return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ InfoT Public ]

Homo boobus and social engineering: When the nut behind the wheel is loose


Homo boobus is one of my favorite creations, the person for whom Murphy's Law was made and whose more spectacular appearances are usually preceded by "Hey, watch this!" The most audacious members of the specie go on to posthumously win the Darwin Award.

He or she is also the person that sysadmins have seen who "click the email attachments (when they KNEW it was a virus) "just to see what it would do"." In the future you may have the opportunity to know them much better as the family of socially engineered attacks commence with "Drag-and-infect."

Drag-and-infect is a case of drag-and-drop that allows an "attacker [to use the flaw to] install a program on a victim's computer after convincing the person to visit a malicious Web site and click on a graphic." The malicious website would be set up to lure homo boobus to actually drop a program into the victim's startup folder which would then execute when the PC was restarted.

I do not agree with Microsoft's position that the flaw "did not pose a serious risk to users because it requires an attacker to trick people into visiting a Web site and taking some action at the site." Just think how a virus, as opposed to a worm, propagates; a user has to do something, has to intervene, which they do with regularity. It is believed that drag-and-infect can be reduced to a single click, thereby making the exploit much more prevalent.

I very much agrees with the comment of the flaw's discoverer who embedded a general compliment to Microsoft in saying, "The patch [for XP] really does lock down the machine nicely, and whatever anyone finds now will be completely different to the previous year's findings."

Enter the age of Homo boobus. If and when software providers do make their apps more robust, hackers and crackers will shift to the weakest link and they will do it quickly and in novel ways that sail past the constructs meant to stop them.

Consider the novel manner in which spammers have gotten around the use of a graphic with combinations of ornate letters and numbers that is used to defeat spambots and so insure that the replier is a person: the graphic is trapped and sent to sites where visitors can gain access to erotic materials by entering the correct alphanumeric string for the spammer to use. With the meter running, homo boobus translates one graphic after another to gain more access.

For the geeks among readers, go here and here for evidence of spambot evolution.

A discussion has commenced regarding the responsibility of a vendor such as Microsoft to insulate any and all users from such threats. It is interesting that some of the early SP2 XP flaws are seen as requiring "so much social engineering that holding Microsoft responsible was an "unrealistic expectation."" I do not think that the limit will hold for long, given the creativity of hackers and the propensity of homo boobus to click on anything -- and without that understanding, the responsibility discussion may not go far enough.

Secunia rates this flaw as "highly critical," its second-highest rating of vulnerability threats. I agree and believe that as apps become more robust, hackers will exploit this class sooner than later.

Earlier appearances of Homo boobus:

Drag-and-drop flaw mars Microsoft's latest update
By Robert Lemos
August 20, 2004, 1:04 PM PT

IE flaw under SP2: User’s problem or Microsoft’s?
Posted by david.berlind @ 9:18 am (PDT)
Monday, August 23 2004

The Fastest Man on Earth (Overview and Index)
Why Everything You Know About Murphy’s Law is Wrong
by Nick T. Spark and
Los Angeles, California

Online porn often leads high-tech way
By Jon Swartz
March 9, 2004

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

Oil: Whither thou goest, we will go


Reuters reports World Bank chief economist Francois Bourguignon said that "the oil price has to return to its equilibrium level, which is around $32. How long this will take, we don't know, because it depends on the kind of speculation happening in the markets.. [but] I think there is little doubt that the price will fall again in a certain time -- one year, two years." Bourguignon continues to believe that "long-term fundamentals had not changed [but that] oil market speculation was based on events that justified some short-term rise in prices."

World Bank, reporting via Spain's Cinco Dias, presents a much shorter lowering period (and Bourguignon is their guy after all) that, "There is a risk premium that will disappear once the uncertainties have dissipated, but I think that we will return to a balanced price in a few months' time." If prices do stay high, he notes that "[the European] economic situation is not yet good" and that interest rate hikes would follow in the euro zone along with inflation.

Others were saying that some indication of slower growth are needed to bring costs down yet the IMF’s managing director, Rodrigo Rato, "confirmed Friday that he still expected the global economy to expand by about 4.6 percent" in 2004.

Leave it to the Germans to be dour, as the Frankfurter Allgemeine Zeitung cited an Investec analyst stating that "a miracle would have to happen for oil prices to fall" and that higher prices were "certainly possible" above the random number of $50. To be fair, Investec said that it was "certainly imaginable" to see $70 barrels if production in Iraq and Venezuela were interrupted and both of those have gone into temporary remission.

