are available to our Members:


Tools and Methodologies, built using the collective expertise, insight, and knowledge of our Members worldwide
A comprehensive programme of Knowledge and Information Exchange, offering interactive peer-to-peer forums that give Members an opportunity to meet on a regular basis to share best practices, experiences and perspectives on a wide range of issues.



An impressive library of Research and Report material, incorporating an unmatched degree of thought leadership in information security, information risk management and related topics.
The ISF Annual World Congress, our flagship global event which offers attendees an opportunity to discuss key security challenges and gain practical advice from peers and leading industry experts from around the world.

Wednesday, December 16, 2009

A comprehensive national broadband plan.

FCC digs into broadband controversies


by Marguerite Reardon

The Federal Communications Commission is taking on difficult and controversial issues as it works toward developing a comprehensive national broadband plan.

On Wednesday the agency heard from an FCC task force on the progress that it's making in writing that broadband plan, which will be presented to Congress in February.

The FCC has been tasked with developing a plan that will get broadband services to all Americans. In working to come up with a comprehensive policy, the FCC has tackled several controversial issues, most notably reforming the Universal Service Fund, reallocating wireless spectrum, and forcing more competition in the market for cable set-top boxes.

One of the top items on the FCC task force's to-do list is reforming the $7 billion rural phone subsidy program called the Universal Service Fund. This program, which also provides funding for schools and libraries through its E-rate program, is funded by consumers, who are charged extra fees on their long-distance phone bills. Specifically, the agency wants to expand the program to help fund broadband service in parts of the country where private industry doesn't find it profitable to invest.

The task force didn't provide long-term recommendations for transitioning USF into funding broadband deployments. But in the short term, it suggested extending some current programs such as life-line link-up to schools and other public areas to provide more access to unemployed people who may not have Internet connectivity at home. The idea is that these individuals can use broadband in these public areas to look for jobs.

FCC Chairman Julius Genachowski said it will take time to get reforms in place. He noted that the national broadband plan won't directly affect USF, but he said the program, once it's expanded, will eventually help fund and become a key part of helping get broadband to underserved parts of the country.

"It's tempting to kick the can [USF reform} further down the road," he said. "But for many reasons it's important to begin tackling these issues now. We must make sure that the fund fully supports the technology of today and tomorrow, not just the technology of the past."

But the process is going to be a long one, he said. And he wouldn't comment on whether true reform could be achieved in his term as chairman.

The FCC task force also reiterated its plans to re-evaluate spectrum issues. Genachowski has said publicly that one of his top priorities is reallocating and finding more spectrum that can be used to build wireless broadband services. Both he and the CTIA, a trade group representing the wireless industry, say there is a looming spectrum crisis that could result in dire consequences without adequate attention now.

During its report to the commission, the broadband task force said it is working with Congress to inventory and assess current spectrum usage in the U.S. It is calling for Congress to also require periodic review of spectrum uses and to find ways to clear spectrum bands that aren't serving other uses, such as wireless broadband.

The task force also said during its presentation Wednesday that it's looking at ways to spur more competition in the cable set-top box market. The group said that a lack of competition in the set-top box market has also resulted in a lack of innovation. The agency feels that more competition in this market would spur companies to develop new Internet applications and services that could be accessed via TVs.

The FCC is considering requiring paid TV providers, such as Comcast, Time Warner Cable, AT&T, and Verizon Communications to supply a low-cost network interface device that would allow people to access the Internet on their TVs and to access cable TV without using a cable box.

Monday, November 23, 2009

Interplanetary Internet. Whoa can IPv6 handle this?!?!?

From Wikipedia, the free encyclopedia



The Interplanetary Internet (IPN) is a conceived computer network in space, consisting of a set of network nodes which can communicate with each other.[1][2] Communication would be greatly delayed by the great interplanetary distances, so the IPN needs a new set of protocolstechnology that are tolerant to large delays and errors.[2] While the Internet as we know it tends to be a busy "network of networks" with high traffic, negligible delay and errors, and a wired backbone, the Interplanetary Internet is a store-and-forward "network of Internets" that is often disconnected, has a wireless backbone fraught with error-prone links and delays ranging to tens of minutes, even hours, even when there is a connection. and

Contents

[hide]

[edit] Development

Space communication technology has steadily evolved from expensive, one-of-a-kind point-to-point architectures, to the re-use of technology on successive missions, to the development of standard protocols agreed upon by space agencies of many countries. This last phase has gone on since 1982 through the efforts of the Consultative Committee for Space Data Systems[3] a body composed of the major space agencies of the world. It has 11 member agencies, 22 observer agencies, and over 100 industrial associates. (CCSDS),

The evolution of space data system standards has gone on in parallel with the evolution of the Internet, with conceptual cross-pollination where fruitful, but largely as a separate evolution. Since the late 1990s, familiar Internet protocols and CCSDS space link protocols have integrated and converged in several ways, for example, the successful FTP file transfer to Earth-orbiting STRV-1b on January 2 1996, which ran FTP over the CCSDS IPv4-like Space Communications Protocol Specifications (SCPS) protocols.[4][5] Internet Protocol use without CCSDS has taken place on spacecraft, e.g., demonstrations on the UoSAT-12 satellite, and operationally on the Disaster Monitoring Constellation. Having reached the era where networking and IP on-board spacecraft have been shown to be feasible and reliable, a forward-looking study of the bigger picture was the next phase.

ICANN meeting, Los Angeles, USA, 2007. The marquee plays a humorous homage to the Ed Wood film Plan 9 from Outer Space, while namedropping Internet pioneer Vint Cerf.

The Interplanetary Internet study at NASA's Jet Propulsion Laboratory (JPL) was started by a team of scientists at JPL led by Vinton Cerf and Adrian Hooke.[6] Cerf is one of the pioneers of the Internet on Earth, and currently holds the position of distinguished visiting scientist at JPL. Hooke is one of the directors of the CCSDS.

While IP-like SCPS protocols are feasible for short hops, such as ground station to orbiter, rover-to-lander, lander-to-orbiter, probe-to-flyby, and so on, delay-tolerant networking is needed to get information from one region of the solar system to another. It becomes apparent that the concept of a "region" is a natural architectural factoring of the InterPlanetary Internet.

A "region" is an area where the characteristics of communication are the same.[7] Region characteristics include communications, security, the maintenance of resources, perhaps ownership, and other factors.[7] The Interplanetary Internet is a "network of regional internets."

What is needed then, is a standard way to achieve end-to-end communication through multiple regions in a disconnected, variable-delay environment using a generalized suite of protocols. Examples of regions might include the terrestrial Internet as a region, a region on the surface of the moon or Mars, or a ground-to-orbit region.

The recognition of this requirement led to the concept of a "bundle" as a high-level way to address the generalized Store-and-Forward problem. Bundles are an area of new protocol development in the upper layers of the OSI model, above the Transport Layer with the goal of addressing the issue of bundling store-and-forward information so that it can reliably traverse radically dissimilar environments constituting a "network of regional internets."

Bundle Service Layering, implemented as the Bundling protocol suite for delay-tolerant networking, will provide general purpose delay-tolerant protocol services in support of a range of applications: custody transfer, segmentation and reassembly, end-to-end reliability, end-to-end security, and end-to-end routing among them. The Bundle Protocol was first tested in space on the UK-DMC satellite in 2008.[8][9]

The Deep Impact mission

An example of one of these end-to-end applications flown on a space mission is CFDP, used on the comet mission, Deep Impact. CFDP is the CCSDS File Delivery Protocol[10] an international standard for automatic, reliable file transfer in both directions. CFDP should not be confused with Coherent File Distribution Protocol, which unfortunately has the same acronym and is an IETF-documented experimental protocol for rapidly deploying files to multiple targets in a highly-networked environment.

