The man who could trigger a world war
By David Warren, Ottawa Citizen September 15, 2011
47
The greatest threat to the world's peace, at this moment, comes from a man named Recip Tayyip Erdogan. He is the prime minister of Turkey, at the head of the Justice and Development Party ("AK," from the Turkish). A former mayor of Istanbul, he was arrested and jailed when he publicly recited Islamist verses ("the mosques are our barracks, the domes our helmets, the minarets are our bayonets," etc.), in defiance of the old secularist, Ataturk constitution, which made it an offence to incite religious and racial fanaticism.
Erdogan's credentials as an anti-Semite, but also as an anti-Communist, were established from his school days. He came from an observant Muslim family, and while nothing he says can be taken without salt, he claims an illustrious ancestry, of fighters for Turkish and Ottoman causes.
He is an "interesting case" in other respects. His post-secondary education was in economics; he is a very capable technocrat, and under his direction the Turkish economy was rescued. He is a dragonslayer of inflation, and public deficits; he took dramatic and effective measures to clean up squalor in the Turkish bureaucracy, and as the saying goes, "he made the trains run on time."
Erdogan is also a "democrat," who has no reason not to be, because he enjoys tremendous and abiding domestic popularity. The party he founded came to power by a landslide, and has been twice re-elected. (He had a stand-in for prime minister at first, for he was still banned from public office.) There are demographic reasons, too, why Turkish secularism has been overwhelmed by Turkish Islamism. The Muslim faithful have babies; modern secularists don't.
The "vision" of this politician, which he can articulate charismatically, is to combine efficient, basically free-market economic management, with a puritanized version of the religious ideals of the old Ottoman Caliphate. (Gentle reader may recall that I am allergic to visionary and charismatic politicians, who operate on the body politic like a dangerous drug.)
Erdogan's vision has turned outward. His strategy has been to seek better economic integration with the West, while making new political alliances with the East - most notably with Iran. He now presents Turkey as the champion of "mainstream" Sunni Islamism, while trying to square the circle with Persian Shia Islamism. This could still come to grief over Syria, where the Turks want Iran's man, Assad, overthrown, and the Muslim Brotherhood brought into a new Syrian government.
Turkey's military was the guarantor of pro-western Turkish secularism, under the Ataturk constitution. With characteristic incomprehension of the consequences, western statesmen supported Erdogan's efforts to establish civilian control over the generals - our old NATO friends. By imprisoning several senior officers on (probably imaginative) charges of plotting a coup, Erdogan was able to induce the entire Turkish senior staff to resign, last month.
They did this because they had run out of allies. Hillary Clinton and company hung the only effective domestic opposition to Erdogan out to dry. Turkey's powerful, western-equipped military is now entirely Erdogan's baby, and the country's secularist constitution is a dead letter. Erdogan, the Islamist, now has absolute power.
It was he who sent the "peace flotilla" to challenge Israel's right to blockade Gaza (recognized under international law and explicitly by the U.N.). He made the inevitable violent result of that adventure into an anti-Israeli cause célèbre. He has now announced that the next peace flotilla will be accompanied by the Turkish navy.
This will put Israel in the position of either surrendering its right to defend itself, or firing on Turkish naval vessels. There is no way to overstate the gravity of this: Erdogan is manoeuvring to create a casus belli.
He has made himself the effective diplomatic sponsor for the Palestinian declaration of statehood next week - from which much violence will follow. Every Palestinian who dies, trying to kill a Jew, will be hailed as a "martyr," with compensation and apologies demanded.
He has been playing Egyptian politics, by adding to the rhetorical fuel that propelled an Islamist mob into the Israeli embassy in Cairo last Friday. He is himself in Cairo, this week, on a mission to harness grievances against Israel, in the very fluid circumstances of the "Arab Spring." For action against this common enemy is the one thing that can unite all disparate Arab factions - potentially under Turkish leadership.
The West is just watching, while Erdogan creates pretexts for another Middle Eastern war: one in which Israel may be pitted not only against the neighbouring states of the old Arab League, but also Turkey, and Iran, and Hamas, and Hezbollah.
This is what is called an "existential threat" to Israel, unfolding in live time. It could leave the West with a choice between defending Israel, and permitting another Holocaust. In other words, we are staring at the trigger for a genuine world war. With Recip Erdogan's twitching finger on it.
