Category Archives: Cyber USA

05/8/12

Digital Entry Through Your Back Door

A proposed expansion of surveillance authority is being pushed by the DoJ to counter what it calls its ‘Going Dark’ problem.

CYBERSPACE—A few Colombian sex workers now know what it’s like to be fucked by the Secret Service, and in more ways than one, but it may not be too long before we all know what it’s like to have federal law enforcement living inside our asses, collectively and individually. It could get messy.

As CNET’s Declan McCullagh reported Friday, “The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.”

The problem, says the Bureau, is that “the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities.”

Can’t have that! So the office of the FBI general counsel’s “has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.”

From the following reaction by an industry rep who saw the draft legislation, it sounds as if the individual is not necessarily looking forward to bending over and spreading them for the feds: “If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding,” s/he said. A second industry rep told CNET that the requirements only apply to sites or networks that exceed a certain number of users.

According to McCullagh, the proposal expands upon an existing law called the Communications Assistance for Law Enforcement Act (CALEA) that covers telecommunications but not the internet, and is being pushed hard by the Justice Department and other federal agencies in a bid to address a problematic trend identified by the FBI as “Going Dark,” which refers to the alleged inability of law enforcement to keep track of people as technology advances.

In fact, the FBI reinforced its concerns about going dark Friday, stating in a comment to CNET, “[There are] significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government ‘going dark,’ resulting in an increased risk to national security and public safety.”

But CNET reports that in addition to the DoJ, the federal Communications Department also is interested in tweaking CALEA to include “products that allow video or voice chat over the Internet—from Skype to Google Hangouts to Xbox Live.”

Neither is the effort to expand CALEA new. The FBI has been concerned about this issue since 2006 and began its efforts to get litigation passed seven years ago, reported McCullagh, who added that the only thing keeping the already-written legislation from being considered by Congress is the unwillingness of the Obama Administration to send the bill to the Hill.

“A representative for Sen. Patrick Leahy, head of the Judiciary committee and original author of CALEA, said today that ‘we have not seen any proposals from the administration,’” wrote McCullagh.

From the FBI’s perspective, nothing in the proposed law expands current wiretapping law, which will continue to require a court order. The idea, they say, is to improve their technological ability to “provide results,” meaning making access easier. Toward that end, Subsentio, a Colorado-based company that sells CALEA compliance products, told CNET that the proposed measure “provides a ‘safe harbor’ for internet companies as long as the interception techniques are ‘good enough’ solutions approved by the attorney general,” or “if companies ‘supply the government with proprietary information to decode information’ obtained through a wiretap or other type of lawful interception, rather than ‘provide a complex system for converting the information into an industry standard format.’”

Either way, the FBI is angling to have the presumably anonymous ability to keep tabs on virtually every form of person-to-person communications available, which is something that makes a lot of people uncomfortable. In addition to several critics of the law mentioned in the CNET article, including EFF, the Computer and Communications Industry Association and TechAmerica, a trade association that includes representatives of HP, eBay, IBM, Qualcomm, and other tech companies on its board of directors, Salon.com contributor Glenn Greenwald published a blistering denunciation of the effort Sunday in a piece called, “Surveillance State democracy.”

“The procedure being used here by the FBI to obtain these powers is just as significant to me as the substance of the policy it wants,” warns Greenwald.  ”Notice how the FBI—in order to obtain these new powers—does not believe it needs to persuade the American citizenry to accept it. Instead, they’re meeting with the people who actually hold power over our laws—industry executives—in order to plead with them not to oppose this. FBI officials even planned a pilgrimage to Silicon Valley ‘to meet with Internet companies’ CEOs and top lawyers’ in the hope of obtaining their permission to proceed with this new scheme.”

From secret surveillance by government of P2P communications to secret surveillance by ISPs of the content you are downloading, it would appear that the brave new world imagined by the internet could yet become a maze for rats.

The good news, according to Greenwald, is that it is still “possible for citizens to meaningfully oppose this relentless expansion of the Surveillance State.” In light of his claim that “those who continue to expand the National Security and Surveillance State appear to have little fear of any meaningful citizen backlash,” however, Greenwald is also saying that the time to “mobilize meaningful citizen opposition to growing government surveillance powers” is now.