In addition to reliably copying a file from one entity (i. e., a spacecraft or ground station) to another entity, the CCSDS CFDP has the capability to reliably transmit arbitrary small messages defined by the user, in the metadata accompanying the file, and to reliably transmit commands relating to file system management that are to be executed automatically on the remote end-point entity (i. e., a spacecraft) upon successful reception of a file.

[edit] Implementation

The dormant InterPlanetary Internet Special Interest Group of the Internet Society has worked on defining protocols and standards that would make the IPN possible.[11] The Delay-Tolerant Networking Research Group (DTNRG) is the primary group researching Delay-tolerant networking which has several major arenas of application in addition to the Interplanetary Internet, including stressed tactical communications, sensor webs, disaster recovery, hostile environments, and remote outposts.[12] As an example of a remote outpost, imagine an isolated Arctic village or a faraway island, with electricity, and one or more computers but no communication connectivity. With the addition of a simple wireless hotspot in the village, plus DTN-enabled devices on, say, dog sleds or fishing boats, a resident would be able to check their e-mail or click on a Wikipedia article, and have their requests forwarded to the nearest networked location on the sled's or boat's next visit, and get the replies on its return.

As of 2005, NASA has canceled plans to launch the Mars Telecommunications Orbiter in September 2009; it had the goal of supporting future missions to Mars and would have functioned as a possible first definitive Internet hub around another planetary body.

Since July of 2009 NASA have been testing DTN on board the ISS,[13] in August or September there are plans to reload the DTN protocol on the Deep Impact probe. That later combined with another satellite and the ground node will produce a 4 node network.[14]

[edit] See also

[edit] References

[edit] External links

Sunday, November 8, 2009

A prophetic article written a few months after September 11th, 2001. "Is Cyber Terror Next"? by Dorothy E. Dennings






Is Cyber Terror Next?
Dorothy E. Denning, Professor of Computer Science; Director of the Georgetown Institute for Information Assurance, Georgetown University

Shortly after the September 11 terrorist attack against the United States, hackers took to the Internet to voice their rage. A group called the Dispatchers announced they would destroy Web servers and Internet access in Afghanistan and target nations that support terrorists. Led by a 21-year-old security worker "Hackah Jak" from Ohio, the group of 60 people worldwide defaced hundreds of Web sites and launched denial of service attacks against such targets as the Iranian Ministry of Interior, the Presidential Palace of Afghanistan, and Palestinian ISPs. Another group, called Young Intelligent Hackers Against Terror (YIHAT), claimed they penetrated the systems of two Arabic banks with ties to Osama bin Laden, although officials from the banks denied any security breaches occurred. The group, whose stated mission is to stop the money sources of terrorism, issued a plea on their Web site for corporations to make their networks available to group members for the purpose of providing the "electronic equivalent to terrorist training camps." Later, they took down their public Web site, apparently in response to attacks from other hackers.

One group of Muslim hackers attacking the YIHAT site said they stood by bin Laden, even as they condemned the attacks of September 11. "Osama bin Laden is a holy fighter, and whatever he says makes sense," GForce Pakistan wrote on a Web site it defaced. The modified Web page warned that the group planned to hit major US military and British Web sites and proclaimed an "Al-Qaeda Alliance Online." Another GForce defacement contained similar messages along with images of badly mutilated children who had been killed by Israeli soldiers.

The cyber attacks arising from the events of September 11 reflect a growing use of the Internet as a digital battleground. It is not at all unusual for a regional conflict to have a cyber dimension, where the battles are fought by self-appointed hackers operating under their own rules of engagement. A rash of cyber attacks have accompanied the conflict between Israel and the Palestinians, the conflict over Kashmir, and the Kosovo conflict, among others. According to iDefense, over 40 hackers from 23 countries participated in the Israeli-Palestenian cyber conflict during the period October 2000, when the cyber battles erupted, to January 2001. They also reported that two of the pro-Palestinian attackers had connections to terrorist organizations. One of these was UNITY, a Muslim extremist group with ties to Hezbollah. The hackers launched a coordinated, multi-phased denial of service attack, first against official Israeli government sites, second against Israeli financial sites, third against Israeli ISPs, and fourth, against "Zionist E-Commerce" sites. The other group, al-Muhajiroun, was said to have ties with a number of Muslim terrorist organizations as well as bin Laden. The London-based group directed their members to a Web page, where at the click of a mouse members could join an automated flooding attack against Israeli sites.

Cyber protests have emerged in a climate where computer network attacks have become a serious and growing threat. The Computer Emergency Response Team Coordination Center (CERT/CC), for example, reported 2,134 incidents in 1997. This number rose to 21,756 in 2000 and to almost 35,000 during the first three quarters of 2001 alone. Considering that many, perhaps most, incidents are never reported to CERT/CC or indeed to any third party, the numbers become even more significant. Further, each incident that is reported corresponds to an attack that can involve thousands of victims. The Code Red worm, which infected about a million servers in July and August and caused $2.6 billion in damages, was a single incident.

The rise in computer-based attacks can be attributed to several factors, including general growth of the Internet, with corresponding increase in the number of potential attackers and targets; a never-ending supply of vulnerabilities that, once discovered, are quickly exploited; and increasingly sophisticated hacking tools that allow even those with modest skills to launch devastating attacks. The tools used to launch massive denial of service assaults, for example, have advanced command and control capabilities. The attacker runs client software to direct and coordinate the actions of server software running on potentially thousands of previously compromised "zombie" computers. Computer worms like Code Red can be used to find potential zombies and automatically install the attack software.

Although cyber attacks have caused billions of dollars in damage and affected the lives of millions, few if any can be characterized as acts of terrorism: fraud, theft, sabotage, vandalism, and extortion – yes, but terrorism – no. Their effect, while serious and not to be taken lightly, pales in comparison to the horror we witnessed on September 11.

But is cyber terrorism coming? Given that at least some hackers sympathetic to bin Laden are engaging in cyber protests, will they or terrorists specifically trained in cyber methods conduct future operations using nothing more than a keyboard and mouse? And if they do, will their cyber bombs target critical infrastructures or cause death and destruction comparable to that from physical weapons? Or, will they use cyber terrorism as an ancillary tool to amplify the impact of a physical attack, for example, by jamming 911 services or shutting down electricity or telecommunications after blowing up a building or releasing toxic gases?

Before addressing these questions, it is important to understand what is meant by cyber terrorism. The term is generally understood to mean a computer-based attack or threat of attack intended to intimidate or coerce governments or societies in pursuit of goals that are political, religious, or ideological. The attack should be sufficiently destructive or disruptive to generate fear comparable to that from physical acts of terrorism. Attacks that lead to death or bodily injury, extended power outages, plane crashes, water contamination, or major economic losses would be examples. Depending on their impact, attacks against critical infrastructures such as electric power or emergency services could be acts of cyber terrorism. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.

To assess the potential threat of cyber terrorism, two factors must be considered: first, whether there are targets that are vulnerable to attack that could lead to severe harm, and second, whether there are actors with the capability and motivation to carry them out.

Looking first at vulnerabilities, several studies have shown that critical infrastructures are potentially vulnerable to a cyber terrorist attack This is not surprising, because systems are complex, making it effectively impossible to eliminate all weaknesses. New vulnerabilities are continually uncovered, and systems are configured or used in ways that make them open to attack. Even if the technology is adequately hardened, insiders, acting alone or in concert with other terrorists, may be able to exploit their access capabilities to wreak considerable harm.