Read more: http://www.ottawacitizen.com/news/could+trigger+world/5398190/story.html#ixzz1YLuf9672
Sunday, September 18, 2011
Wednesday, December 15, 2010
Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions
Technology
Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions
By Ed Barnes
AP
An aerial view of Iran's nuclear facility in Natanz.
In the 20th century, this would have been a job for James Bond.
The mission: Infiltrate the highly advanced, securely guarded enemy headquarters where scientists in the clutches of an evil master are secretly building a weapon that can destroy the world. Then render that weapon harmless and escape undetected.
But in the 21st century, Bond doesn't get the call. Instead, the job is handled by a suave and very sophisticated secret computer worm, a jumble of code called Stuxnet, which in the last year has not only crippled Iran's nuclear program but has caused a major rethinking of computer security around the globe.
Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they've all found, says Sean McGurk, the Homeland Security Department's acting director of national cyber security and communications integration, is a “game changer.”
The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,” says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Others have called it the first “weaponized” computer virus.
Simply put, Stuxnet is an incredibly advanced, undetectable computer worm that took years to construct and was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy: Iran’s nuclear enrichment program.
The target was seemingly impenetrable; for security reasons, it lay several stories underground and was not connected to the World Wide Web. And that meant Stuxnet had to act as sort of a computer cruise missile: As it made its passage through a set of unconnected computers, it had to grow and adapt to security measures and other changes until it reached one that could bring it into the nuclear facility.
When it ultimately found its target, it would have to secretly manipulate it until it was so compromised it ceased normal functions.
And finally, after the job was done, the worm would have to destroy itself without leaving a trace.
That is what we are learning happened at Iran's nuclear facilities -- both at Natanz, which houses the centrifuge arrays used for processing uranium into nuclear fuel, and, to a lesser extent, at Bushehr, Iran's nuclear power plant.
At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component -- the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel.
At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant's massive steam turbine.
Here's how it worked, according to experts who have examined the worm:
--The nuclear facility in Iran runs an “air gap” security system, meaning it has no connections to the Web, making it secure from outside penetration. Stuxnet was designed and sent into the area around Iran's Natanz nuclear power plant -- just how may never be known -- to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back to the plant.
--Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan. (When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)
--Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.
--After penetrating the Windows operating system, the code then targeted the siemens operating system that controlled the plant. Once that was in its grip it then took over the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.
--The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and -- remarkably -- how that system worked as well and how to mask its activities from it.
--Masking itself from the plant's security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system.
Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system. As new worms entered the system, they would meet and adapt and become increasingly sophisticated.
During this time the worms reported back to two mysterious servers that had to be run by intelligence agencies, one in Denmark and one in Malaysia. The servers monitored the worms as they infiltrated Natanz. Efforts to find those servers since then have yielded no results.
This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines. It quickly put out a notice on a Web network monitored by computer security experts around the world. Ordinarily these experts would immediately begin tracing the worm and dissecting it, looking for clues about its origin and other details.
But that didn’t happen, because within minutes all the alert sites came under attack and were inoperative for 24 hours.
“I had to use e-mail to send notices but I couldn’t reach everyone. Whoever made the worm had a full day to eliminate all traces of the worm that might lead us them,” Eric Byres, a computer security expert who has examined the Stuxnet. “No hacker could have done that.”
Experts, including inspectors from the International Atomic Energy Agency(IAEA,) say that, despite Iran's claims to the contrary, the worm was successful in its goal: causing confusion among Iran’s nuclear engineers and disabling their nuclear program.
Because of the secrecy surrounding the Iranian program, no one can be certain of the full extent of the damage. But sources inside Iran and elsewhere say that the Iranian centrifuge program has been operating far below its capacity and that the uranium enrichment program had “stagnated” during the time the worm penetrated the underground facility. Only 4,000 of the 9,000 centrifuges Iran was known to have were put into use. Some suspect that is because of the critical need to replace ones that were damaged.
And the limited number of those in use dwindled to an estimated 3,700 as problems engulfed their operation. IAEA inspectors say the sabotage better explains the slowness of the program, which they had earlier attributed to poor equipment manufacturing and management problems. As Iranians struggled with the setbacks, they began searching for signs of sabotage. From inside Iran there have been unconfirmed reports that the head of the plant was fired shortly after the worm wended its way into the system and began creating technical problems, and that some scientists who were suspected of espionage disappeared or were executed. And counter intelligence agents began monitoring all communications between scientists at the site, creating a climate of fear and paranoia.