Read More –> http://news.avn.com/articles/FBI-Wants-Digital-Entry-Through-Your-Back-Door-474964.html

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/7/12

Will .China Mobile. Spy on U.S?

gAtO wAs- reading Stan Abrams a lawyer and professor in Beijing, China article about “Will China Mobile Get It’s U.S. License Approved? – http://www.businessinsider.com/will-china-mobile-get-its-us-license-approved-2012-5 the FCC “Team Telecom” has all the power in this deal. This is simple when a foreign ownership wants to come into our telecom world we want the DHS, DOJ, FBI DoD to investigate them for backdoor into the infrastructure that no virus scan can detect- in the hardware and firmware….

This is a big deal, we gave the OK a few years ago to China Telecom and China Unicom similar licenses in 2002-03. Why the big deal now. Well the last few years China has increased it’s attacks on U.S companies sucking in their IP (-Intellectual Properties). To top things off Huawei just got turned down down-under in Australia to allow it to come into their Telecom network. Once again when you give access to our telecom network we are giving them the key to all our information. Now keep in mind that we still have over 60-70% of our government C&C (Command and Control) running on our public Internet pipelines. Back a few years ago China re-routed over 15% of all the Internet traffic thru their routers. While we developed a kill switch to isolate us from the rest of the world and do a reset. Anyway the FCC has a lot of power that no one knows about check out there liaison activities list below it quite interesting.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Okay, reality check time. I doubt that China Mobile would want the type of scrutiny that a court case would mandate, so I don’t expect a formal challenge to a rejection from “Team Telecom.” Certainly Beijing doesn’t want China Mobile to disclose to anyone what it is required by Chinese law to do with data on its networks (hint: government monitoring). Moreover, the U.S. national security apparatus certainly wouldn’t want to disclose what it knows to the “other side” (i.e. China). And at the end of the day, neither side wishes to disclose any of this to the general public.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

If they turn China Mobile down and it’s contested it would be good to see what evidence the U.S. Government has to say “we believe this company is spying on us with these backdoors they put in”.  Yeah in an election year it’s going to get hot with China if they play a bad boy I think Obama may have to show them what we can really do in cyber space -gAtO oUt

Reference:

FCC Homeland Security – Liaison Activities http://transition.fcc.gov/pshs/docs/liaison.pdf

Read more: http://www.chinahearsay.com/will-china-mobile-get-its-u-s-license-approved/#ixzz1uBhPIJEt

CodeName Tempest http://en.wikipedia.org/wiki/TEMPEST

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
03/7/12

Reporting Open System in the Wild: Like NASA JPL OPEN

gAtO sAy – we have a big problem for anyone that has cyber information and want to report it. This is not a US problem but an International one. We all know that companies do not want to report that their site is open, or they been hacked for a number of reasons. Their reputation will be damage, clients will not trust them and sad but companies sometimes even pay hackers to keep the information from being leaked. You have hacktivist, commercial criminals and state actors. But a few security researcher find information about a company and want to report it and get the problem fixed the reasons vary but the intentions are good. Were do we go to report this. The FBI, our Senators or maybe Homeland security nah they don’t care.

gAtO and other researcher like ntiSec have found a number of SCADA systems open in the wild and from all the shouting from the powers that be you would think they would want to help. SCADA system control pump, elevators, nuclear power plants and if someone plays with these systems it could have a very bad effect on physical infrastructure of a country. Political people yell their going to hack out electric system but when we find one and try to tell the company they don’t listen.

One reason is ego – let say you contact a webmaster and tell them hay your system is open and has this problem – well that webmaster may just think “oh shit if my boss finds out it’s gonna be my ass”and he/she does not report it. Maybe they will try to fix it but admitting to anyone in the IT department could make them tell the boss and with the job market the way it is people are afraid that they may get fired.

gAtOmAlO sAy's

Next if you go to the C-Suite folks you know the executives well they say “oh shit this could have an effect on my bonus” or profits or they may lose clients if people find out that maybe their client information has not been encrypted or maybe compliance and regulatory reports and they get a heavy fines, this will effect the bottom line. So as you can see these people have a vested interest not to tell anyone how bad their systems are or fix them. But their sites are still open.