Click here for the home page of CERT/CC.


Consultants and contractors are frequently in a position where they could cause grave harm. In March 2000, Japan's Metropolitan Police Department reported that a software system they had procured to track 150 police vehicles, including unmarked cars, had been developed by the Aum Shinryko cult, the same group that gassed the Tokyo subway in 1995, killing 12 people and injuring 6,000 more. At the time of the discovery, the cult had received classified tracking data on 115 vehicles. Further, the cult had developed software for at least 80 Japanese firms and 10 government agencies. They had worked as subcontractors to other firms, making it almost impossible for the organizations to know who was developing the software. As subcontractors, the cult could have installed Trojan horses to launch or facilitate cyber terrorist attacks at a later date.

If we take as given that critical infrastructures are vulnerable to a cyber terrorist attack, then the question becomes whether there are actors with the capability and motivation to carry out such an operation. While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm. Conversely, terrorists who are motivated to cause violence seem to lack the capability to cause that degree of damage in cyberspace. The methods of cyber terrorism are not, to the best of my knowledge, taught in the terrorist training camps of Afghanistan.

In August 1999, the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School (NPS) in Monterey, California, issued a report entitled "Cyberterror: Prospects and Implications." Their objective was to assess the prospects of terrorist organizations pursuing cyber terrorism. They concluded that the barrier to entry for anything beyond annoying hacks is quite high and that terrorists generally lack the wherewithal and human capital needed to mount a meaningful operation. Cyber terrorism, they argued, was a thing of the future, although it might be pursued as an ancillary tool.

The NPS study examined five types of terrorist groups: religious, New Age, ethno-nationalist separatist, revolutionary, and far-right extremist. Of these, only the religious groups were thought likely to seek the most damaging capability level, as it would be consistent with their indiscriminate application of violence.

In October 2000, the NPS group issued a second report following a conference aimed at examining the decision making process that leads sub-state groups engaged in armed resistance to develop new operational methods. They were particularly interested in learning whether such groups would engage in cyber terrorism. In addition to academics and a member of the United Nations, the participants included a hacker and five practitioners with experience in violent sub-state groups. The latter included the PLO, the Liberation Tigers of Tamil Eelan (LTTE), the Basque Fatherland and Liberty-Political/Military (ETA-PM), and the Revolutionary Armed Forces of Colombia (FARC). The participants engaged in a simulation exercise based on the situation in Chechnya.

Only one cyber attack was authorized during the simulation, and that was against the Russian Stock Exchange. The attack was justified on the grounds that the exchange was an elite activity and thus disrupting it would not affect most Russians. Indeed, it might appeal to the average Russian. The group ruled out mass disruptions impacting e-commerce as being too indiscriminate and risking a backlash.

The findings from the meeting were generally consistent with the earlier study. Recognizing that their conclusions were based on a small sample, they concluded that terrorists have not yet integrated information technology into their strategy and tactics; that sub-state groups may find cyber terror attractive as a non-lethal weapon; that significant barriers between hackers and terrorists may prevent their integration into one group; and that politically motivated terrorists had reasons to target selectively and limit the effects of their operations, although they might find themselves in a situation where a mass casualty attack was a rational choice.

The NPS group also concluded that the information and communication revolution may lessen the need for violence by making it easier for sub-state groups to get their message out. Unfortunately, this conclusion does not seem to be supported by recent events. Many of the people in bin Laden’s network, including the suicide hijackers, have used the Internet but nevertheless engage in horrendous acts of violence. Groups that foster hate and aggression thrive on the Internet alongside those that promote tolerance and peace.

Although cyber terrorism is certainly a real possibility, for a terrorist, digital attacks have several drawbacks. Systems are complex, so controlling an attack and achieving a desired level of damage may be harder than using physical weapons. Unless people are killed or badly injured, there is also less drama and emotional appeal.

In assessing the threat of cyber terrorism, it is also important to look beyond the traditional terrorist groups and to the computer geeks who already possess considerable hacking skills. As noted at the beginning of this essay, some of these folks are aligning themselves with terrorists like bin Laden. While the vast majority of hackers may be disinclined towards violence, it would only take a few to turn cyber terrorism into reality.

Further, the next generation of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal. They might see greater potential for cyber terrorism than do the terrorists of today, and their level of knowledge and skill relating to hacking will be greater. Cyber terrorism could also become more attractive as the real and virtual worlds become more closely coupled, with automobiles, appliances, and other devices attached to the Internet. Unless these systems are carefully secured, conducting an operation that physically harms someone may be as easy as penetrating a Web site is today.

At least for now, hijacked vehicles, truck bombs, and biological weapons seem to pose a greater threat than cyber terrorism. However, just as the events of September 11 caught us by surprise, so could a major cyber assault. We cannot afford to shrug off the threat.

November 1, 2001

Dorothy E. Denning is the Patricia and Patrick Callahan Family Professor of Computer Science and Director of the Georgetown Institute for Information Assurance at Georgetown University. She has written extensively on information warfare and testified before Congress on cyberterrorism.

Friday, October 30, 2009

An older article but never the less timely: China’s cyber army is preparing to march on America, says Pentagon

From
September 8, 2007

China ‘tops list’ of cyber-hackers


Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.

The blueprint for such an assault, drawn up by two hackers working for the People’s Liberation Army (PLA), is part of an aggressive push by Beijing to achieve “electronic dominance” over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.

China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities early in a conflict, according to military documents and generals’ speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that China’s military regards offensive computer operations as “critical to seize the initiative” in the first stage of a war.

The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping. It also emerged this week that the Chinese military hacked into the US Defence Secretary’s computer system in June; have regularly penetrated computers in at least 10 Whitehall departments, including military files, and infiltrated German government systems this year.

Cyber attacks by China have become so frequent and aggressive that President Bush, without referring directly to Beijing, said this week that “a lot of our systems are vulnerable to attack”. He indicated that he would raise the subject with Hu Jintao, the Chinese President, when they met in Sydney at the Apec summit. Mr Hu denied that China was responsible for the attack on Robert Gates, the US Defence Secretary.

Larry M. Wortzel, the author of the US Army War College report, said: “The thing that should give us pause is that in many Chinese military manuals they identify the US as the country they are most likely to go to war with. They are moving very rapidly to master this new form of warfare.” The two PLA hackers produced a “virtual guidebook for electronic warfare and jamming” after studying dozens of US and Nato manuals on military tactics, according to the document.

The Pentagon logged more than 79,000 attempted intrusions in 2005. About 1,300 were successful, including the penetration of computers linked to the Army’s 101st and 82nd Airborne Divisions and the 4th Infantry Division. In August and September of that year Chinese hackers penetrated US State Department computers in several parts of the world. Hundreds of computers had to be replaced or taken offline for months. Chinese hackers also disrupted the US Naval War College’s network in November, forcing the college to shut down its computer systems for several weeks. The Pentagon uses more than 5 million computers on 100,000 networks in 65 countries.

Jim Melnick, a recently retired Pentagon computer network analyst, told The Times that the Chinese military holds hacking competitions to identify and recruit talented members for its cyber army.

He described a competition held two years ago in Sichuan province, southwest China. The winner now uses a cyber nom de guerre, Wicked Rose. He went on to set up a hacking business that penetrated computers at a defence contractor for US aerospace. Mr Melnick said that the PLA probably outsourced its hacking efforts to such individuals. “These guys are very good,” he said. “We don’t know for sure that Wicked Rose and people like him work for the PLA. But it seems logical. And it also allows the Chinese leadership to have plausible deniability.”

In February a massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation. Pro-Russian hackers attacked numerous sites to protest against the controversial removal in Estonia of a Russian memorial to victims of the Second World War. The attacks brought down government websites, a major bank and telephone networks.