As I have long felt that $100 USD a barrel is within easy reach, I do wonder where Bourguignon gets his confidence when I consider the likes of:

  • Oil is "now 136% more expensive than before September 11, 2001" (HSBC Bank)
  • Ramping demand by the US, China, India, and Japan with pumping now at the highest levels since 1979. "Petro-dependency" is a common national fear.
  • With a current world consumption of 81.2 million barrels a day, the International Energy Agency (IEA) predicts 2005 global demand of 84 million barrels.
  • Colin Campbell, former BP chief executive, has been calling "peak oil, "after which production declines, for 2005. Yes there are optimistic forecasts of 120 million barrels in 2020, but current demand depletes known deposits by 2054.
  • Major fields are "on their way down; there's been no major oil discovery for the past 18 months - despite huge technological progress; and producer countries are operating at their limits."
  • Having stated in July that $35 was a fair price for oil, the Saudis signaled that their would be no petroleum "October surprise" and that there would be no effective production increase
  • While Iraqi crude is one of the cheapest to lift (half of Arabia and a third of the North Sea), some $3 billion is needed to raise Iraqi oil exports to pre-sanctions levels -- and it is years away while jihadists remain very active.
  • Continued threats to the House of Saud, uncertainty in Russia, and instability in Nigeria
  • Widespread pension fund speculation

The US will be pressed to defend the dollar as oil is increasingly priced -- but not yet invoiced -- in euros, after decades of secret agreements with Saudi Arabia, as OPEC has already switched "to trading oil in euros - as oil-exporting countries fight to offset the weak dollar." The US will import 66% of its oil in 2020 against 55% in 2001 (Administration report May 2001)

Instead of removing an OPEC Iraq that thwarted US oil pricing strategy even as it profited by being one of the few to actually sell oil in euros, we have imported geopolitical instability" and with it a significantly higher priced oil.

I had once thought that petroleum would last long enough for the water wars to get underway in earnest. Today, I am not as certain.

Oil price puts Asia's recovery at risk
By Kosuke Takahashi
Aug 24, 2004
Asia Times

Oil's slippery slope
By Pepe Escobar
Aug 24, 2004
Asia Times

Oil Prices Will Return To Normal Within Months: World Bank Economist
World Bank DevNews
Aug 23, 2004

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Ayatollah Khomeini redux


The US is losing a battle that it does not even know that it is waging, and very likely against a foe that it thought was long gone.

First the battle that the US in unaware it is losing. I like to say that what passes for "news" all too often leaves readers "informed without the ability to act." Continuing my one man assault on western reporting, when it reports the Middle East and Southwest Asia, western press usually leaves us misinformed so that any action is chance or simply wrong. One place to get valid information here is Juan Cole out of UofM. While I might not agree with all of Mr. Cole's political prescriptions, I would not try to carry out any of mine without listening what he has to say. The administration would not, as Mr. Cole's analysis would tump over its policy in Iraq, but I wonder why the press cannot make such a simple leap.

If you do not read Arabic, you are lost to understand the reality on the ground. Even Baghdad papers that print in both Arabic and English print a very different copy in Arabic. Cole recently drew the differences in perspective by contrasting reporting of fighting that had extended to Kufa. Whereas an LA Times embed reporter noted that:

"Earlier in the morning, several hundred Marines swarmed a complex of buildings in Kufa, about 500 yards west of the main Kufa Mosque, which military officials suspect that al-Sadr's militia is using. After a heavy firefight, AC-130 warplanes bombed the buildings in a series of loud explosions heard for miles."

Al-Hayat wrote on the same event:

"the fighting extended to Kufa, where American missiles struck the historic Mosque of Maytham al-Tammar, destroying part of it."

No comparison in the implications and downstream hardening of opinions. No fair, you say, they get to write what there readers want to hear just as ours do. I say that in order to make an informed decision as the outcome of our force protection and to avoid a new generation of unintended consequences (called blowback in the intel community), you'd better care or you will get another Afghanistan, or Pakistan. Wouldn’t that be fun?

Now the foe that the US had thought was long gone: Ayatollah Khomeini

Cole lifts us out of the myopia of focusing on a seemingly marginal cleric, Muqtada al-Sadr, and the fighting around a shrine: "The debates about Iraqi Shiism seem to me to occur often in a sort of historical vacuum in which everyone ignores the elephant in the living room. That is Ayatollah Khomeini and his movement, the central tenets of which were rejected by Najaf but accepted by the Sadr movement."

Contrast that to the themes running in the Western press, which I summarize as 'necessary but insufficient' to make an informed decision:

While all players had placed themselves in a corner over conflict in and around the shrine of Imam Ali bin Abi Talib, its mosque and cemetery, it is the US that is getting the worse of it as we are being battering in the Arab press -- where thoughts on the ground really matter -- and not in the weaker western press where it largely does not given the ability of the administration to shape local US response, where we are being 'convicted' of having destroyed things we have not.

Muqtada al-Sadr's Mehdi Army may or may not be vacating the Imam Ali shrine complex in Najaf. What is clear is that all sides are maneuvering for political position, the appearance of not seeming weak, or having surrendered any essential tenet or demand. The Arab roots for respect and fear are common as it is, in part, fear that can command respect.

  • Al-Sadr must show his followers that he folded for a greater end and can protect them as they leave -- with their weapons
  • The Interim Iraqi Government (IIG) must maintain the impression that it can defend the nation, and carry out the instructions of Interim Prime Minister Iyad without effective US/coalition support
  • The IIG wants al-Sadr in the Iraqi political system where he can presumably be defused

It is not enough. Writing in English for Reuters, Khaled Yacoub Oweis notes that the US will not end al-Sadr's movement by expelling him, and that al-Sadr:

  • Exploits a generational and economic divide by attracting the young and the poor even as he is despised by business, professional, and wealthier Shi'ite elements
  • Encodes a strong element of Iraqi nationalism in his movement
  • Mirrored his father's strategy of wooing the poor "who feel they have been ignored by the political establishment for decades."
  • Adopted the basic tenets of Khomeinism

Letting Cole have the close: "Khomeinism was ultimately about trying to construct a nativist cultural and political barricade against American-led globalization. As the chaos in Iraq gives the latter a black eye, it encourages the former."