Then you have governments which are responsible to protect the people but these folks have so many rules and regulations that actually prevent them from doing the right thing and fixing the problems. Example:

You all heard that NASA has been hacked by the Chinese and yet gAtO tried to report that there systems were wide open:

http://starbase.jpl.nasa.gov/

http://starbase.jpl.nasa.gov/mgn-v-rdrs-5-dim-v1.0/mg_1193/fl06s186/

http://starbase.jpl.nasa.gov/mgn-v-rdrs-5-dim-v1.0/mg_1193/

http://starbase.jpl.nasa.gov/mgn-v-rdrs-5-dim-v1.0/

You would think that this would get top priority. I could not get anyone to listen. I tried the FBI, Senator Reed, Senator Whitehouse, even Homeland Security they could not or would not help. Here is NASA . Jet Propulsion Laboratory (JPL) the people that control our satellite and still they did not close up the sites for over a week.  A hacktivist or a foreign state actor like China, Iran, North Korea could access these systems and bring down a satellite and kill millions of people. They still don’t care.

When gAtO tried to report this to his representatives he got hung up by his office, they took no action. Here is our government doing nothing when something goes wrong. Email them or call them and ask them why they don’t want to help -gAtO oUt

Steven_Usler@reed.senate.gov  (401) 943-3100

james.langevin@mail.house.gov (401) 732-9400

jim@jimlangevin.com

sheldon_whitehouse@whitehouse.senate.gov (401) 453-5294

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
01/14/12

US -Monitors Social Media

 