Linton Wells, the chief computer networks official at the Pentagon, said that the Estonia attacks “may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society”.

After the attacks, computer security experts from Nato, the EU, US and Israel arrived in the capital, Tallinn, to study its effects.

Sami Saydjari, who has been working on cyber defence systems for the Pentagon since the 1980s, told Congress in testimony on April 25 that a mass cyber attack could leave 70 per cent of the US without electrical power for six months.

He told The Times that all major nations – including China – were scrambling to defend against, and working out ways to cause, “maximum strategic damage” by taking out banking systems, power grids and communications networks. He said that there were at least a thousand attempted attacks every hour on American computers. “China is aggressive in this,” he said.

Programmed to attack

Malware: a “Trojan horse” programme, which hides a “malicious code” behind an innocent document, can collect usernames and passwords for e-mail accounts. It can download programmes and relay attacks against other computers. An infected computer can be controlled by the attacker and directed to carry out functions normally available only to the system owner.

Hacking: increasingly a method of attack used by countries determined to use electronic means to gain access to secrets. Government computers in Britain have a network intrusion detection system, which monitors traffic and alerts officials to “misuse or anomalous behaviour”.

Botnets: compromised networks that an attacker can exploit. Deliberate programming errors in software can easily pass undetected. Attackers can exploit the errors to take control of a computer. Botnets can be used for stealing information or to collect credit card numbers by “sniffing” or logging the strokes of a victim’s keyboard.

Keystroke loggers: they record the sequence of key strokes that a user types in. Logging devices can be fitted inside the computer itself.

Denial of service attacks: overloading a computer system so that it can no longer function. This is the method allegedly used by the Russians to disrupt the Estonian government computers in May.

Phishing and spoofing: designed to trick an organisation’s customers into imparting confidential information such as passwords, personal data or banking details. Those using this method impersonate a “trusted source” such as a bank or IT helpdesk to persuade the victim to hand over confidential information. (Michael Evans)


US boots up new unified cybersecurity center


US Homeland Security Secretary Janet Napolitano cut the ribbon on Friday on a state-of-the-art unified command center for government cybersecurity efforts.

The National Cybersecurity and Communications Integration Center (NCCIC) brings together various government organizations responsible for protecting cyber networks and infrastructure and private sector partners.

"This will be a 24/7, 365-day-a-year facility to improve our national efforts to prepare and respond to threats and incidents affecting critical information technology and communications infrastructure," Napolitano said.

She said the NCCIC will serve as the "central repository" for the cyber protection efforts of the civilian side of the federal government and its private sector partners.

Attending the ribbon-cutting ceremony for the NCCIC was the head of the US military's "cyber command," Lieutenant General Keith Alexander, director of the super-secret National Security Agency (NSA).

The high-security new NCCIC facility is located in an Arlington, Virginia, office building and includes a long narrow room dominated by giant wall-mounted video screens displaying maps and threat data. Facing the screens are dozens of computer work stations with multiple screens.

"Securing Americas cyber infrastructure requires a coordinated and flexible system to detect threats and communicate protective measures to our federal, state, local, and private sector partners and the public," Napolitano said.

"Consolidating our cyber and communications operations centers within the NCCIC will enhance our ability to effectively mitigate risks and respond to threats," she added.

NCCIC combines two Homeland Security operational organizations: the US Computer Emergency Readiness Team (US-CERT) and the National Coordinating Center for Telecommunications (NCC).

US-CERT is a public-private partnership aimed to protecting and defending cyber infrastructure while the NCC is the operational arm of the National Communications System.

NCCIC will also integrate the National Cybersecurity Center (NCSC), which coordinates operations among the six largest federal cyber centers.

Napolitano, whose department has received the green light to hire up to 1,000 cybersecurity experts over the next three years, stressed the private sector participation in the NCCIC, noting they will have "offices in the same space."

US-CERT currently partners with a number of private sector companies such as telecommunications firms and others in monitoring cyber threats.

The opening of the NCCIC was the culmination of what has been dubbed "National Cybersecurity Awareness Month."

No single agency is currently charged with ensuring government information technology security and lawmakers have called for creating a powerful national cybersecurity advisor reporting directly to the president.

President Barack Obama has made cybersecurity a top priority and announced in May that he would name a "cyber czar" to defend against criminal, espionage and hacker attacks on US government and private computer networks.

Obama has not yet named the "cyber czar" but the 2010 Homeland Security Act that he signed on Wednesday included 397 million dollars for cybersecurity.

US government websites come under attack on a daily basis, according to the Department of Homeland Security, with the threats ranging from teenage hackers to criminal gangs to foreign governments.

US cyber center opens to battle computer attacks

By LOLITA C. BALDOR

Associated Press Writer
WASHINGTON —

The United States is well behind the curve in the fight against computer criminals, Sen. Joe Lieberman said Friday, as Homeland Security officials opened a $9 million operations center to better coordinate the government's response to cyberattacks.

Lieberman, chairman of the Senate Homeland Security and Government Affairs Committee, said legislation being drafted by his committee will require federal agencies and private companies to set up a system to share information on cyber threats.

And Lieberman, a Connecticut independent, said the Homeland Security Department must identify weaknesses in the systems that run power plants and other critical infrastructure.

As Lieberman laid out his proposal to Chamber of Commerce executives, Homeland Security Secretary Janet Napolitano unveiled the new National Cybersecurity and Communications Integration Center in northern Virginia.

Standing in front of a wall of broad video screens, that displayed vivid charts and maps of possible cyber threats and suspicious internet traffic, Napolitano said the watch center will allow the high-tech teams that monitor government networks to work better together.

With 61 computer stations spread across the room, the center will merge the U.S. Computer Emergency Readiness Team and the National Coordinating Center for Telecommunications.

U.S. officials have said that government computer systems are probed or scanned millions of times a day, and face an increasing threat from hackers, cyber criminals looking to steal money or information, and nation-states aimed at espionage or the destruction of networks that run vital services.

Officials have called for a more coordinated effort by the federal government to monitor and protect U.S. systems and work with the private sector to insure that transportation systems, energy plants and other sensitive networks are equally protected.

Sen. Susan Collins of Maine, the ranking Republican on the homeland security panel, said it will take more than a White House coordinator to secure the country's networks. And she pointed to the National Counterterrorism Center, which brings agencies together to assess terrorism data, as a good model for cyber coordination.

Napolitano told a crowd of federal workers and others at the new watch center that consolidating the cyber efforts will improve the government's ability to counter threats. Over time, the center - which will operate 24-hours a day - will also include the National Cybersecurity Center, which coordinates operations among the six largest federal cyber centers; the DHS Office of Intelligence and Analysis and representatives from the private sector.

President Barack Obama has declared computer security a priority, but he has been struggling for several months to appoint a new cyber coordinator. Several executives have turned it down, and critics and cyber experts say it is a nearly impossible job to fill.

White House spokesman Nick Shapiro said Obama is "personally committed to finding the right person for this job, and a rigorous selection process is well under way."

Lawmakers say the new coordinator, who Obama said would report to both the National Security Council and the National Economic Council, must be subject to Senate confirmation. The White House plan for the new policy adviser does not call for Senate confirmation because the person would be coordinating not unilaterally directing federal activities, Shapiro said.

Christopher Painter is currently serving as the acting senior director for cyber security in the White House.