Iran has adamantly stated that its nuclear program has not been hit by the bug. But in doing so it has backhandedly confirmed that its nuclear facilities were compromised. When Hamid Alipour, head of the nation’s Information Technology Company, announced in September that 30,000 Iranian computers had been hit by the worm but the nuclear facilities were safe, he added that among those hit were the personal computers of the scientists at the nuclear facilities. Experts say that Natanz and Bushehr could not have escaped the worm if it was in their engineers’ computers.
“We brought it into our lab to study it and even with precautions it spread everywhere at incredible speed,” Byres said.
“The worm was designed not to destroy the plants but to make them ineffective. By changing the rotation speeds, the bearings quickly wear out and the equipment has to be replaced and repaired. The speed changes also impact the quality of the uranium processed in the centrifuges creating technical problems that make the plant ineffective,” he explained.
In other words the worm was designed to allow the Iranian program to continue but never succeed, and never to know why.
One additional impact that can be attributed to the worm, according to David Albright of the Institute for Science and International Studies, is that “the lives of the scientists working in the facility have become a living hell because of counter-intelligence agents brought into the plant” to battle the breach. Ironically, even after its discovery, the worm has succeeded in slowing down Iran's reputed effort to build an atomic weapon. And Langer says that the efforts by the Iranians to cleanse Stuxnet from their system “will probably take another year to complete,” and during that time the plant will not be able to function anywhere normally.
But as the extent of the worm’s capabilities is being understood, its genius and complexity has created another perplexing question: Who did it?
Speculation on the worm’s origin initially focused on hackers or even companies trying to disrupt competitors. But as engineers tore apart the virus they learned not only the depth of the code, its complex targeting mechanism, (despite infecting more than 100,000 computers it has only done damage at Natanz,) the enormous amount of work that went into it—Microsoft estimated that it consumed 10,000 man days of labor-- and about what the worm knew, the clues narrowed the number of players that have the capabilities to create it to a handful.
“This is what nation-states build, if their only other option would be to go to war,” Joseph Wouk, an Israeli security expert wrote.
Byres is more certain. “It is a military weapon,” he said.
And much of what the worm “knew” could only have come from a consortium of Western intelligence agencies, experts who have examined the code now believe.
Originally, all eyes turned toward Israel’s intelligence agencies. Engineers examining the worm found “clues” that hinted at Israel’s involvement. In one case they found the word “Myrtus” embedded in the code and argued that it was a reference to Esther, the biblical figure who saved the ancient Jewish state from the Persians. But computer experts say "Myrtus" is more likely a common reference to “My RTUS,” or remote terminal units.
Langer argues that no single Western intelligence agency had the skills to pull this off alone. The most likely answer, he says, is that a consortium of intelligence agencies worked together to build the cyber bomb. And he says the most likely confederates are the United States, because it has the technical skills to make the virus, Germany, because reverse-engineering Siemen’s product would have taken years without it, and Russia, because of its familiarity with both the Iranian nuclear plant and Siemen’s systems.
There is one clue that was left in the code that may tell us all we need to know.
Embedded in different section of the code is another common computer language reference, but this one is misspelled. Instead of saying “DEADFOOT,” a term stolen from pilots meaning a failed engine, this one reads “DEADFOO7.”
Yes, OO7 has returned -- as a computer worm.
Stuxnet. Shaken, not stirred.
Read more: http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/#ixzz18BzozomG
Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions
By Ed Barnes
AP
An aerial view of Iran's nuclear facility in Natanz.
In the 20th century, this would have been a job for James Bond.
The mission: Infiltrate the highly advanced, securely guarded enemy headquarters where scientists in the clutches of an evil master are secretly building a weapon that can destroy the world. Then render that weapon harmless and escape undetected.
But in the 21st century, Bond doesn't get the call. Instead, the job is handled by a suave and very sophisticated secret computer worm, a jumble of code called Stuxnet, which in the last year has not only crippled Iran's nuclear program but has caused a major rethinking of computer security around the globe.
Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they've all found, says Sean McGurk, the Homeland Security Department's acting director of national cyber security and communications integration, is a “game changer.”
The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,” says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Others have called it the first “weaponized” computer virus.