Social Media Web Sites Monitored by the NOC 

This is a representative list of sites that the NOC will start to monitor in order to provide situational awareness and establish a common operating picture under this Initiative. Initial sites listed may link to other sites not listed. The NOC may also monitor those sites if they are within the scope of this Initiative. Tool  Link  User/Password Required 
General Search 
Collecta http://collecta.com No
RSSOwl http://www.rssowl.org/ No
Social Mention http://socialmention.com/ No
Spy http://www.spy.appspot.com No
Who’s Talkin http://www.whostalkin.com/ No
Shrook RSS reader http://www.utsire.com/shrook/ No
Video 
Hulu http://www.hulu.com No
iReport.com http://www.ireport.com/ No
Live Leak http://www.liveleak.com/ No
Magma http://mag.ma/ No
Time Tube http://www.dipity.com/mashups/timetube No
Vimeo http://www.vimeo.com No
Youtube http://www.youtube.com No
MySpace Video http://vids.myspace.com/ No
Maps 
Global Incident Map http://globalincidentmap.com/ No
Google Flu Trends http://www.google.org/flutrends/ No
Health Map http://www.healthmap.org/en No
IBISEYE http://www.ibiseye.com/ No
Stormpulse http://www.stormpulse.com/ No
Trends Map http://www.trendsmap.com No
Photos 
Flickr http://www.flickr.com/ No
Picfog http://picfog.com/ No
Twicsy http://www.twicsy.com No
Twitcaps http://www.twitcaps.com No
Twitter/API 
Twitter/API http://www.twitter.com Yes
Twitter Search 
Monitter http://www.monitter.com/ No
Twazzup http://www.twazzup.com No
Tweefind http://www.tweefind.com/ No
Tweetgrid http://tweetgrid.com/ No
Tweetzi http://tweetzi.com/ No
Twitter Search http://search.twitter.com/advanced No
Twitter Trends 
Newspapers on Twitter http://www.newspapersontwitter.com/ No
Radio on Twitter http://www.radioontwitter.com/ No
Trendistic http://trendistic.com/ No
Trendrr http://www.trendrr.com/ No
TV on Twitter http://www.tvontwitter.com/ No
Tweet Meme http://tweetmeme.com/ No
TweetStats http://tweetstats.com/ No
Twellow http://www.twellow.com/ No
Twendz http://twendz.waggeneredstrom.com/ No
Twitoaster http://twitoaster.com/ No
Twitscoop http://www.twitscoop.com/ No
Twitturly http://twitturly.com/ No
We Follow http://wefollow.com/ No
Facebook 
It’s Trending http://www.itstrending.com/news/ No
Facebook http://www.facebook.com Yes
MySpace  http://www.myspace.com Yes
MySpace (limited search) http://www.myspace.com No
Blogs Aggs 
ABCNews Blotter http://abcnews.go.com/Blotter/ No
al Sahwa http://al-sahwa.blogspot.com/ No
AllAfrica http://allafrica.com/ No
Avian Flu Diary http://afludiary.blogspot.com/ No
BNOnews http://www.bnonews.com/ No
Borderfire http://www.borderfirereport.net/ No
Borderland Beat http://www.borderlandbeat.com/ No
Brickhouse Security http://blog.brickhousesecurity.com/ No
Chem.Info http://www.chem.info/default.aspx No
Chemical Facility Security News http://chemical-facility-security-news.blogspot.com/ No
ComputerWorld Cybercrime Topic Center http://www.computerworld.com/s/topic/82/Cybercrime+and+Hacking No
Counter-Terrorism Blog http://www.counterterrorismblog.com/ No
Crisisblogger http://crisisblogger.wordpress.com/ No
Cryptome http://cryptome.org/ No
Danger Room http://www.wired.com/dangerroom/ No
Drudge Report http://drudgereport.com/ No
El Blog Del Narco http://elblogdelnarco.blogspot.com/ No
Emergency Management Magazine http://www.emergencymgmt.com No
Foreign Policy Passport http://blog.foreignpolicy.com/ No
Global Security Newswire http://gsn.nti.org/gsn/ No
Global Terror Alert http://www.globalterroralert.com/ No
Global Voices Network http://globalvoicesonline.org/-/world/americas/haiti/ No
Google Blog Search http://blogsearch.google.com No
Guerra Contra El Narco http://guerracontraelnarco.blogspot.com/ No
H5N1 Blog http://crofsblogs.typepad.com/h5n1/ No
Homeland Security Today http://www.hstoday.us/ No
Homeland Security Watch http://www.hlswatch.com/ No
Huffington Post http://huffingtonpost.com/ No
Hurricane Information Center http://gustav08.ning.com/ No
HurricaneTrack http://www.hurricanetrack.com/ No
InciWeb http://www.inciweb.org/ No
Informed Comment http://www.juancole.com/ No
Jihad Watch http://www.jihadwatch.org/ No
Krebs on Security http://krebsonsecurity.com/ No
LA Now http://latimesblogs.latimes.com/lanow/ No
LA Wildfires Blog http://latimesblogs.latimes.com/lanow/wildfires/ No
Livesay Haiti Blog http://livesayhaiti.blogspot.com/ No
LongWarJournal http://www.longwarjournal.org/ No
Malware Intelligence Blog http://malwareint.blogspot.com/ No
MEMRI http://www.memri.org/ No
MexiData.info http://mexidata.info/ No
MS-13 News and Analysis http://msthirteen.com/ No
Narcotrafico en Mexico http://narcotraficoenmexico.blogspot.com/ No
National Defense Magazine http://www.nationaldefensemagazine.org No
National Terror Alert http://www.nationalterroralert.com/ No
NEFA Foundation http://www.nefafoundation.org/ No
Newsweek Blogs http://blog.newsweek.com/ No
Nuclear Street http://nuclearstreet.com/blogs/ No
NYTimes Lede Blog http://thelede.blogs.nytimes.com/ No
Plowshares Fund http://www.ploughshares.org/news-analysis/blog No
Popular Science Blogs http://www.popsci.com/ No
Port Strategy http://www.portstrategy.com/ No
Public Intelligence http://publicintelligence.net/ No
ReliefWeb http://www.reliefweb.int No
RigZone http://www.rigzone.com/ No
Science Daily http://www.sciencedaily.com/ No
STRATFOR http://www.stratfor.com/ No
Technorati http://technorati.com/ No
Terror Finance Blog http://www.terrorfinance.org/the_terror_finance_blog/ No
The Latin Americanist http://ourlatinamerica.blogspot.com/ No
Threat Level http://www.wired.com/threatlevel/ No
Threat Matrix http://www.longwarjournal.org/threat-matrix/ No
Tickle the Wire http://www.ticklethewire.com/ No
Tribuna Regional http://latribunaregional.blogspot.com/ No
TruckingInfo.com http://www.truckinginfo.com/news/index.asp No
United Nations IRIN http://www.irinnews.org/ No
Ushahidi Haiti http://haiti.ushahidi.org/ No
War on Terrorism http://terrorism-online.blogspot.com/ No
WikiLeaks http://wikileaks.org/ No
WireUpdate http://wireupdate.com/ No

