Dollars

CONTROL SECURITY


CHINESE ARMY CYBER WAR AGAINST USA IS A SENSITIVE ISSUE

The New York Timesfront-page report this week that the Chinese army is hacking into America’s most sensitive computer networks from a 12-story building outside Shanghai might finally persuade skeptics that the threat of “cyber warfare” isn’t the fevered fantasy of Richard Clarke, the producers of Die Hard 4, or the generals at the ever-growing U.S. Cyber Command. Alas, it’s real.

But what is the threat? Few of those in the know believe that some fine day, out of the blue, China will zap the programs that run our power grids, gas lines, waterworks, or banking systems, sending our economy—and much else—into a tailspin. Even if the Chinese could pull off such a feat with one keystroke, it’s hard to imagine what they’d accomplish, especially since their fortunes are wrapped up with our own.

The more worrisome threat is subtler: that the Chinese (or some other powers) will use their ability to wreak cyberhavoc as leverage to strengthen their position, and weaken ours, in a diplomatic crisis or a conventional war.



For instance, in a brewing conflict over Taiwan or the South China Sea (areas where China has asserted claims aggressively in recent years), would an American president respond with full military force if he knew that the Chinese would retaliate by turning out all the lights on the Eastern Seaboard?

A familiar concept in strategic war games is “escalation-dominance.” The idea is that victory goes to the player who can take a conflict to the next level of violence in a way that inflicts enormous damage on his opponent but very little on himself. The expected outcome of the next round is so obvious that the opponent decides not to escalate; the dominant player thus controls the subsequent course of the battle and possibly wins the war.

Real war is messier than war games. Escalation holds risks all round. The two sides might have different perceptions of which one is dominant. Or the dominant side might miscalculate the opponent’s strategic priorities. For instance, China might think the American president values uninterrupted electricity on the East Coast more than a free, independent Taiwan—but that thought might be mistaken.



Still, leaders in war and crisis do take these kinds of factors into account. Many surrenders in history have been prompted less by the damage already absorbed than by fears of the damage to come.

And China is not the only foe or rival whose calculations are complicating this new cyber world. Iran is another. Last summer, all of a sudden, a computer virus nicknamed Shamoon erased three-quarters of the Aramco oil company’s corporate files, replacing much of it with images of a burning American flag. It is widely believed that the Iranians planted the “kill switch” in retaliation for the U.S.-Israeli Stuxnet virus that disabled the centrifuges in their nuclear program


The implicit message sent not only to the United States but also, and perhaps more importantly, to its Arab commercial partners: Don’t mess with us, or we will mess with you. The Shamoon virus is now regarded as the hint of another consequence that we’d likely face in the aftermath of a military strike on Iran’s nuclear facilities. Will it deter such a strike or serve as the final straw in a pile of risks that deters us from striking (or deters the West’s Arab allies from playing whatever part they might play in an attack)? Hard to say, but the Iranians probably intended the virus to have that effect.


So, what to do about all this?

The basic task is to dissuade potential foes from thinking that they would gain escalation-dominance by launching, or having the ability to launch, a cyberattack on America’s infrastructure.

A popular notion of how to do this is to threaten “retaliation in kind”—or, taking a phrase from the nuclear-deterrence playbook, “mutual assured destruction.” This threat has its place in cyberwar but also its limits, because the United States is far more dependent on computer networks, in every aspect of its national security and its daily economic life, than China, Iran, or any other prospective foe or rival. Retaliation in kind might not serve as a sufficient deterrent because it would inflict much less damage on them than their first strike would inflict on us.

A better, but much harder, way is to defend the critical infrastructure in the first place. There are limits to this, too. First, we’re in too deep; we can’t untether our economy from the Internet any more than we can detour all road traffic off the interstate. Second, there is no such thing as a perfect defense; if well-funded, well-trained predators want to get in, they will get in. Still, there are ways to wall off or split up the most critical segments of infrastructure—and to monitor further efforts to break in. If they haven’t already, the private companies responsible for this infrastructure should start to take these steps immediately.