Simply put, Stuxnet is an incredibly advanced, undetectable computer worm that took years to construct and was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy: Iran’s nuclear enrichment program.
The target was seemingly impenetrable; for security reasons, it lay several stories underground and was not connected to the World Wide Web. And that meant Stuxnet had to act as sort of a computer cruise missile: As it made its passage through a set of unconnected computers, it had to grow and adapt to security measures and other changes until it reached one that could bring it into the nuclear facility.
When it ultimately found its target, it would have to secretly manipulate it until it was so compromised it ceased normal functions.
And finally, after the job was done, the worm would have to destroy itself without leaving a trace.
That is what we are learning happened at Iran's nuclear facilities -- both at Natanz, which houses the centrifuge arrays used for processing uranium into nuclear fuel, and, to a lesser extent, at Bushehr, Iran's nuclear power plant.
At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component -- the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel.
At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant's massive steam turbine.
Here's how it worked, according to experts who have examined the worm:
--The nuclear facility in Iran runs an “air gap” security system, meaning it has no connections to the Web, making it secure from outside penetration. Stuxnet was designed and sent into the area around Iran's Natanz nuclear power plant -- just how may never be known -- to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back to the plant.
--Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan. (When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)
--Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.
--After penetrating the Windows operating system, the code then targeted the siemens operating system that controlled the plant. Once that was in its grip it then took over the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.
--The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and -- remarkably -- how that system worked as well and how to mask its activities from it.
--Masking itself from the plant's security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system.
Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system. As new worms entered the system, they would meet and adapt and become increasingly sophisticated.
During this time the worms reported back to two mysterious servers that had to be run by intelligence agencies, one in Denmark and one in Malaysia. The servers monitored the worms as they infiltrated Natanz. Efforts to find those servers since then have yielded no results.
This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines. It quickly put out a notice on a Web network monitored by computer security experts around the world. Ordinarily these experts would immediately begin tracing the worm and dissecting it, looking for clues about its origin and other details.
But that didn’t happen, because within minutes all the alert sites came under attack and were inoperative for 24 hours.
“I had to use e-mail to send notices but I couldn’t reach everyone. Whoever made the worm had a full day to eliminate all traces of the worm that might lead us them,” Eric Byres, a computer security expert who has examined the Stuxnet. “No hacker could have done that.”
Experts, including inspectors from the International Atomic Energy Agency(IAEA,) say that, despite Iran's claims to the contrary, the worm was successful in its goal: causing confusion among Iran’s nuclear engineers and disabling their nuclear program.
Because of the secrecy surrounding the Iranian program, no one can be certain of the full extent of the damage. But sources inside Iran and elsewhere say that the Iranian centrifuge program has been operating far below its capacity and that the uranium enrichment program had “stagnated” during the time the worm penetrated the underground facility. Only 4,000 of the 9,000 centrifuges Iran was known to have were put into use. Some suspect that is because of the critical need to replace ones that were damaged.
And the limited number of those in use dwindled to an estimated 3,700 as problems engulfed their operation. IAEA inspectors say the sabotage better explains the slowness of the program, which they had earlier attributed to poor equipment manufacturing and management problems. As Iranians struggled with the setbacks, they began searching for signs of sabotage. From inside Iran there have been unconfirmed reports that the head of the plant was fired shortly after the worm wended its way into the system and began creating technical problems, and that some scientists who were suspected of espionage disappeared or were executed. And counter intelligence agents began monitoring all communications between scientists at the site, creating a climate of fear and paranoia.
Iran has adamantly stated that its nuclear program has not been hit by the bug. But in doing so it has backhandedly confirmed that its nuclear facilities were compromised. When Hamid Alipour, head of the nation’s Information Technology Company, announced in September that 30,000 Iranian computers had been hit by the worm but the nuclear facilities were safe, he added that among those hit were the personal computers of the scientists at the nuclear facilities. Experts say that Natanz and Bushehr could not have escaped the worm if it was in their engineers’ computers.
“We brought it into our lab to study it and even with precautions it spread everywhere at incredible speed,” Byres said.
“The worm was designed not to destroy the plants but to make them ineffective. By changing the rotation speeds, the bearings quickly wear out and the equipment has to be replaced and repaired. The speed changes also impact the quality of the uranium processed in the centrifuges creating technical problems that make the plant ineffective,” he explained.