Najaf Siege Might Not End Rebel Cleric's Challenge
Sat Aug 21, 2004 11:14 AM ET
By Khaled Yacoub Oweis

Gordon Housworth

InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

If not Pakistan, then who?


If you could read Under pressure that would make diamonds, Pakistan pretends to work as we pretend to pay, and not draw the conclusion that the US surrendered to the wrong partner in contesting Soviet-occupied Afghanistan and a decade later sought the wrong foe in the post 11 September "war on terror," then I fear that there is little that I can do for you. The logic of trying to craft gossamer filaments between pre-hostility Iraq and al Qaeda and allied jihadists when ropes, cables, and hawsers linking Pakistan to a pantheon of anti-US and anti-Western elements lay in plain sight is simply bankrupt, full stop.

If you're still with me, the question becomes what can we intelligently do now and with whom can we do it given that we are perilously close to blundering into a pan-Arab, even pan-Muslim, conflict that has the outline of a race war in its binary, no quarter outcome, even as we contest new entrants for resources. In an earlier note, Pakistan's HVTs may yet deliver the US election, I noted that "Pakistan "made the Taliban" in that they funded, trained, and protected it in return for the security of not having to fight a two-front war, access to energy sources in the Stans, and a conservative religious view that was, and is still, shared by many in the Inter-Services Intelligence (ISI), Pakistan's intelligence agency."

From whom was Islamabad seeking relief? None other than the state that throughout what passed for the Non-Aligned Movement (NAM) of the 1960s through 80s was the state that I called the Imperialist of Southwest Asia: India. Mind you, I've nothing against imperial states; they are more like a force of nature. As a geopoliticist, my opinion rests on the assistance or resistance that an imperial state offers me. I remember being affronted by the comments of Krishna Menon where as Indian delegate to the UN he was a determined supporter of the PRC, an outspoken critic of the US, while professing Indian nonalignment and words to the effect that 'we are a peaceful people,' as prey like Goa and Kashmir were annexed and Pakistan was sundered, creating Bangladesh in the east, lifting a threat on India's eastern flank. (Menon once did an eight hour speech on Kashmir at the UN.)

Menon railed against anti-imperialists even as he attempted to make India one cloaked in sheepskin. Now a wiser fellow, I ascribe to the idea that no nation can become great until it masters the art of hypocrisy. England and France were masters at it as was India. I like to say that 'only the top of the Raj has passed from British to Indian hands.'

India had tried to lure the US and USSR in turn and when the US would not bite, ignoring New Delhi, India opted for an alignment closer to Russian liking. That artifice fell as the Soviet union collapsed in 1991, freeing India from subordinating its foreign policy to Moscow. Similarly, the US was now free to look at states in other than a bipolar lens and rediscovered India as a significant actor. I often wonder if the US supported Pakistan in opposition as it was "not India" and the US needed another regional player.

While the Soviets poured military and industrial assets into India at bargain prices that has given it an inevitable industrial base, India still staggers under a socialist era intrusive bureaucracy replete with a phalanx of protectionist laws and subsidies that inhibit market-oriented economic reform. Its people remain mired in a have and have-not culture marked by poverty.

Corruption and nepotism remain rampant in India, commencing in post-independence with the 1948 Jeep scandal regarding purchase of army jeeps needed in Kashmir. When one is aware or the morning "money flights" from Bombay to Delhi whereby businessmen deliver cash bribes to bureaucrats or that many if not most of the gangs of beggar children that populate Indian streets (often maimed or disfigured by their keepers to make them more piteous) are considered impossible to eradicate due in part to their being either owned, managed, or under the protection of various Indian police officials, one gets an indication of the deep corruption and lack of redress available to the poor in what passes for Indian civil government.

Hindu nationalism is an ever increasing concern, one that eats away at the secularism of Jawaharlal Nehru, who while an ardent nationalist, "never had any trouble admitting the legitimacy of British democratic institutions as the model for India." The assertion of "Indian-ness" is a cloak for a Hindu nation, one that excludes Muslims rather than Hindu and Muslim living together in a pluralistic society.

Fortunately the Hindu nationalist party in power, the BJP (Bharatiya Janata Party), lost the last election not on Hindu, but on economic grounds. The have-nots wanted a slice of a growing pie as opposed to an uncertain slice of a Hindu pie. Hindu nationalism will remain a persistent, hovering threat, but there is hope.

Despite all this, India has emerged as a major Asian economy buttressed by an even more competent military, both of which dwarf Pakistan and the gap will widen. India will not track a US orbit unless its interests are met but it is a major economic, non-Muslim, non-jihadist state in an explosive region with the ability to control the Indian peninsula and the Indian Ocean.