Monday, October 26, 2009

Free e-Booklets ==These cover all areas from IT Certifications to Digital Forensics.

http://syngress.com/free-e-booklets/

This blog has served as a way for me to create a repository of security related topics of interest

One more fascinating and relevant tidbit of information: http://www.social-engineer.org/

"Dissecting the hack: the f0rb1dd3n network"

An informative and interesting book. I found this on the website: http://f0rb1dd3n.com/links.php A great collection of security related links. Also the home page for this book's website http://f0rb1dd3n.com/index.php has some "dirt" to reveal concerning "data integrity" LOL!!!!

Also a nod to a very well built Security Blog: http://www.mcgrewsecurity.com/




Learn How To HackClick here to view more details

Voice mail messages, online sessions and analysis of machine after break in.

This site contains technical details of the break-in and pursuit, including actual analysis of the original break-in, voice messages left after the break-in, live transcripts of some of Kevin Mitnick's sessions, conversations, and much more.







Learn How To Hack

Learn How To Hack


Sunday, September 20, 2009

Cyber Criminals Most Wanted and Various Cyber-Crime Web Sources

Learn How To Hack

Learn How To Hack



Also a very comprehensive computing site of awesome wealth and learning:

http://www.atomicmpc.com.au/

followed by this blog installment's featured sites:

http://www.ccmostwanted.com/


http://it.einnews.com/news/hacking-crime

and an awesome photo of yours truly
(well the lighting and imaging on the photo leaves some room for improvement)


Friday, August 28, 2009

Ethical Hacking, Penetration Testing, Risk Assessments & Digital Forensics.

This month's focus IT Security website:
http://www.sequrit.org/

Learn How To Hack

Learn How To Hack



Sequrit is founded by the world renowned IT Security Expert Wayne Burke. He encountered a problem that needed a solution:

The IT Security world is changing every day. To stay informed on the latest technologies, threats and solutions, the IT Security Specialist has a full time job researching many different sources for all this information, leaving little time to do what is most important: maintaining a Secure environment!

This is why our team of Security Experts have created a turnkey Education Community Portal (LMS).

Featuring: Blended Learning (Online and Live Presentations) Forums, Blogs, Chats, Exam Quizes, Updated Tutorials and video's. PLUS: Remote Hacking Network, Live Hacking TV Weekly.


Tuesday, July 28, 2009

Industrionage: As economic warfare become more industrial based, the distinction between economic and industrial espionage becomes less relevant

Industrionage is a term I created from the phrase "Industrial Espionage". Just what is Industrionage; moreover, exactly what is involved in the act of espionage as it applies to industry? The following articles and musings will help focus this very important issue.

Economic and Industrial Espionage:
A Question of Counterintelligence or Law Enforcement?
By Harvey Rishikof


Introduction

Economic or industrial espionage is an old problem. As the current head of the National Counterintelligence Executive (NCIX) under the Director of National Intelligence (DNI), Joel F. Brenner, likes to muse, espionage itself is as old as Joshua reconnoitering the Promised Land, and it will be with us forever.[1] In the Cold War the archetype for technological counterintelligence, as well as industrial espionage, was the American born Russian spy Dr. George Koval’s penetration of the Manhattan Project for the atomic bomb.[2] But the paradigm is shifting in the economic era of globalization. The end of the Cold War and the explosion of technology, increased access to computers and the internet, potential profits, poor prosecutorial tools, fear of reporting the theft, and inadequate federal and state laws, have all contributed to the attractiveness of economic espionage.[3] In the words of Bernard Esambert, former Chairman of the Board of the Pasteur Institute, “Today’s economic competition is global. The conquest of markets and technologies has replaced former territorial and colonial conquests. We are living in a state of world economic war and this is not just a military metaphor... the companies are training the armies and the unemployed are the casualties.”[4]

International commerce and advancing technology have increased the likelihood of and opportunity for economic intelligence and industrial espionage, placing intellectual property and trade secrets at increased risk of appropriation. Consider the iPod, while Apple developed it, its 451 parts are made in several different countries, including Japan, Philippines, Korea, China, and Taiwan.[5] Such outsourcing although efficient and cost effective, leaves Apple open to foreign industrial espionage at critical stages of design. When viewed from the perspective of the NCIX trying to protect economic secrets in a world of shifting boundaries, world supply lines, and spheres of influence, it is a monumental challenge:

Boundaries of every kind are eroding—legally, behaviorally, electronically—in all aspects of our lives: Between the public and private behavior of ordinary people; for example, the sense of dress and decorum appropriate to the home, the street, the office, or houses of worship. Between the public and private—that is, secret—behavior of governments. Between the financing, legal norms, and research activities of public as opposed to private institutions; [and] universities, for instance. Between state and non-state actors and the relative size of the resources they control. Cyber boundaries are also eroding—and not always in ways we like—but simply because we are sometimes helpless to enforce them.[6]

But those in charge are still responsible, and they have to try to craft a response to the new era of globalization, computerization, secrets, and spying. The mission therefore is increasingly difficult and will not go away because the stakes are so high. Our recent economic downturn may only enhance the incentives to increase this type of spying. In the elegant words of Joel Brenner the “intellectual thieves” seem to have the upper hand at the moment. As he recently explained at a public-private sector conference:

The fact is, intellectual thieves are eating our lunch—eating your lunch. The public and private sectors are both leaking badly. I’m not talking about just the pirating of DVDs and movies in Asia. I’m talking about significant technologies that are walking out of our laboratories on electronic disks, walking onto airplanes bound for foreign ports, and re-entering the country as finished products developed by foreign entrepreneurs. In effect, we’re buying back our own technology. This is bad enough when we’re talking about commercial innovation. But when we’re talking about technology with substantial defense applications, we’re talking about losses of intellectual capital that in wartime could cost many lives of our fellow citizens. These losses are occurring, and they are occurring in a targeted, systematic manner.

Protecting innovative technology before it can be patented or classified is an urgent task, and it is difficult. If any of us knew how to do it, he’d be very rich, because it’s a question of handicapping basic research.[7]

Protecting critical business information is not only a bottom line issue but also may be increasingly a national security issue. Companies however, are fearful of government classification schemes that will hinder innovation and openness. Given this reality and boundary erosion, perhaps it is not surprising that a former head of the French intelligence service in 1994 admitted that his agency spied on U.S. executives abroad and “bugged” first-class seats on Air France to monitor conversations.[8] Moreover, this arena is complicated not only by the fact that the key to our information networks is openness but the information can be transmitted through standard business practices – merger and acquisitions, joint ventures, strategic alliances, and licensing agreements. Therefore, both military friends and foes may be adversaries in the economic arena of espionage. Sometimes the attack is from government-sponsored espionage, other times it is the private illicit acquisition of proprietary information, and sometimes it may be a combination of the two.

As one can imagine, it is hard to find data in this arena. As one of my old professor’s use to say – studying smuggling is hard and potentially dangerous. A measure of the extent of the growing problem is the number of prosecutions for the illegal export of US technology as reported by the 2003 Annual Report on Foreign Economic Collection and Industrial Espionage (FECIE). During fiscal year 2003, US Department of Immigration and Customs Enforcement (ICE) conducted more than 2,000 investigations involving violations of the Arms Export Control Act, International Traffic in Arms Regulations, Export Administration Regulations, International Emergency Economic Powers Act, and the Trading with the Enemy Act. Those investigations resulted in 120 arrests, 75 criminal indictments, and 55 convictions.[9]

According to a survey published in 2007 by the American Society for Industrial Security (ASIS), the financial impact of individual cases of espionage range from less than $10,000 to more than $5.5 million per incident, for a cumulative year-end total in the American economy of billions of dollars in losses – to reputation, image, goodwill, competitive advantage, core technology, and profitability.[10] But as we began to recognize in the late 1990s corporations are of strategic interest to the United States on three levels since they: 1) produce classified products for the government; 2) produce dual-use technology used in both the public and private sectors; and 3) are responsible for R&D and the creation of leading-edge technologies critical to maintaining U.S. economic security. Losses at any of these levels could affect U.S. international competitiveness and security.[11] Regardless of the source, the threat to US interests is real, and the US is extremely vulnerable.