In other words the worm was designed to allow the Iranian program to continue but never succeed, and never to know why.
One additional impact that can be attributed to the worm, according to David Albright of the Institute for Science and International Studies, is that “the lives of the scientists working in the facility have become a living hell because of counter-intelligence agents brought into the plant” to battle the breach. Ironically, even after its discovery, the worm has succeeded in slowing down Iran's reputed effort to build an atomic weapon. And Langer says that the efforts by the Iranians to cleanse Stuxnet from their system “will probably take another year to complete,” and during that time the plant will not be able to function anywhere normally.
But as the extent of the worm’s capabilities is being understood, its genius and complexity has created another perplexing question: Who did it?
Speculation on the worm’s origin initially focused on hackers or even companies trying to disrupt competitors. But as engineers tore apart the virus they learned not only the depth of the code, its complex targeting mechanism, (despite infecting more than 100,000 computers it has only done damage at Natanz,) the enormous amount of work that went into it—Microsoft estimated that it consumed 10,000 man days of labor-- and about what the worm knew, the clues narrowed the number of players that have the capabilities to create it to a handful.
“This is what nation-states build, if their only other option would be to go to war,” Joseph Wouk, an Israeli security expert wrote.
Byres is more certain. “It is a military weapon,” he said.
And much of what the worm “knew” could only have come from a consortium of Western intelligence agencies, experts who have examined the code now believe.
Originally, all eyes turned toward Israel’s intelligence agencies. Engineers examining the worm found “clues” that hinted at Israel’s involvement. In one case they found the word “Myrtus” embedded in the code and argued that it was a reference to Esther, the biblical figure who saved the ancient Jewish state from the Persians. But computer experts say "Myrtus" is more likely a common reference to “My RTUS,” or remote terminal units.
Langer argues that no single Western intelligence agency had the skills to pull this off alone. The most likely answer, he says, is that a consortium of intelligence agencies worked together to build the cyber bomb. And he says the most likely confederates are the United States, because it has the technical skills to make the virus, Germany, because reverse-engineering Siemen’s product would have taken years without it, and Russia, because of its familiarity with both the Iranian nuclear plant and Siemen’s systems.
There is one clue that was left in the code that may tell us all we need to know.
Embedded in different section of the code is another common computer language reference, but this one is misspelled. Instead of saying “DEADFOOT,” a term stolen from pilots meaning a failed engine, this one reads “DEADFOO7.”
Yes, OO7 has returned -- as a computer worm.
Stuxnet. Shaken, not stirred.
Read more: http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/#ixzz18BzozomG
Monday, May 31, 2010
Cyber attack 'could fell US within 15 minutes'
The US must prepare itself for a full-scale cyber attack which could cause death and destruction across the country in less than 15 minutes, the former anti-terrorism Tsar to Bill Clinton and George W Bush has warned.
Alex Spillius in Washington
Published: 11:53PM BST 07 May 2010
Former White House counterterrorism advisor Richard A Clarke: US facing cyber attack that could fell country in 15 minutes
Former White House counterterrorism advisor Richard A Clarke Photo: EPA
Richard Clarke claims that America's lack of preparation for the annexing of its computer system by terrorists could lead to an "electronic Pearl Harbor".
In his warning, Mr Clarke paints a doomsday scenario in which the problems start with the collapse of one of Pentagon's computer networks.
Soon internet service providers are in meltdown. Reports come in of large refinery fires and explosions in Philadelphia and Houston. Chemical plants malfunction, releasing lethal clouds of chlorine.
Air traffic controllers report several mid-air collisions, while subway trains crash in New York, Washington and Los Angeles. More than 150 cities are suddenly blacked out. Tens of thousands of Americans die in an attack comparable to a nuclear bomb in its devastation.
Yet it would take no more than 15 minutes and involve not a single terrorist or soldier setting foot in the United States.
The scenario is contained the pages of his book, Cyber War: The Next National Security Threat, written with Robert Knake.
And Mr Clarke has been right before.
As anti-terrorism tsar under Mr Clinton and then Mr Bush, he issued dire warnings of the need for better defences against al-Qaeda, and wrote about his futile campaign in the 2004 book Against All Enemies.
Now he argues that a similar lack of preparation could exact a tragic price.