India as a rising power
By Yevgeny Bendersky
Aug 21, 2004
Asia Times

Young Workers Are Changing India
New York Times
August 21, 200

Gordon Housworth

InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Under pressure that would make diamonds, Pakistan pretends to work as we pretend to pay


I regard it as sheer ignorance that American press seems uninterested beyond the merest of comments to detail the central, even essential, and sustaining position of Pakistan in the modern jihadist movement. I would go so far as to say that Pakistan and its intelligence service, Inter-Services Intelligence (ISI), sculpted what became al Qaeda far more than any Saudi financing, or bin Laden's early efforts when was but a minor player, and coordinated the International Islamic Front of militant groups formed by bin Laden in 1998.

The comment that "Every link [of the arrested jihadists] goes straight to top army officials of different times" does not even too justice to a Pakistani primacy that rose in resistance to the Soviet occupation of Afghanistan when the putative sponsor of the nascent jihadist movement, the CIA, bowed to ISI demands to allow it to move the material and weapons on to Afghanistan. The ISI became the effective sponsor on the ground, working through a set of proxies of its own creation, doling out support to those that met Pakistani expectations.

The US surrendered control never to regain it, and subsequently became its target. The US sanctioned ISI recruitment of "Muslim youths from the Pacific to Africa, and a whole generation of youngsters was trained in jihadi, and, importantly, with strong anti-US overtones." Hamas and Abu Sayyaf grew from Pakistani proxy camps. Then Pakistani dictator General Zia ul-Haq laid "the foundations for a global Muslim liberation movement" under the noses of the US even as the administration lionized ul-Haq. I fear us not appreciably smarter today playing a game of higher stakes.

In 2001-2002, while agreeing to publicly join the US "war on terror," Pakistan sought alternate Afghani control through Hekmatyar, then in exile in Iran. Pakistani proxies got combatant dependents out with new documents even as it linked Hekmatyar with other in-country jihadists. When the US declared one of those proxies, al-Badr, as a terrorist group, it might have declared the ISI as a terrorist group.

I fear it more than circumstance that Daniel Pearl was abducted and murdered while he was "deeply involved in investigations into the arrest of Abu Zobaida, a chief al-Qaeda operator, in Faisalabad. He was in the process of making a connection between ISI-backed groups and the seminaries of Faisalabad."

With the "July surprise" having faded, the US is pressing for the "November surprise" with a fervor that would make diamonds from coal. The Pakistanis are responding with a bit of the Russian "We pretend to work, and they pretend to pay us.")

The FBI is now specifically identifying individuals by name accompanied by a detailed rationale for their arrest, all of whom have been operating in the open since 2001 without previous Pakistani intervention. A powerhouse in Faisalabad, Qari Mohammad Noor, was placed in custody last week and has just been delivered dead to his doorstep, "his body was full of torture marks." Rumor has it that it was better to serve Noor up dead than deliver him to the Special Investigation Cell (SIC), which is comprised of FBI and ISI agents, the predominant interrogator is the FBI.

Pakistan has now offered rewards for six "most wanted terrorists" including al Qaeda's new number three, Libyan planner Abu Faraj Farj, and a participant in Pearl's murder, Amjad Faro. My attention was drawn to Pakistan's federal minister of the interior has called out "the strongest political voice of Islamists and the real mother of international Islamic movements," the Jamaat-i-Islami (JI) as having ties to al-Qaeda, and required to "explain these links." JI is a driving faction of the Muttahida Majlis-e-Amal [MMA], an alliance of six religious parties "that gained unprecedented electoral victories in national elections in 2002." Government actions have started against "associates of the JI in its strongest political constituency, Karachi" with "Rawalpindi and southern Punjab" to follow. ISI is arresting members without stipulating charges. The MMA has reacted with street protests and back-channel communications to its friends in the ISI and the government. This is a tectonic shift in the making.

The magnitude of the shift becomes clear when one understands that JI, founded in 1941 by Syed Abul Ala Maududi who "gave birth to the present Islamic movements and their radical thought, which rejects traditional Islam and challenges Western capitalism, as well as socialism":

Maududi did not accept Islam as a religion - a term used by traditionalists in all societies, whether Christian, Jew or Muslim, when referring to divine guidance. Instead, Maududi introduced the Koranic term addin (the way of life). The Koran, he argued, never used din (way of life) alone. Whenever the Koran speaks about Islam it calls it addin… This conceptualization helped Maududi separate Islam from its traditional concepts [presenting] Islam on a much broader canvas in which socio-economic and political systems are all interlinked with Islam itself… [He] declared Islam a "movement" which struggles (jihad) to enforce "the way of life". For Maududi, an Islamic state is a blessing for all irrespective of religion, caste and race under "the way of life". Later, Maududi translated the Koran with an accompanying commentary, as if presenting it as the manifesto of a revolutionary movement.

Maududi's ideas "fully penetrated" Egypt's Muslim Brotherhood, giving it an ability to attract adherents by the late 1940s. The JI started its assistance to the Pakistan army when it and India clashed over East Pakistan. The organization that later evolved into al-Qaeda, Afghan jihadi training camps for Arabs, jihadi export to Central Asian republics, Chechnya and Bosnia were all joint ventures involving the JI and ISI. The rest is history. Attacking the JI is to dismantle modern Pakistan.