The 2005 Annual Report to Congress on FECIE reported that 108 countries – both friend and foe – were involved in information collection efforts against the United States.[12] China, Russia, and India top the list. The FECIE reports indicate that foreign collectors tend to target dual-use technology, which can be used for both peaceful and military objectives, and military technology. There is no dispute that foreign governments go after trade secrets for the sake of national security advantage. But what is the United States government’s role in company v. company warfare? Should investigations be considered a counterintelligence or law enforcement matter? Do these old jurisdictional boundaries and responsibilities still work? What should be a secret, and what is the government’s role in making that determination? What can be done to protect US interests?

The critical issue in the new world of commerce is whether one can clarify the differences between economic and industrial counter-espionage and explain why the latter is particularly problematic. To many, governments have long engaged in economic intelligence but have found the need to engage in economic espionage declining as more and more critical information is available through open sources. Industrial espionage, on the other hand, may be becoming the most prevalent form of economic espionage as governments seek industry-related information for the intelligence they need on battlefield capabilities, for design of counter-measures, and for preparation of the battlefield – including how to attack energy grids, and industrial plants important for war-making etc. Industrial espionage involving the theft of trade secrets, perhaps at one time seemed to be able to be restricted to an industrial sphere, but dual use technologies erase what once was an easy distinction as government involvement becomes more prevalent.

Some recent cases --How to balance counterintelligence v. law enforcement?

At the time of the passage of the Economic Espionage Act in 1996 (EEA), 23 to 26 countries were identified as practicing suspicious collection and acquisition activities and 12, in particular, were targeting trade secrets. In particular the technology categories, many of which are dual-use technologies, listed in the Military Critical Technology List published by the DOD were of greatest interest.[13] The FBI had seen the number of cases of suspected economic espionage under investigation in its Economic Counterintelligence Program started in 1994 leap from 400 to 800 cases by 1996. By 2005 the number of countries involved in collection efforts against sensitive and protected US technologies had risen dramatically.

More specifically, the immediate issue is whether the government should be engaged in a back-door industrial policy by determining which industrial products deserve protection with federal dollars. Criterion might be direct relevance to national security, actually threatened industries, or a mixed strategy using a case-by-case approach. Recent cases brought under the EEA are illustrative of the range of potential problems for prosecution under the current charging schemes as the government tries to establish foreign involvement.

If the companies are selected according to their direct relevance to national security (i.e. they have defense contracts) then the contracting process becomes the tool the FBI and others use for building their database of which industries to help—regardless of whether the thief is a foreign government or a competing firm acting on its own. This is, of course, a very defensive posture but allows for a potential marshalling of resources. An example of such a national security case is United States v. Meng that involved military technology, computer source code, and economic opportunity.[14]

In 2007 Xiaodong Sheldon Meng, formerly a resident of Beijing, China, and a resident of Cupertino, California, was charged with stealing military combat and commercial simulation software and other materials from his former employer Quantum3D, a company based in San Jose, California. Meng was charged under the EEA with stealing the trade secrets from Quantum3D with the intent that they would be used to benefit the foreign governments of China, Thailand, and Malaysia.

Many of Quantum3D’s products were designed primarily for military purposes, including military combat training in simulated real-time conditions during the day and night and the use of advanced infrared (IR), Electro-Optical (EO), and Night Vision Goggle (NVG) devices. The indictment alleges that Meng stole numerous Quantum3D products, including “viXsen™” and “nVSensor™,” which were used exclusively in military applications and designed for precision training of military fighter pilots in night vision scenarios among other applications. Both “viXsen™” and “nVSensor™” are classified as defense articles on the U.S. Munitions List and cannot be exported outside the United States without an export license.

In 2003 after a number of years of employment, Meng entered into a consulting agreement with Quantum3D in which he would serve as an independent consultant for Quantum3D in Asia. In this capacity he tried to sell sensitive source code to the Malaysian Air Force. In 2004 he severed his relationship with Quantum3D, joined a competitor, and attempted to sell Quantum3D products to the Chinese and Thailand.[15] In essence Meng given his knowledge of the products became the carrier.

Another recent case highlighting the overlap of economic and industrial espionage in the national security area and they type of cases to focus on is the 2007 Chi Mak case. In the Chi Mak case, five members of a southern California family were charged with acting as agents of the People’s Republic of China and with conspiring with each other to export United States defense articles to the People’s Republic of China a violation of the Arms Export Control Act. This technology theft ring focused on acquiring corporate proprietary information and embargoed defense technology related to the propulsion, weapons and electrical systems of U.S. warships. The family, the father a naturalized citizen from China, had pursued a long-term plan of infiltration over years.

Though the object was clear, who sponsored the ring? Chi Mak was a support engineer at L-3 Communications working on navy quiet drive propulsion technology. The espionage effort appears to have been directed by a Chinese academic at a research institute for Southeast Asian affairs at Zhongshan University in Guangzhou, China. The Chi family encrypted the information it was passing back to China into a computer disk that appeared to contain television and sound broadcasts. It was literally embedded in the other data in encrypted form. This effort has all of the earmarks of professional espionage tradecraft and state-directed espionage, with sophisticated control and sophisticated clandestine communications means. The government university in Guangzhou could have been cover for a state-directed espionage effort. However, Chi Mak and his alleged co- conspirators could just as well have been part of a sophisticated economic espionage operation run out of a university research institute. The future plea agreements will perhaps make clear the true nature of the conspiracy.[16]

This “direct relevance” approach would require prioritizing military programs and “tagging” all employees with access to high value products. And as these cases illustrate the targeting countries are not beyond “planting” potential operatives as “sleepers” whose goal is to join critical companies and plot long-term career paths.

Alternatively, law enforcement could build a database of those industries actually threatened by foreign governments’ intelligence activities, whether or not the US uses the technology for national security purposes. The rationale here would be: if a foreign government wants the technology, there is national security gain to be had, by definition, in keeping that technology from them. This approach is problematic because of its underlying assumption and because many non-defense firms do not necessarily want the federal government probing their businesses to discover what their R&D involves or interfering in their choices on how to develop, protect or share such technologies.

Such a case was, United States v. Okamoto and Serizawa, when Takashi Okamoto, a resident of Japan, and Hiroaki Serizawa, a resident of Kansas, were indicted of stealing trade secrets from the Cleveland Clinic Foundation (CCF). [17] Okamoto and Serizawa conspired to misappropriate from the CCF certain genetic materials called Dioxyribonucleic Acid (DNA) and cell line reagents and constructs which were developed by researchers employed by CCF, with funding provided by the CCF and the National Institutes of Health, to study the genetic cause of and possible treatment for Alzheimer’s. Alzheimer’s affects an estimated 4,000,000 people in the United States alone and is the most common cause of dementia. The pharmaceutical market for this disease is a potentially rich profit center for any company in the field. The Alzheimer's disease market is forecast to continue to expand significantly over the next ten years. Aided by growing elderly populations, successive product launches have seen global revenues grow at over 35%.[18]

The goal of the conspiracy was to benefit the Institute of Physical and Chemical Research (RIKEN), a quasi-public corporation located in Saitama-Ken, Japan, which received over 94 percent of its operational funding from the Ministry of Science and Technology of the government of Japan. The Brain Science Institute (BSI) of RIKEN was formed in 1997 as a specific initiative of the Ministry of Science and Technology to conduct research in the area of neuroscience, including research into the genetic cause of, and possible treatment for, Alzheimer’s Disease

Okamoto and Serizawa had committed economic espionage by stealing, altering and destroying trade secrets that were property of the CCF, specifically, 10 DNA and cell line reagents developed through the efforts and research of researchers employed and funded by the CCF and by a grant from the National Institutes of Health. [19] Okamoto and Serizawa were also charged with transporting, transmitting, and transferring in interstate and foreign commerce, DNA and cell line reagents developed through the efforts of researchers employed and funded by the CCF.[20]

Should law enforcement be focused on lucrative emerging world markets, as in the above case of Okamoto and Serizawa and be using limited resources to protect private companies from losing market share? How can the federal government, given its limited resources, spread itself across such a large canvas? Will corporations want to cooperate with the government?