The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), will launch and lead the Publicly Available Social Media Monitoring and Situational Awareness (Initiative) to assist the Department of Homeland Security (DHS) and its components involved in fulfilling OPS statutory responsibility (Section 515 of the Homeland Security Act (6 U.S.C. § 321d(b)(1)) to provide situational awareness and establish a common operating picture for the federal government, and for those state, local, and tribal governments, as appropriate. The NOC and participating components1 may also share this de-identified information with international partners and the private sector where necessary and appropriate for coordination. While this Initiative is not designed to actively collect Personally Identifiable Information (PII), OPS is conducting this update to the Privacy Impact Assessment (PIA) because this initiative may now collect and disseminate PII for certain narrowly tailored categories. For example, in the event of an in extremis situation involving potential life and death, OPS will share certain PII with the responding authority in order for them to take the necessary actions to save a life, such as name and location of a person calling for help buried under rubble, or hiding in a hotel room when the hotel is under attack by terrorists. In the event PII comes into the Department’s possession under circumstances other than those itemized herein, the NOC will redact all PII prior to further dissemination of any collected information. - gAtO oUt

Reference: http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_ops_publiclyavailablesocialmedia_update.pdf

1.2 What are the sources of the information in the system? 

Members of the public as well as first responders, press, volunteers, and others provide publicly-available information on social medial sites including online forums, blogs, public websites, and message boards. OPS is permitted to establish user names and passwords to form profiles on social media sites listed in Appendix A and to use search tools under established criteria and search terms such as those listed in Appendix B for monitoring that supports providing situational awareness and establishing a common operating picture.

1.3 Why is the information being collected, used, disseminated, or maintained? 

The NOC will identify, use, disseminate, and maintain this information to comply with its statutory mandate to provide situational awareness and establish a common operating picture for the entire federal government, and for state, local, and tribal governments as appropriate and to ensure that this information reaches government decision makers. The aggregation of data published via social media sites should make it possible for the NOC to provide more accurate situational awareness, a more complete common operating picture, and more timely information for decision makers.

1.4 How is the information collected? 

The NOC will identify information directly from third-party social media services. The NOC will access and collect information from various informational streams and postings that the NOC, as well as the broader public, view and monitor. See Appendix A for a list of the types of sites that may be viewed for information. See Appendix B for the types of search terms used in social media monitoring.

1.5 How will the information be checked for accuracy? 

The NOC will identify information from third-party social media services submitted voluntarily by members of the public and compares that information with information available in open source reporting and through a variety of public and government sources. By bringing together and comparing many different sources of information, the NOC will attempt to provide a more accurate picture of contemporaneous activities.

1.6 What specific legal authorities, arrangements, and/or agreements defined the collection of information? 

Congress requires the NOC “to provide situational awareness and establish a common operating picture for the entire federal government and for state, local, and tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other manmade disaster; and ensure that critical terrorism and disaster-related information reaches government decision-makers.” Section 515 of the Homeland Security Act (6 U.S.C. § 321d(b)(1)). While the NOC may receive PII, PII is not actively collected. Much of the data within this system does not pertain to an individual; rather, the information pertains to locations, geographic areas, facilities, and other things or objects not related to individuals. However, some personal information may be captured. Most information is stored as free text and any word, phrase, or number is searchable.

1.7 Privacy Impact Analysis: Given the amount and type of data Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 6

collected, discuss the privacy risks identified and how they were mitigated. 

There is a risk that the NOC will receive PII or other identifiable information that is not relevant to this Initiative. The NOC has a clear policy in place that any PII incidentally received outside the scope of the discrete set of categories discussed above will be redacted immediately. Also, under this initiative OPS will not: 1) actively seek PII; 2) post any information; 3) actively seek to connect with other internal/external personal users; 4) accept other internal/external personal users’ invitations to connect; and 5) interact on social media sites. Information collected to provide situational awareness and establish a common operating picture originates from publicly available social media sites and is available to the public.

Section 2.0 Uses of the Information 

The following questions are intended to delineate clearly the use of information and the accuracy of the data being used.