That is the point behind President Obama’s recent executive order on cybersecurity. In recent years, Congress has rejected bills requiring Internet service providers to follow government standards on security for various reasons, many of them legitimate. The executive order at least allows government agencies to share information with ISPs, some of it classified, on how to meet these standards themselves. It’s a good first step.

But there’s another way to stave off the danger of cyberwar, and that’s diplomacy.

In his extremely important 2010 book Cyber War, Richard Clarke likened the current era to the decade after the first atomic bombs, when American, then Soviet, scientists built these weapons of enormous destructiveness—but before politicians or strategists devised ways of thinking about them rationally: how to control them, deter their use, or limit their damage if a war couldn’t be deterred.


It’s time to move on to the next era, when this sort of thinking did occur, not just in secretive research tanks but also in open discussions and international negotiations. Clarke, who was chief of counterterrorism and cybersecurity for Presidents Clinton and Bush, spells out ways that concepts from nuclear arms control—inspections and verification, no first use, and ideas from other accords, including the Geneva Conventions—might be applied to cyberweapons.

In any case, it’s sheer silliness, at this point, to keep cyber issues off the table for fear of upsetting the sensitivities of Chinese officials (who deny that they have offensive cyberwarfare programs) and thus possibly triggering a diplomatic crisis. A crisis already looms from all sides of the globe; the United States, after all, has an offensive cyberwarfare program, too. Best to deal with it head-on, and soon.

Sourced & published by Henry Sapiecha

THE BUSINESS GANG OR FOUR RUN THE USA ECONOMY

IF YOU’VE ever suspected politics is increasingly being run in the interests of big business, I have news: Jeffrey Sachs, a highly respected economist from Columbia University, agrees with you – at least in respect of the United States.

In his book, The Price of Civilisation, he says the US economy is caught in a feedback loop. ”Corporate wealth translates into political power through campaign financing, corporate lobbying and the revolving door of jobs between government and industry; and political power translates into further wealth through tax cuts, deregulation and sweetheart contracts between government and industry. Wealth begets power, and power begets wealth,” he says.

Sachs says four key sectors of US business exemplify this feedback loop and the takeover of political power in America by the ”corporatocracy”.

First is the well-known military-industrial complex. ”As [President] Eisenhower famously warned in his farewell address in January 1961, the linkage of the military and private industry created a political power so pervasive that America has been condemned to militarisation, useless wars and fiscal waste on a scale of many tens of trillions of dollars since then,” he says.

Second is the Wall Street-Washington complex, which has steered the financial system towards control by a few politically powerful Wall Street firms, notably Goldman Sachs, JPMorgan Chase, Citigroup, Morgan Stanley and a handful of other financial firms.

These days, almost every US Treasury secretary – Republican or Democrat – comes from Wall Street and goes back there when his term ends. The close ties between Wall Street and Washington ”paved the way for the 2008 financial crisis and the mega-bailouts that followed, through reckless deregulation followed by an almost complete lack of oversight by government”.

Third is the Big Oil-transport-military complex, which has put the US on the trajectory of heavy oil-imports dependence and a deepening military trap in the Middle East, he says.

”Since the days of John D. Rockefeller and the Standard Oil Trust a century ago, Big Oil has loomed large in American politics and foreign policy. Big Oil teamed up with the automobile industry to steer America away from mass transit and towards gas-guzzling vehicles driving on a nationally financed highway system.”

Big Oil has consistently and successfully fought the intrusion of competition from non-oil energy sources, including nuclear, wind and solar power.


It has been at the side of the Pentagon in making sure that America defends the sea-lanes to the Persian Gulf, in effect ensuring a $US100 billion-plus annual subsidy for a fuel that is otherwise dangerous for national security, Sachs says.

”And Big Oil has played a notorious role in the fight to keep climate change off the US agenda. Exxon-Mobil, Koch Industries and others in the sector have underwritten a generation of anti-scientific propaganda to confuse the American people.”

Fourth is the healthcare industry, America’s largest industry, absorbing no less than 17 per cent of US gross domestic product.