A third option is to develop a counter intelligence strategy that mixes the two previous approaches and determines, on a case by case basis, whether the efforts at acquisition by a foreign entity represent a national security threat. United States v. Ye and Zhong[21]presents such a choice. Fei Ye, and Ming Zhong were arrested at the San Francisco International Airport with stolen trade secret information in their luggage while attempting to board an aircraft bound for China. Ye and Zhong admitted to possessing stolen trade secrets for an integrated circuit design from Sun Microsystems, Inc. and Transmeta Corporation with the intent to benefit the Peoples Republic of China.

Ye and Zhong admitted that they intended to utilize the trade secrets in designing a computer microprocessor that was to be manufactured and marketed by a company that they had established, known as Supervision, Inc. They admitted that Supervision was to have provided a share of any profits made on sales of chips to the City of Hangzhou and the Province of Zhejiang in China, from which Supervision was to receive funding. Mr. Ye and Mr. Zhong also admitted that their company had applied for funding from the National High Technology Research and Development Program of China, commonly known as the “863 Program.”

Fei Ye is alleged to have possessed a corporate charter for Hangzhou Zhongtian Microsystems Company Ltd. at his house which states that the joint-venture will raise China’s ability to develop super-integrated circuit design and form a powerful capability to compete with worldwide leaders’ core development technology and products in the field of integrated circuit design.[22]

The problem here is that, in addition to the issues with the first two previous enforcement approaches raise, the Ye and Zhong case introduces a third: acquiring the expertise within the counter intelligence community to analyze industrial R&D at its most cutting edge. And even if the community were successful in doing this, law enforcement would have to employ a sliding authorization for use of counterintelligence tools (wiretaps, undercover surveillance, etc.) during the investigative process or risk alienating firms it might need to cooperate in an eventual prosecution. Any investigations that did not pan out as espionage would have to be prosecuted as crimes, unless companies decide to drop charges in the interest of pursuing profits instead. But could the corporations count on the federal government or IC to pull back once an interest had been pursued? For some of the proponents of the EEA in 1996, the act was an attempt to pursue this third option, but the infrastructure and groundwork has not materialized to pursue such a nuanced course.

Why these cases are of interest is that they illustrate how difficult counterintelligence is when the focus is the private sector? What were the roles of the firms in each of the cases? Did the company alert law enforcement or the other way around? How were decisions made regarding the use of counterintelligence vs. counter-crime techniques and did internal law enforcement disagreements arise that complicated or slowed down investigations? These important questions demonstrate how difficult pursuing prosecutions in this area.[23]

But if government regulations and enforcement continue to prove ineffective the private sector may be the place where an attempted solution will be looked to, in order to stop having our “lunch eaten.” The questions are: 1) are we willing to pay the price to our privacy and will it work? and, 2) what is a US economic interest and what is a multinational conglomerate interest as it pursues its globalization strategy?

These issues of economic and industrial espionage bleed into other categories of security and competition. Recently Joel Brenner characterized the key three strategic challenges now confronting the counterintelligence community: (1) threats to our cyber networks and opportunities to understand and counter them; (2) acquisition vulnerabilities created by the international nature of our markets; and (3) the need for better collaboration in countering espionage.[24]

A corporate security culture must entail a shift in the traditional notions of privacy.[25] This shift will be a challenge to the previous zone of privacy many of us grew up with. Interestingly, the new generation of “MySpace,” “FaceBook,” and YouTube” employees may approach the new transparent work place with a different appreciation for the new corporate security culture of trade secrets. The government’s responsibility historically has been to concentrate on the espionage side of the national security arena and not be so involved in the industrial, a more private sector field. The private sector paid for its own slackness in lost revenue. Modern technology has helped to erode these two distinct arenas and this has created new burdens for the government. As economic warfare become more industrial based, the distinction between economic and industrial espionage becomes less relevant.

One reason for the erosion is that our adversaries have taken such a view, as in the Chinese 863 Program in the Ye and Zhong case. The 863 Program is a funding plan created and operated by the government of the People’s Republic of China, and is also known as the National High Technology Research and Development Program of China. The program was designed by leading PRC scientists to develop and encourage the creation of technology in the PRC and focused on issues such as high technology communications and laser technology, with an emphasis on military applications. The General Armaments Department ("GAD") of the People’s Liberation Army was responsible for the Army, Navy, and Air Force in the PRC, and oversaw the development of weapons systems used by the PRC. The GAD had a regular role in, and was a major user of, the 863 Program.[26]

This approach is perhaps more understandable in political/economic cultures that encourage state-owned enterprises. In countries where government interests can coincide with corporate interests, or national champions, intelligence agencies can be more easily instructed to assist the private sector. This perhaps explains why France over ten years ago established, the Ecole de Guerre Economique (EGE) or School of Economic Warfare. The founder of the school contends that rather than teaching economic espionage it is more the management of information to develop an economic strategy in the context of conflicts to gain market share.[27] For such state corporate-centric approaches the distinction between fair or unfair business practices can become blurred. Some have contended that the US open competitive market based system and our anti-trust laws combined with our Foreign Corrupt Practices Act has made state sponsored economic espionage a non-starter.[28]

The new Director of National Intelligence has many problems on his plate – Iraq, Afghanistan, the Middle East, China, Pakistan, India etc. How will economic-industrial espionage fair? In Andrew Niccol's 1997 science fiction film Gattaca, set in the near future, the Gattaca Aerospace Corporation has created a totally transparent work place with technology able to manipulate genetic codes and monitor all employee interactions. Although the hero is able to fool the system, the world depicted is a possible modern future that would bring corporate monitoring to one possible logical conclusion. If we do start to travel down this path of a culture of corporate security, future generations will have to judge if the price paid for corporate and national security, so that we stopped having our lunch eaten, was in the end worth the meal.

Harvey Rishikof is
Former Chair, Department of National Security Strategy and Professor of Law and National Security Studies with National War College.

_____________________________________________________________________________________

[*] See the Department of Justice web site at http://www.usdoj.gov/usao/can/press/2006/2006_12_14_meng.indictment.press.htm.



[1]
See Remarks of Joel F. Brenner, ABA Standing Committee on Law and National Security, March 29, 2007, at http://www.ncix.gov/publications/speeches/ABAspeech.pdf.

[2] See, William J. Broad, A Spy’s Path: Iowa to A-Bomb to Kremlin Honor, New York Times, November 12, 2007 A1.

[3]See Chris Carr, Jack Morton, and Jerry Furniss, “The Economic Espionage Act: Bear Trap or Mousetrap?”, Vol. 8.2 Texas Intellectual Property Law Journal (2000) p. 159, 163-170.

[4] Wanja Eric Naef, Economic and Industrial Espionage: A Threat to Corporate America?; Infocon Magazine Issue One, October 2003 at http://www.iwar.org.uk/infocon/print/espionage-cid.htm.