2.1 Describe all the uses of information. 

The NOC will use Internet-based platforms that provide a variety of ways to follow activities by monitoring publicly-available online forums, blogs, public websites, and message boards. Through the use of publicly-available search engines and content aggregators, the NOC will continuously monitor activities on social media sites, such as those listed in Appendix A, using search terms, such as those listed in Appendix B, for information. The NOC will gather, store, analyze, and disseminate relevant and appropriate information to federal, state, local, and foreign governments, and private sector partners requiring and authorized to receive situational awareness and a common operating picture.

2.2 What types of tools are used to analyze data and what type of data may be produced? 

NOC analysts will be responsible for monitoring and evaluating information provided on social media sites and will use tools offered by third-party social media sites to aid them in this overall effort. The final analysis will be used to provide situational awareness and establish a common operating picture.

2.3 If the system uses commercial or publicly available data please explain why and how it is used. 

Publicly-available, user-generated data can be useful to decision-makers as it provides “on-the-ground” information to help corroborate information received through official sources.

2.4 Privacy Impact Analysis: Describe any types of controls that may be in place to ensure that information is handled in accordance with the above described uses. 

The risk is that PII will be sent to the NOC unintentionally. This has been mitigated by the clear policy that PII, outside the scope of the discreet set of categories discussed above, inadvertently collected shall be redacted immediately before further use and sharing. The Department is providing notice of all uses of information under this Initiative through this PIA. The NOC will not actively collect or use any PII Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 7

outside the scope of the discreet set of categories discussed above.

Section 3.0 Retention 

The following questions are intended to outline how long information will be retained after the initial collection.

3.1 What information is retained? 

The NOC will retain only user-generated information posted to publicly-available online social media sites. Information posted in the public sphere that the Department uses to provide situational awareness or establish a common operating picture becomes a federal record and the Department is required to maintain a copy.

3.2 How long is information retained? 

The NOC will retain information for no more than 5 years to provide situational awareness and establish a common operating picture. This five-year retention schedule is based on the operational needs of the Department.

3.3 Has the retention schedule been approved by the component records officer and the National Archives and Records Administration (NARA)? 

Yes.

3.4 Privacy Impact Analysis: Please discuss the risks associated with the length of time data is retained and how those risks are mitigated. 

The risk associated with retention of information is that PII will be retained when it is not necessary and that the information will be kept longer than is necessary. The NOC has mitigated this risk by redacting PII outside the scope of the discreet set of categories discussed above that it inadvertently collects and is working with NARA on a retention schedule to immediately delete PII, upon the approval of this schedule by NARA, as well as to maintain records necessary for further use by the Department.

Section 4.0 Internal Sharing and Disclosure 

The following questions are intended to define the scope of sharing within the Department of Homeland Security.

4.1 With which internal organization(s) is the information shared, what information is shared and for what purpose? Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 8

Information will be shared within the NOC and with government leadership who have a need to know. The NOC is sharing this information for the statutorily mandated purpose of providing situational awareness and establishing a common operating picture.

4.2 How is the information transmitted or disclosed? 

Information will be transmitted via email and telephone and by other electronic and paper means within the NOC and to government leadership where necessary and appropriate. PII will not actively be collected outside the scope of the discreet set of categories discussed above. However, if PII is inadvertently pushed to the NOC, it will be redacted by the NOC before information is shared. The remaining data is analyzed and prepared for reporting.

4.3 Privacy Impact Analysis: Considering the extent of internal information sharing, discuss the privacy risks associated with the sharing and how they were mitigated. 

The risk associated with sharing this information is that PII will be inadvertently collected and shared. The NOC has mitigated this risk by establishing effective policies to avoid collection of PII outside the scope of the discreet set of categories discussed above and to redact it if collected inappropriately. The NOC will only monitor publicly accessible sites where users post information voluntarily.

Section 5.0 External Sharing and Disclosure 

The following questions are intended to define the content, scope, and authority for information sharing external to DHS which includes federal, state and local government, and the private sector.

5.1 With which external organization(s) is the information shared, what information is shared, and for what purpose? 

The NOC will use this Initiative to fulfill its statutory responsibility to provide situational awareness and establish a common operating picture for the entire federal government, and for state, local, and tribal governments as appropriate, and to ensure that critical disaster-related information reaches government decision makers. Information may also be shared with private sector and international partners where necessary, appropriate, and authorized by law.