”The key to understanding this sector is to note that the government partners with industry to reimburse costs with little systematic oversight and control,” Sachs says. ”Pharmaceutical firms set sky-high prices protected by patent rights; Medicare [for the aged] and Medicaid [for the poor] and private insurers reimburse doctors and hospitals on a cost-plus basis; and the American Medical Association restricts the supply of new doctors through the control of placements at medical schools.


”The result of this pseudo-market system is sky-high costs, large profits for the private healthcare sector, and no political will to reform.”

Now do you see why the industry put so much effort into persuading America’s punters that Obamacare was rank socialism? They didn’t succeed in blocking it, but the compromised program doesn’t do enough to stop the US being the last rich country in the world without universal healthcare.

It’s worth noting that, despite its front-running cost, America’s healthcare system doesn’t leave Americans with particularly good health – not as good as ours, for instance. This conundrum is easily explained: America has the highest-paid doctors.

Sachs says the main thing to remember about the corporatocracy is that it looks after its own. ”There is absolutely no economic crisis in corporate America.

”Consider the pulse of the corporate sector as opposed to the pulse of the employees working in it: corporate profits in 2010 were at an all-time high, chief executive salaries in 2010 rebounded strongly from the financial crisis, Wall Street compensation in 2010 was at an all-time high, several Wall Street firms paid civil penalties for financial abuses, but no senior banker faced any criminal charges, and there were no adverse regulatory measures that would lead to a loss of profits in finance, health care, military supplies and energy,” he says.

The 30-year achievement of the corporatocracy has been the creation of America’s rich and super-rich classes, he says. And we can now see their tools of trade.

”It began with globalisation, which pushed up capital income while pushing down wages. These changes were magnified by the tax cuts at the top, which left more take-home pay and the ability to accumulate greater wealth through higher net-of-tax returns to saving.”

Chief executives then helped themselves to their own slice of the corporate sector ownership through outlandish awards of stock options by friendly and often handpicked compensation committees, while the Securities and Exchange Commission looked the other way. It’s not all that hard to do when both political parties are standing in line to do your bidding, Sachs concludes.

Fortunately, things aren’t nearly so bad in Australia. But it will require vigilance to stop them sliding further in that direction


Sourced & published by Henry Sapiecha

Fraud takes numerous forms, from lottery wins to emails from friends.

SCAMS are the hardest security threat to protect against because they rely on exploiting naivety more so  than technical flaws.

Always be suspicious of emails, faxes, text messages, instant messages and even phone calls from people you don’t know. Anything that sounds too good to be true probably is.

You didn’t really win a huge prize in a foreign lottery, get a massive unexpected tax return or inherit millions of dollars from a long-lost relative. A Nigerian businessman doesn’t need your help to smuggle money or gold.

Your potential online Russian bride doesn’t need money for her mother’s operation. Your bank will never send you an email asking you to change your password or confirm your account.

”Common sense can’t be your only defence online – but it certainly helps,” Trend Micro’s David Peterson says.

”Despite being around since the 1980s, the old Nigerian scam alone still sees Australians conned out of over $4 million every year.”

Telephone scams are also becoming more complicated, warns Nigel Hedges, of Kaspersky Lab Australia & New Zealand.

”Such calls claim to be from Microsoft or an information security company and claim they’ve identified malware on your computer. Some people are fooled into granting remote access to their computer via the internet and are charged to have non-existent malware removed.”

Also watch for spam emails taking advantage of current events to trick you into clicking on links. Some scams are designed to trick you into handing over money. Others attempt to install software on your computer to steal passwords and other sensitive information, such as banking details, security expert Lloyd Borrett warns.

”Every time there is a major, high-profile disaster somewhere on the planet, within hours we see the bad guys setting up fake charitable donation websites or services to help you to locate family members,” Borrett says. ”Security companies have the software solutions in place to protect people from technology-based attacks. But it’s really up to each and every one of us to be alert and aware of these sorts of social-engineering scams.”