Pakistan serves the US heads, not tales
By Syed Saleem Shahzad
Aug 20, 2004
Asia Times

Pakistan turns on itself
By Syed Saleem Shahzad
Aug 19, 2004
Asia Times

InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Tenderness of the fabric of our internet


The tenderness of the internet and its architectural elements upon which we depend has again been shown in a series of events. First, a SANS Internet Storm Center report showed that an unprotected out-of-the-box PC is really no PC at all in that its survival time to malware compromise from the internet is now 20 minutes, down from 40 minutes in 2003. It is instructive to check out the chart on SAN's Survival Time History. The Catch 22 is that the time to download critical patches exceeds the average survival time -- which is shorter than average if you are a university user or broadband user (high risk) and longer if your ISP closes off key attack ports (lesser risk).

I am increasingly leaning to quarantining both corporate and individual users whose PCs are not properly patched. Yes, I know that demand surges would occur at patch times, users would get angry, sysadmins would face daunting support demands, the patch process as we know it would have to adjust if not change, and vendrs would have to produce stable tested apps, but why not raise the ante on MS and Linux to produce more secure products faster.

It is not as if firms as Microsoft are unaware of the rising risk. An MS security consultant noted that "the day is likely to come when a virus or worm brings down everything… [no one] will have time to detect it [or] have time to issue patches or virus definitions and get them out there." This shows that patch management is not the be-all and end-all… If the human body did patch management the way (companies do), we'd all be dead."

If you can find comfort in that, you are more sanguine than I.

Software was historically released in paired cycles, the 'first for function and the second for speed' implying the optimization of the preceding functional release. That second release now is all important for patches as much or more than performance optimization. The "service pack 2" release or SP2 of Windows XP is not offering me further comfort as a variety of security and vulnerability-assessment firms are already finding critical flaws which observers believe will presage "worms that will circumvent SP2 features over the next few months"

To be fair, SP2 was intended to "add better security to the operating system's handling of network data, program memory, browsing activity and e-mail messages" rather than remove all faults in XP code, but this was a release a year in the making and touted for its security functions. MS had to expect that despite whatever the firm said that the release would be viewed as Caesar's wife and had to be above reproach. Not being privy to MS development demands and restraints in getting the release out, I can only note that I did not feel that the release went far enough in its new embedded firewall capacity, specifically not blocking outbound traffic that would be a signal that a worm or virus had struck the PC and was now intending to replicate itself. XP's firewall shares a flaw common to most software firewalls in that it can be "circumvented by any locally running program." (We use hardware firewalls precisely to get around this kind of limitation as "Once hostile code has gained root access to your system, you've already lost. Any firewall can be easily disabled or circumvented with only a few lines of code.")

I think that MS should consider making an effective, low-cost hardware firewall just as they made mice and keyboards. In the latter case, MS wanted to insure reliable I/O (input/output) devices for PCs running their software. I think that the same yardstick should be applied to the former to insure reliable inbound/outbound data flows from and to the internet.

I will close on the ancillary issues of digitally signing -- contractually binding -- an electronic transmittal, and certifying that documents or code blocks posted to the web have not been tampered so as to change the content or insert new code -- trap doors -- to permit downstream mischief by any subsequent user that downloads that code.

If you are using MD5 hash algorithm for digital signatures, a likely case due to its popularity, or SHA-0, move now before exploits propagate. While the near zero-day exploit time for certain classes of worms and viruses is presumably too short at the moment for this exploit class as the perp must write a specific backdoor cloaked with the same hash collision, it is only a matter of weeks not years. Due as much to lack of familiarity as difficulty, I would expect early exploits to come from crackers (criminal hackers) and state-sponsored entities seeking to attack commercial sites in order to spoof and then gain access to IP, if by no other means than by inserting trap doors in tools that will be used in the production and storing of future IP.

Also at risk is authentication of already publicly stored source code that used MD5 to certify that it is has not been tampered with, as on open-source Apache servers, i.e., existing things are as much as risk as newly authored or signed items.

And note the progress of the attack on SHA-1, also used in PGP, which we use for secure client communications, as well as some signature algorithms. Still safe, but larger parallel arrays and better algorithms continue to narrow our margin of safety.

Study: Unpatched PCs compromised in 20 minutes
By Matt Loney and Robert Lemos
ZDNet (UK)
August 17, 2004, 12:22 PM PT

Pros point to flaws in Windows security update
By Robert Lemos
August 18, 2004, 12:47 PM PT

Crypto researchers abuzz over flaws
By Declan McCullagh
August 17, 2004, 9:10 PM PT

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

The defender's dilemma: common threads in exploiting commercial supply networks


We devote substantial research to asymmetrical warfare exploits involving COTS (commercial off the shelf) openly available dual-use equipment and processes. As noted in COTS electromagnetic weapons from simple dual-use items, tools and weapons derived from such sources are perfect tools "for the asymmetrical warrior, and devastating to US commercial and military installations."

It is a truism in every COTS weapon system production capacity that we investigate that investigating authorities place self-imposed blinders upon themselves, too often assuming that their opponent is a mirror image state opponent, such as Russia, or state-sponsored opponent, such as Libya, and thus compelled to access the same production base, employ state-of-the-art production processes, assume a continuous production level when manufacturing is involved, observe common industrial manufacturing and recovery processes, and expect similar military delivery means.