"The biggest secret about cyber war may be that at the very same time the US prepares for offensive cyber war, it is continuing policies that make it impossible to defend effectively from cyber attack," says the book.
In part, the US has been hampered by the unforeseeable success of the internet and expansion of computerised networks, which are now used in almost every aspect of industry but have led to a hazardous degree of over-dependence.
The belief in the internet as the freewheeling, free-spirited epitome of American free speech has made government intrusion politically difficult, leaving the private sector particularly vulnerable to well-trained hackers.
Successive administrations, including President Barack Obama's, have failed to get to grips with the scale of the problem, believe Clarke and Knake, though they have kindred spirits dotted around the establishment.
The military has yet to open its new Cyber Command centre, amid disagreements about what role different agencies will play.
Meanwhile America may have invented the internet, but at least 30 nations have created offensive cyber-war capabilities, which aim to plant a variety of viruses and bugs into key utility, military and financial systems of other states.
The authors are convinced that there will at some point be a cyber-war between two nations and are concerned that such a conflict would "lower the threshold" for a war with bombs and bullets.
Ironically, the United States is currently far more vulnerable to cyberwar than Russia or China, or even North Korea, because those countries have not only concentrated on their cyber defences but are less reliant on the internet.
"We must have the ability to turn off our connection to the internet and still be able to continue to operate," Mr Knake, a senior fellow at the Council on Foreign Relations, told the Daily Telegraph. "Relying on a system as precarious as the internet is a big mistake.
"It is a fundamentally insecure ecosystem that is ripe for conflict and gives countries with disadvantages in conventional weapons an asymmetrical advantage." Britain, as a nanny state more tolerant of government interference, is far better prepared than its giant ally across the Atlantic.
The US has already experienced two major cyber warning shots. Hackers from Russia or China or both successfully planted software in the US electricity grid that left behind software that could be used to sabotage the system at a later date.
The North Koreans may not be able to feed their people but in 2009 they succeeded in bringing down the servers of the Department of Homeland Security, the US Treasury and several other government departments, along with regular internet providers, by flooding them with requests for data.
Most dramatically, it saturated the internet connections of a Pentagon server that the military would rely for logistical communications in an armed conflict.
"We need to rethink the premise that just because this took place with bits and bytes it wasn't a dangerous and destabilising action," said Mr Knake, who said they wrote the book "to start a conversation".
Alex Spillius in Washington
Published: 11:53PM BST 07 May 2010
Former White House counterterrorism advisor Richard A Clarke: US facing cyber attack that could fell country in 15 minutes
Former White House counterterrorism advisor Richard A Clarke Photo: EPA
Richard Clarke claims that America's lack of preparation for the annexing of its computer system by terrorists could lead to an "electronic Pearl Harbor".
In his warning, Mr Clarke paints a doomsday scenario in which the problems start with the collapse of one of Pentagon's computer networks.
Soon internet service providers are in meltdown. Reports come in of large refinery fires and explosions in Philadelphia and Houston. Chemical plants malfunction, releasing lethal clouds of chlorine.
Air traffic controllers report several mid-air collisions, while subway trains crash in New York, Washington and Los Angeles. More than 150 cities are suddenly blacked out. Tens of thousands of Americans die in an attack comparable to a nuclear bomb in its devastation.
Yet it would take no more than 15 minutes and involve not a single terrorist or soldier setting foot in the United States.
The scenario is contained the pages of his book, Cyber War: The Next National Security Threat, written with Robert Knake.
And Mr Clarke has been right before.
As anti-terrorism tsar under Mr Clinton and then Mr Bush, he issued dire warnings of the need for better defences against al-Qaeda, and wrote about his futile campaign in the 2004 book Against All Enemies.
Now he argues that a similar lack of preparation could exact a tragic price.
"The biggest secret about cyber war may be that at the very same time the US prepares for offensive cyber war, it is continuing policies that make it impossible to defend effectively from cyber attack," says the book.
In part, the US has been hampered by the unforeseeable success of the internet and expansion of computerised networks, which are now used in almost every aspect of industry but have led to a hazardous degree of over-dependence.
The belief in the internet as the freewheeling, free-spirited epitome of American free speech has made government intrusion politically difficult, leaving the private sector particularly vulnerable to well-trained hackers.
Successive administrations, including President Barack Obama's, have failed to get to grips with the scale of the problem, believe Clarke and Knake, though they have kindred spirits dotted around the establishment.