5.2 Is the sharing of personally identifiable information outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of DHS. 

PII will not actively be collected. However, if pushed to the NOC and outside the scope of the discreet set of categories discussed above, the PII will be redacted. Any sharing will be compatible with DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 9

FR 69689, published November 15, 2010) and the newly published Department of Homeland Security Office of Operations Coordination and Planning – 004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records. Information is only collected to provide situational awareness and to establish a common operating picture.

5.3 How is the information shared outside the Department and what security measures safeguard its transmission? 

Information will be shared by phone, email, and other paper and electronic means.

5.4 Privacy Impact Analysis: Given the external sharing, explain the privacy risks identified and describe how they were mitigated. 

External sharing risks are minimal as the Initiative will only share PII on a narrowly-tailored category of individuals; only information collected to provide situational awareness and to establish a common operating picture is shared. Any sharing will be compatible with DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 FR 69689, published November 15, 2010). Further, as part of the PCR, DHS has decided to publish DHS/OPS-004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records to provide additional transparency.

Section 6.0 Notice 

The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information.

6.1 Was notice provided to the individual prior to collection of information? 

Yes, notice is provided through this PIA and through DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 FR 69689, published November 15, 2010), and the newly published Department of Homeland Security Office of Operations Coordination and Planning – 004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records

6.2 Do individuals have the opportunity and/or right to decline to provide information? 

Information posted to social media websites is publicly accessible and voluntarily generated. Thus, the opportunity not to provide information exists prior to the informational post by the user.

6.3 Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right? 

Individuals voluntarily post information on social media sites and have the ability to restrict access to their posts as they see fit. Any information posted publicly can be used by the NOC in providing situational awareness and establishing a common operating picture. Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 10

6.4 Privacy Impact Analysis: Describe how notice is provided to individuals, and how the risks associated with individuals being unaware of the collection are mitigated. 

There is no requirement to provide notice to individuals under the framework applied under this Initiative. Information posted to social media approved for monitoring under this Initiative is publicly accessible and voluntarily generated.

Section 7.0 Access, Redress and Correction 

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

7.1 What are the procedures that allow individuals to gain access to their information? 

Social media are public websites. All users have access to their own information through their user accounts. Individuals should consult the privacy policies of the services they subscribe to for more information.

For those included in the limited category of individuals upon whom PII may be collected who are seeking access to any record containing information that is part of a DHS system of records, or seeking to contest the accuracy of its content, they may submit a Freedom of Information Act (FOIA) or Privacy Act (PA) request to DHS. Given the nature of some of the information in the SWO and NOC Tracker Logs (sensitive law enforcement or intelligence information), DHS may not always permit the individual to gain access to or request amendment of his or her record. However, requests processed under the PA will also be processed under FOIA; requesters will always be given the benefit of the statute with the more liberal release requirements. The FOIA does not grant an absolute right to examine government documents; the FOIA establishes the right to request records and to receive a response to the request. Instructions for filing a FOIA or PA request are available at: http://www.dhs.gov/xfoia/editorial_0316.shtm.

The FOIA/PA request must contain the following information: Full Name, current address, date and place of birth, telephone number, and email address (optional). Privacy Act requesters must either provide a notarized and signed request or sign the request pursuant to penalty of perjury, 28 U.S.C. §1746. Please refer to the DHS FOIA web site for more information at www.dhs.gov/foia.

7.2 What are the procedures for correcting inaccurate or erroneous information? 

See above.

7.3 How are individuals notified of the procedures for correcting their information? 

Individuals are notified through this PIA, DHS/OPS-003 and DHS/OPS-004. Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 11

7.4 If no formal redress is provided, what alternatives are available to the individual? 

There is no specified procedure for correcting information to DHS; if there were, it relates to a social media-provided process and not a DHS process. Individuals may change their PII as well as the accessibility of their content posts at any time they wish through their user account management tools on the social media sites. Individuals should consult the privacy policies of the services to which they subscribe for more information.

7.5 Privacy Impact Analysis: Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated. 

The information available on social networking websites is largely user-generated, which means that the individual chooses the amount of information available about himself/herself as well as the ease with which it can be accessed by other users. Thus, the primary account holder should be able to redress any concerns through the third-party social media service. Individuals should consult the privacy policies of the services they subscribe to for more information.