You even need to be suspicious of messages from people you do know, Borrett says. If a friend sends you a Facebook message asking for money because they’re stuck overseas, it means their account has been hacked. Scammers are also prevalent in the virtual worlds of online gaming.

Be wary of in-game messages promising free gifts if you register at a bogus website.

Then there are messages from fake administrators, threatening account suspension if you don’t log into a bogus website & divulge your account details.

Along with these are ”duping” scams – players who claim they’ve found a bug that lets them duplicate precious items.

So you hand them your hard-earned magic sword, never to see it again.

The rise of social networks such as Facebook as gaming platforms has delivered a new community of people ripe to be scammed. FarmVille might seem safer than Azeroth but scammers still lurk in the dark shadows.

Sourced & published by Henry Sapiecha

?THOUSANDS OF WEB SITES DESTROYED BY HACKERS

At least 4800 Australian websites have been lost with no chance of recovery following a break-in at Australian domain registrar and web host Distribute.IT.

The hack attack caused so much damage that four of the company’s servers were “unrecoverable”, the company said, leaving thousands of website owners in the lurch.

“The overall magnitude of the tragedy and the loss of our information and yours is simply incalculable; and we are distressed by the actions of the parties responsible for this reprehensible act,” Distribute.IT said.

As reported by Fairfax Media last week, Distribute.IT was hit with a “deliberate, premeditated and targeted attack” on its servers last Saturday but it is still struggling to work out exactly what happened or how much data was stolen.

Security experts warned that thousands of websites were vulnerable to being hijacked and extensive private data were at risk of being stolen.

Customers hit the Whirlpool forums to complain that Distribute.IT had not adequately responded with information about the break-in and that the hack “has probably killed my business”.

In a statement published today, Distribute.IT said it had been working around the clock in an attempt to recover data from its affected servers.

“At this time, We regret to inform that the data, sites and emails that were hosted on Drought, Hurricane, Blizzard and Cyclone can be considered by all the experts to be unrecoverable,” it said.

“While every effort will be made to continue to gain access to the lost information from those hosting servers, it seems unlikely that any usable data will can be salvaged from these platforms.

“In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data.”

The company said 4800 websites were affected and since it did not have the capacity to transfer the domain names to other parts of its platform, Distribute.IT had no choice “but to assist you in any way possible to transfer your hosting and email needs to other hosting providers”.

The significant data loss has raised questions from backup experts as to why Distribute.IT did not appear to have offsite backups of customer data.

Distribute.IT has still not been able to get its website back online and it is using a Google Blogger account to update customers. Its phone lines have been ringing out and its email is down, forcing the company to use a temporary Gmail addresss – distributeit888@gmail.com.

Rob McAdam, CEO of security firm Pure Hacking, said the issue was a “catastrophic problem” for those with websites hosted by Distribute.IT.

“If these clients of Distribute.IT had no other backup other than what was at Distribute.IT, they would then have to rebuild their site – from scratch,” he said.

“From the Distribute.IT blog post, it appears that they have lost all of the content for these web sites and any associated backups that Distribute.IT kept.”

James Turner, security analyst at IBRS, said: “This could be the nightmare scenario that every small/medium businessperson working on the internet has in the back of their minds. If the attack is as described then the malice behind it is appalling.”

On the Whirlpool discussion forums, where there are over 60 pages of posts discussing the Distribute.IT hack, customers were livid at finding out their data was gone forever.

“I think I’m in shock … I have lost everything …. I couldnt possibly replicate all those years of work again … my whole lifes work is gone down the drain,” wrote one.

Sourced & published by Henry Sapiecha

IS CHEATING IN GAMES OK?

A new meaning to keeping your eye on the ball

USE YOUR PHONE TO CONTROL THE BALL

Entrepreneur’s Edge: Orbotix (1:58)

Reuters Small Business presents expansion pitches from upstarts across the country. Robotic gaming startup Orbotix has developed technology that lets people control a ball with their smartphone. Here’s the pitch:

Video

Sourced & published by Henry Sapiecha