Just as military forces habitually look for mirror image adversaries instead of an asymmetrical opponent exploiting a key weakness that you have overlooked, so does the FBI too often look first to new, retail commercial purchase instead of looking for "good enough" components from the used, resale, internet, closure, overstock, bankruptcy, or theft sources. The perp's goal is path of least resistance and not path of greatest production.

In almost every case we find the extraordinary ease with which perps can domestically produce under the radar, "one-time, good enough" amounts of a spectrums of weapons products by harvesting the dual-use industrial base of the US, Canada, UK, continental Europe, and Japan, for example. In each case there is no need to import or smuggle something through a nation's customs, or at least in an amount that responds readily to traditional inspection techniques. (Radioisotopic products are a rare exception due to the ability to detect inherent radiation.)

The problem is that the commercial production environment, in this case the "defender," is supremely exploitable as commercial supply chains are designed around economic efficiency and manufacturing efficiency rather than exploitation security. The asymmetrical terrorist view upends a supply chain by evaluating it from the tenets of achieving the desired outcome at acceptable risk (which could include member suicide). Products and processes are combined in ways that exploit a limited lifetime, "good enough" purity or production volumes, and easily absorb less-efficient means of production.

Cost and risk rise to the commercial defender as they try to backfill security needs atop a commercial structure. In this situation, it tracks with the difficulty in countering IP theft and diversion unless the process is built in from the onset. In all such environments, it is too easy to ask how often as opposed to if or when?

It is this capability that distresses me when I review the arrest of what appears to be an operational al Qaeda cell in the UK. It does not bother me that no substantive weapons or weapons-making materials were found in the immediate raids. What disturbs me was that "two of the British suspects... were found in possession of surveillance information on the same five American financial centers" that were discovered in Pakistan with the arrest of Muhammad Naeem Noor Khan.

I take a more threaten view of the info discovery as (a) I believe that the means of indigenous off scope weapons production to be relatively easy and getting easier, and (b) active effective surveillance is key to the setup for the attack team to carry out the assault. (DHS blundered with their media announcement by not describing the very lengthy and meticulous planning and surveillance done by al Qaeda and that the data showed both tradecraft and specific target monitoring. The age of the data was secondary.)

If I discount the production threshold of the device itself, I only need to see an operational cell capable of surveilling and basic production in order to constitute a serious threat.

We need to focus on effective, rather than expensive, solutions for early stage detection as the National Association for Business Economics (NABE) now ranks terrorism over weak job growth as the greatest perceived threat to the US economy. This drag supports our adversaries and nation-state competitors alike, incrementally weakening our economy and aiding the aims of terrorists without having to execute an actual attack.

British Charge 8 Tied to Terror Plot With Murder Conspiracy
New York Times
August 17, 2004

New Cooperation and New Tensions in Terrorist Hunt
New York Times
August 17, 2004

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Intellectual Property Theft Public  Terrorism Public  


  discuss this article

US law enforcement cooperation with US Muslim communities are remarkable for success as well as infrequency


Given recent Census Bureau missteps in releasing Arab-American statistics to the Customs Service in 2002, and to Bureau of Customs and Border Protection (CBP) at DHS in 2003, it is worth noting that there are American cooperative models of behavior for both law enforcement and a Muslim community. Southeastern Michigan is second to Paris in having the largest Arab community outside of the Middle East, and of that community of Muslims, Arabs, and Sikhs the majority are focused in the city of Dearborn. Unlike many US Arab communities prior to, and even after, 11 September, the Muslim, Arab and, to some extent, Sikh, communities in Southeastern Michigan capitalized on their numbers and concentration by becoming politically active, developing closeknit ties with the broader community, and developing formal channels of communication with government agencies." It was this outreach that allowed the community to partner with law enforcement after 11 September.

Cooperation and communication in an extraordinary fragile and low trust environment were marked by five characteristics:

  • Adoption of a community focused trust building model -- Southeastern Michigan law enforcement, federal as well as state, adopted a nontraditional model of counterterrorism investigations that relied on the American Muslim, Arab, and Sikh communities.
  • Community prioritization of partnerships -- the community responded with a proactive outreach of its own, creating a partnership with law-enforcement unique in the US
  • Formalizing Lines of Communication -- All sided perceived the value and need for a structured means for dialogue and problem solving
  • Media utilization by all parties -- Both community and law enforcement understood the important value of public statements and education in confidence building measures
  • Rapid response by all parties -- Recognizing the fragile nature of mutual trust both community and law enforcement reacted with speed be it in a proactive or reactive posture.

The Michigan FBI Special Agent In-Charge (SAC) immediately provided cultural sensitivity training for the FBI agents. The community responded with information packages for both law enforcement and community members as to what to expect and what were member rights. FBI ad DoJ addressed community concerns in town hall meetings regarding discrimination and the means of completing ongoing investigations.

Post 11 September DoJ interviews with community members were a model of communication and expectation setting:

1) law enforcement needed the community’s assistance with its efforts to prevent future terrorist attacks; 2) law enforcement had no reason to believe, although the interviewee has been selected to participate in the interview process, that he was in any way associated with terrorist activities; 3) the purpose of the interviews were to ascertain whether the subject may have information that, while inconsequential to them, may be helpful to ongoing investigations; 4) that the location, date, and time of the interview could be arranged at the discretion of the interviewee; and 5) that the interviews were voluntary.