The military has yet to open its new Cyber Command centre, amid disagreements about what role different agencies will play.
Meanwhile America may have invented the internet, but at least 30 nations have created offensive cyber-war capabilities, which aim to plant a variety of viruses and bugs into key utility, military and financial systems of other states.
The authors are convinced that there will at some point be a cyber-war between two nations and are concerned that such a conflict would "lower the threshold" for a war with bombs and bullets.
Ironically, the United States is currently far more vulnerable to cyberwar than Russia or China, or even North Korea, because those countries have not only concentrated on their cyber defences but are less reliant on the internet.
"We must have the ability to turn off our connection to the internet and still be able to continue to operate," Mr Knake, a senior fellow at the Council on Foreign Relations, told the Daily Telegraph. "Relying on a system as precarious as the internet is a big mistake.
"It is a fundamentally insecure ecosystem that is ripe for conflict and gives countries with disadvantages in conventional weapons an asymmetrical advantage." Britain, as a nanny state more tolerant of government interference, is far better prepared than its giant ally across the Atlantic.
The US has already experienced two major cyber warning shots. Hackers from Russia or China or both successfully planted software in the US electricity grid that left behind software that could be used to sabotage the system at a later date.
The North Koreans may not be able to feed their people but in 2009 they succeeded in bringing down the servers of the Department of Homeland Security, the US Treasury and several other government departments, along with regular internet providers, by flooding them with requests for data.
Most dramatically, it saturated the internet connections of a Pentagon server that the military would rely for logistical communications in an armed conflict.
"We need to rethink the premise that just because this took place with bits and bytes it wasn't a dangerous and destabilising action," said Mr Knake, who said they wrote the book "to start a conversation".
Monday, December 7, 2009
What do ISPs charge the law to spy on you?
By Cory Doctorow on spying
Cryptome is hosting several ISPs' pricelists and guidelines for "lawful spying" activities on behalf of law enforcement. Included is Yahoo's price-guide (hilariously, Yahoo tried to send them a copyright takedown notice to make this go away).
One of the more remarkable elements of Yahoo's document is the sheer quantity of material that Yahoo retains for very, very long periods. From /.: "IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."
Yahoo! will seek reimbursement based on the actual time expended by Yahoo!'s compliance staff in complying with the request. The average costs related to compliance matters are listed below for your convenience. These estimates are neither a ceiling nor a floor but represent the average costs of typical searches. Time spent may vary considerably based on the wording of the request and the information available about the user. These time estimates are also based on narrowly tailored requests that do not require extensive searches in multiple databases. These estimates are not price quotes, budgets, or guarantees and should not be used for budgeting purposes. Yahoo! reserves the right to adjust its estimates and reimbursement charges as necessary.
* Basic subscriber records: approx. $20 for the first ID, $10 per ID thereafter
* Basic Group Information (including information about moderators): approx. $20 for a group with a single moderator
* Contents of subscriber accounts, including email: approx. $30-$40 per user
* Contents of Groups: approx. $40 - $80 per group
Cryptome is hosting several ISPs' pricelists and guidelines for "lawful spying" activities on behalf of law enforcement. Included is Yahoo's price-guide (hilariously, Yahoo tried to send them a copyright takedown notice to make this go away).
One of the more remarkable elements of Yahoo's document is the sheer quantity of material that Yahoo retains for very, very long periods. From /.: "IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."
Yahoo! will seek reimbursement based on the actual time expended by Yahoo!'s compliance staff in complying with the request. The average costs related to compliance matters are listed below for your convenience. These estimates are neither a ceiling nor a floor but represent the average costs of typical searches. Time spent may vary considerably based on the wording of the request and the information available about the user. These time estimates are also based on narrowly tailored requests that do not require extensive searches in multiple databases. These estimates are not price quotes, budgets, or guarantees and should not be used for budgeting purposes. Yahoo! reserves the right to adjust its estimates and reimbursement charges as necessary.
* Basic subscriber records: approx. $20 for the first ID, $10 per ID thereafter
* Basic Group Information (including information about moderators): approx. $20 for a group with a single moderator
* Contents of subscriber accounts, including email: approx. $30-$40 per user
* Contents of Groups: approx. $40 - $80 per group
Wednesday, December 19, 2007
Subscribe to:
Posts (Atom)