[5] Hal R. Varian. June 28, 2007. “An iPod Has Global Value. Ask The (Many) Countries That Make It,” http://www.nytimes.com/2007/06/28/business/worldbusiness/28scene.html

[6] See “Welcoming Comments by National Counterintelligence Executive Dr. Joel F. Brenner DNI –Private Sector Workshop on Emerging Technologies,” Carnegie Endowment for International Peace, Washington, DC, 7 December 2006 http://www.ncix.gov/publications/speeches/CarnegieSpeech20061207.pdf

[7] Ibid.

[8] Chris Carr, Jack Morton, and Jerry Furniss, “The Economic Espionage Act: Bear Trap or Mousetrap?”, Vol. 8.2 Texas Intellectual Property Law Journal (2000) p. 159, 161.

[9] See p. 3 Report 2003 at http://www.ncix.gov/publications/reports/fecie_all/fecie_2003/fecie_2003.pdf.

[10] ASIS. Trends In Proprietary Information Loss; Survey Report, 3. August 2007. http://www.asisonline.org/newsroom/surveys/spi2.pdf. The 2001 FECIE report stated that an estimated $100-250 billion was lost in sales at the end of calendar year 2000.

[11] See Statement by FBI Director Louis J. Freeh, Hearing on Economic Espionage before the House Judiciary Subcommittee on Crime, May 9, 1996, at http://www.fas.org/irp/congress/1996_hr/h960509f.htm.

[12] 2005 FECIE Report, 1.

[13] The categories for 1997/1997were: Advanced material coatings; Advanced transportation and engine technology; Aeronautics systems; Armaments and energetic materials; Biotechnology; Chemical and biological systems; Directed and kinetic energy systems; Electronics; Ground systems; Guidance, navigation, and vehicle control; Information systems; Information warfare; Manufacturing and fabrication; Marine systems; Materials; Nuclear systems; Power systems; Semiconductors; Sensors and lasers; Signature control; Space systems; Weapons effects and countermeasures.

[14]The allegations, facts, and plea agreement for this section are drawn directly from the Department of Justice’s web sites at http://www.usdoj.gov/usao/can/press/2006/2006_12_14_meng.indictment.press.html

[15] The Indictment charged Meng under a number of statutes with the following maximum penalties: Conspiracy, in violation of 18 U.S.C. § 371, (five years in prison, a fine of $250,000 or twice the value of the property involved in the transaction, whichever is greater, a three year term of supervised release); Economic Espionage and Attempted Economic Espionage, in violation of 18 U.S.C. §§ 1831(a)(3), 1831(a)(4), (fifteen years in prison, a fine of $500,000 or twice the value of the property involved in the transaction, whichever is greater; a three year term of supervised release; Arm Export Control Act, in violation of 22 U.S.C. § 2778, (ten years in prison, a fine of $1,000,000 or twice the value of the property involved in the transaction, whichever is greater; a three year term of supervised release); Misappropriation of Trade Secrets and Attempted Misappropriation of Trade Secret, in violation of 18 U.S.C. §§ 1832(a)(1), 1832(a)(4), (ten years in prison, a fine of $250,000 or twice the value of the property involved in the transaction, whichever is greater, a three year term of supervised release); Interstate and Foreign Transportation of Stolen Property count, in violation of 18 U.S.C. §§ 2314, (ten years in prison, a fine of $250,000 or twice the value of the property involved in the transaction, whichever is greater, a three year term of supervised release); False Statement to Government Agency, in violation of 18 U.S.C. § 1001, (five years in prison, a fine of $250,000 or twice the value of the property involved in the transaction, whichever is greater, a three year term of supervised release). However, the court could impose any sentence following conviction after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.

[16] Case description quoted from the Testimony of Larry M. Wortzel, Before the Subcommittee on Crime, Terrorism, and Homeland Security of the House Committee on the Judiciary Hearing on “Enforcement of Federal Espionage Laws” January 29, 2008, http://www.fas.org/irp/congress/2008_hr/012908wortzel.pdf

[17] The allegations, facts, and plea agreement for this section are drawn from the Department of Justice’s web sites at http://www.usdoj.gov/criminal/cybercrime/Okamoto_SerizawaIndict.htm and http://www.usdoj.gov/criminal/cybercrime/serizawaPlea.htm.

[18] See Alzheimer’s at http://www.piribo.com/publications/diseases_conditions/alzheimers/pipeline_commercial_insight_alzheimers_disease.html

[19] The Indictment is still pending against Okamoto, which charges him with Conspiracy, Economic Espionage Act offenses, and the Transporting of Stolen Property in Interstate and Foreign Commerce.

[20] Thus far Hiroaki Serizawa has pleaded guilty to making false statements to the government. In the plea Serizawa admits he: falsely understated the number of vials of research material which Okamoto had taken from Serizawa’s laboratory (hundreds of vials); initially denied any recent personal contact with Okamoto when in fact Serizawa had been in recent telephone, electronic mail and personal contact with Okamoto; and initially denied any knowledge of Okamoto having accepted a research position with RIKEN when in fact Serizawa knew that Okamoto had accepted a research position at RIKEN. The false statements offense carries a maximum penalty of five years incarceration and a $250,000 fine. Under the law, conspiracy carries a maximum penalty of five years incarceration and a $250,000 fine, while economic espionage carries a maximum penalty of 15 years incarceration and a $500,000 fine, while interstate transportation of stolen property carries a maximum penalty of 10 years incarceration and a $250,000 fine.

[21] The allegations, facts, and plea agreement for this section are drawn directly from the Department of Justice’s web sites at http://www.usdoj.gov/criminal/cybercrime/yeIndict.htm and http://www.usdoj.gov/usao/can/press/2006/2006_12_14_ye.zhong.plea.press.html

[22] Ye and Zhong were charged with a total of ten counts, including: one count of conspiracy, in violation of 18 U.S.C. §§ 371, 1831(a)(5) and 1832(a)(5); two counts of economic espionage, in violation of 18 U.S.C. § 1831(a)(3); five counts of possession of stolen trade secrets, in violation of 18 U.S.C. § 1832(a)(3); and two counts of foreign transportation of stolen property, in violation of 18 U.S.C. § 2314.

[23] In particularly would like to thank the editors, Jennifer Sims and Burton Gerber, for their assistance in framing the article and many helpful suggestions.

[24] Remarks by Joel F. Brenner, National Counterintelligence Executive, “Strategic Counterintelligence: Protecting America in the 21st Century,” The Nro/National Military Intelligence Association Counterintelligence Symposium, Washington DC, 24 October 2007 at http://www.ncix.gov/publications/speeches/NRO-NMIA-CI-Symposium-24-Oct-07.pdf.

[25]

[26] See, Two Bay Area Men Indicted On Charges Of Economic Espionage http://www.intellectualpropertylawfirms.com/national-content.cfm/Article/107306/Two-Bay-Area-Men-Indicted-On-Charges.html.

[27] See, Kelly Uphoff, Tilting the Playing Field: Economic Espionage Hasn't Gone Away Since 9/11Costs to the U.S. Economy Could Be in the Hundreds of Billions of Dollars, at http://www.jinsa.org/articles/view.html?documentid=2835.

[28] Though in 2000 a small controversy erupted when James Woolsey, former DCI, program maintained that the US did not collect or even sort out secret intelligence for the benefit of specific American companies in response to European reports concerning alleged US/British spying on Europe under the Echelon program for industrial espionage purposes. See Woolsey, R. James. "Why We Spy on Our Allies." Wall Street Journal, 17 Mar. 2000.