Michigan was one of only four districts nationwide that chose to de-partner with Immigration for the purposes of these interviews in an effort to facilitate community participation in these meetings. Furthermore, authorities pursued a uniform "don’t ask" policy about immigration status.

This cooperative arrangement was able to endure some shocks that would have rent a less resilient relationship:

  • During a raid on a Dearborn Arab-American accused of possessing millions in phony cashier’s checks, "a ten year veteran of the Secret Service, who was supposed to be monitoring the perimeter of the home, wrote "Islam is evil, Christ is king" on a prayer calendar hanging in the kitchen" of the home.
  • For reasons I find dubious, FBI HQ in DC withdrew at the eleventh hour the nomination of a central community leader, Imad Hamad (who had been named Michigander of the Year in 2002), for the FBI's highest civilian public service award, the national award for Exceptional Public Service. Given that the award was for Hamad's essential support in forging "partnerships between law enforcement and the Muslim, Arab, and Sikh communities in Southeastern Michigan," it almost unwound the trust between the community and law enforcement.

Without the characteristics noted above, and the preemptive outreach and earlier political activism of the Muslims, Arabs, and Sikhs to the larger Anglo community, it is likely that the relationship would have collapsed.

The Southeastern Michigan model -- and the recommendations and lessons learned on both sides -- should be practiced more widely in the US.

A Promising Practices Guide
The Partnering for Prevention and Community Safety Initiative
Institute on Race and Justice at Northeastern University
May 2004

The Southeastern Michigan Experience
Institute on Race and Justice at Northeastern University
May 2004

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Terrorism Public  


  discuss this article

COTS electromagnetic weapons from simple dual-use items


COTS (commercial off the shelf) microwave weapons are tracking along with military systems and I find it astonishing that they do not get more serious attention for both infrastructure attacks and for "screen attacks" to a more traditional payload process. Having following David Schriner's work in directed energy since his testimony to the Joint Economic Committee in late 1998 when he spoke about broadband Transient Electromagnetic Devices (TED) which he exected to be the "RF weapon of choice to the modern cyber or infrastructure RF warrior" -- remember this is 1998.

In comparison to Narrowband (NB) devices, TEDs are "relatively simple devices that generally use simple spark-gap switches, [whose] power supplies are relatively small in size and much lower in average power and cost [in which the] engineering and mechanical issues are small, [the technology] well described [and] most of the technology required is available and is an outcrop of the various nuclear and flash x-ray work done in the past." Simple TEDs "would be about $500 and take one week to build."

Schriner later built a frequency pulse emitter in 2001 for his Volkswagen which could "disrupt or kill computers and microprocessors that run financial and communications networks, electric power grids, even car engines and traffic lights." Schriner mused that "driving the VW van around Wall Street in Manhattan, emitting radiation that would disrupt thousands of computers critical to the nation's stock market and financial and communications networks… could have been pretty exciting." Schriner has "subjected cars, radios, medical intravenous pumps, computers, and other equipment to their homemade, portable gadgetry [and has] disrupted and destroyed them."

Schriner described "four basic configurations:

  • Briefcase size "that could be placed very close to a target system (like a computer at a desk or counter)"
  • Mountable in a small van and disguised to appear as ordinary
  • Dedicated unit set up "at a remote target location and used for some purpose where appearance was not of any concern"
  • System "located in one's back yard such that it could be aimed at over flying aircraft"

It's only gotten easier since. An admirer of Schriner, Slava Persion -- as a 20-year old -- used to host Voltage Labs devoted to COTS component electromagnetic weapons such as a directional, tuneable waveguide HERF (High Energy Radio Frequency) and a railgun, complete with reasonable schematics, descriptions, and videos, but has since taken it down. However, you can see one of his simple devices harvested from a kitchen microwave unit here which also tracks with one of the devices here.

Not to be confused with electronic warfare systems which jam or spoof an enemy system when it is operating, requiring specific knowledge of the target in order to do so, microwave weapons are remarkable as they:

  • Do not rely on exact knowledge of the enemy system
  • Can leave persisting and lasting effects in the enemy targets through damage and destruction of circuits, components, and subsystems
  • Will affect enemy systems even when they are turned off
  • Force the enemy to harden the entire system, not just individual components to counter its effects

These units are well suited for covert military operations, down to handheld size, as well as regional-scale impact:

  • Numerous entry points
  • "Dial a hurt" scalable effects
  • Adjustable lethality
  • Tedious target repair
  • Wide footprint area weapon
  • Weather independent
  • Great speed and long reach
  • Easy logistics ("deep magazine" with no "expendables")
  • Collateral damage control

Perfect tools for the asymmetrical warrior, and devastating to US commercial and military installations, the latter of which had given up much of its hardening in the mistaken assumption that EMP (Electrometric Pulse) threats declined with the fall of the Soviet Union. E-bombs (non-nuclear EMP) now come in many packages.

Targeting the Human with Directed Energy Weapons
Dr. Reinhard Munzert
6 Sept. 2002

Everyday materials used in radio weapon
Source: UPI
Publication date: 2001-04-26

High Power Microwaves: Strategic and Operational Implications for Warfare
Occasional Paper No. 11 Center for Strategy and Technology Air War College
Eileen M. Walling, Colonel, UASF
May 2000

The Design and Fabrication of a Damage Inflicting RF Weapon by 'Back Yard' Methods
Statement of Mr. David Schriner before the Joint Economic Committee
United States Congress, Wednesday, February 25, 1998

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Terrorism Public  Weapons & Technology Public  


  discuss this article

Harbinger of wakeable "unexpected" data-leaks in uncommon packages: Coke's "Unexpected Summer" sweepstakes


For readers unfamiliar with a DoD SCIF, it is a Sensitive Compartmented Information Facility providing formal access controls approved by DCI and holding classified "information concerning or derived from intelligence sources, methods, or analytical processes." SCIFs commonly require data vaults impervious to all environmental threats (from fire to EMP), redundant (quadruple levels are unheard of) power and cooling, 24/7/365 site perimeter and building security, and encryption of any data transmitted from it.

An installation of serious intent and, in our parlance, a data citadel worthy of attack. While items such as personal electronic devices, miniature mass storage devices, 2-way transmission devices, and camera/video phones are off-limits to SCIFs and increasingly more so in varying degrees to commercial facilities, I find the "device-type" of Coca-Cola's "Unexpected Summer" sweepstakes ad campaign to be an interesting harbinger of data-leaks in uncommon packages.

While Coke has downplayed the risk, saying that security concerns are unfounded and that "It cannot be an eavesdropping device," the cans are GPS tracked to within about 50 feet anywhere in the US and that there is a "voyeuristic bonus" in that viewers can watch the tracking of cans that have been called in at the sweepstakes' site. These special cans were engineered by Airo Wireless to look and feel like regular cans and be concealable inside multipacks of Coke varieties, the "only real challenge" Airo had was to "take the technology we had and get it to fit into the size and weight of a Coca-Cola can."

I would also question Coke's contention that the device "can only call Coke's prize center [and data] from the GPS device can only be received by Coke's prize center." If all logic is burned to firmware, this assertion may be correct up to the extra effort of logic chip substitution, but if more such devices enter the market it is very likely that they will use a commodity programmable chip set that can be reloaded with new instructions or additional hidden instructions so that the device 'works as advertised' while performing other illegal or intellectual property diversion steps.

That fact that Airo states Coca-Cola uses Airo's mapping software as well as its GPS devices "to pinpoint the exact location" and that "Once the winning cans have been found and activated, their locations can be viewed at," would seem to contradict Coke's assertions. As Airo has multiple GPS/cellular technology applications including "custom equipped phones with EKG (electrocardiogram) monitors for heart patients, emergency devices for executive global protection, roadside assistance, house arrest monitoring, emergency phones for victims of domestic violence and services for family protection," I would assume that these are more to the programmable commodity side that a hard-wired one-off design.

By mere commercial intent or malicious collector activity, one should expect to see more 'wakeable' devices that communicate in various ways to external sources, yet do not look the part from a security inspection standpoint. While this Coke device may not be harmful, other more expanded, or hijackable, items that follow may well be.

While articles had passed my desk on these special cans, it was interesting to see a SCIF-specific handling notice about them:

The Coca Cola Company has a summer game promotion running from 5/17 - 7/12/04 in all 50 states and the District of Columbia that has the capability to compromise classified information. The company has intermixed approximately 120 Coca-Cola cans that actually contain GPS locators equipped with a SIM card, keypad and GPS chip transponder so it functions as a cell phone and GPS locator. The cans are concealed in specially marked 12, 18, 20, or 24 can multi-packs of Coca-Cola Classic, Vanilla Coke, Cherry Coke and Caffeine Free Coke. The hi-tech Coke "Unexpected Summer" promotion can has a button, microphone, and a tiny speaker on the outside of the can. Pressing the larger red button starts the game in process, thus activating the GPS signal and a cell phone used by the customer to call a special hotline. Consumers who find these cans, activate the technology, and call the hot line must agree to allow Coke "search teams" using the GPS tracker (accurate to within 50 feet), to surprise them anyplace, anytime within three weeks to deliver a valuable prize.

In accordance with DIA, no specific policy for this promotion will be issued. However, DISA employees with access to SCIFs should take a common sense approach and if one of these cans are found inside a SCIF, they should treat it as they would any two-way electronic device in a SCIF and remove it immediately. Until such time as this sales promotion ends and all 120 cans are accounted for, Coca-Cola packages should be opened and inspected before taking them into any area marked as a" Restricted Area" or classified meetings/discussions, etc. are in progress or have the potential to occur at any time.

Coke sneaks phones, GPS chips into cans
By Theresa Howard, USA TODAY
Posted 5/9/2004 9:27 PM Updated 5/9/2004 9:30 PM

Coca-Cola promotion prompts security measures
Some military bases on edge over cell phones, GPS chips in cans
The Associated Press
Updated: 6:39 p.m. ET July 1, 2004

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

Prev 26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  [46]  47  48  49  50  Next

You are on page 46
A total of 68 pages are available.

Items 451-460 of 673.

Pages: [1 - 25] [26 - 50] [51 - 68]

<<  |  May 2020  |  >>
view our rss feed