Section 8.0 Technical Access and Security 

The following questions are intended to describe technical safeguards and security measures.

8.1 What procedures are in place to determine which users may access the system and are they documented? 

All NOC Media Monitoring analysts have access to media feed aggregation tools and sites which are publicly available. The analysts also have access to the MMC application which is only accessible via a physical connection to an isolated private network established at the NOC Media Monitoring Watch room. In addition to the physical security, the program requires an assigned username and password for access. The system cannot be remotely accessed.

8.2 Will Department contractors have access to the system? 

Yes, as it is required in the performance of their contractual duties at DHS. However, access to the MMC application is limited to NOC authorized analysts who are physically present at the NOC Media Monitoring Watch desk.

8.3 Describe what privacy training is provided to users either generally or specifically relevant to the program or system? 

All DHS employees and contractors are required to take annual privacy training. In addition, media monitoring analysts get specific PII training.

8.4 Has Certification & Accreditation been completed for the system or systems supporting the program? Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 12

No. Tools and sites being used for information collection are publicly available, third-party services. Any certification & accreditation has not been completed for MMC application since the system is housed on non-government furnished equipment on an isolated private network.

8.5 What auditing measures and technical safeguards are in place to prevent misuse of data? 

This PIA will be reviewed every six months to ensure compliance. This will be done in conjunction with a Privacy Office-led PCR of the Initiative and of OPS social media monitoring internet based platforms and information technology infrastructure.

As recommended by the Privacy Office, efforts are underway to implement auditing at the router level for all outbound http(s) traffic and generate audit reports which will be available for each compliance review and upon request. Also, information on sources used to generate all reports can be provided for review by Privacy officials. The MMC application server resides on a secure, firewalled, isolated private network that does not allow inbound access or connection.

8.6 Privacy Impact Analysis: Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, what privacy risks were identified and how do the security controls mitigate them? 

Media feed aggregation tools/sites are publicly-available, third-party services. Information is collected by the service itself to establish an account. Thereafter, users determine their level of involvement and decide how “visible” they wish their presence on any given service to be. The ability to choose how much information to disclose, as well as the short period of retention for any information collected by the NOC serves to mitigate any privacy risk.

The only PII collected is of a very limited scope within the discreet set of categories discussed above. However, even that limited amount is secure. NOC does not retain any raw material reviewed during the collection phase. All data entered into the MMC application is carefully reviewed to ensure compliance with the guidelines provided in this PIA. The MMC application is not designed to share information by any means other than sending reports to a pre-approved, predetermined distribution list. The only way to access data in the application is for an authorized user physically connected to a contained system to pull out data, create a separate file and then share that file. Because the system cannot be accessed remotely, and the collected PII is very limited, privacy compromise risks are low.

Section 9.0 Technology 

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics and other technology.

9.1 What type of project is the program or system? 

Third-parties control and operate social media services. Users should consult with representatives of the service provider in order to make themselves aware of technologies utilized by the system.

9.2 What stage of development is the system in and what project Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 13

development lifecycle was used? 

Social media is active at all times and is third-party owned and operated.

9.3 Does the project employ technology which may raise privacy concerns? If so please discuss their implementation. 

Individuals should consult the privacy policies of the services they subscribe to for more information.

Responsible Officials 

Donald Triner

Director (Acting), National Operations Center

Office of Operations Coordination and Planning

Department of Homeland Security

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
10/23/11

Political Cyber Warfare | cYbEr pOliTiCs

gAtO sAy-  so the cyber war begins Mitt Romney campaign brought $2,851 worth of domain names at GoDaddy.com Some of the domains have no content but it a strategic plan to raise hell on Rick Perry. Then you got the Prez Obama buying $3,958 at GoDaddy with 70 sites that containing Perry’s name and of course a few more for Romney. The fact of the matter even in the gubernatorial battle against Republican Kay Bailey Hutchison, in which Hutchison’s campaign website was juiced with the possible intent of spreading rumors about Perry being gay. Within the site’s juicing program were 2,200 hidden phrases, one of which was “rick perry gay”.

cYbEr pOlItIcS? gAtO tHiNk sO

This is how it done boy’s and girls 2,200 keywords with “rick perry gay” of course this is in the META files so unless you look at the source code you would not see it. A web sites has two (2) codes one for the formatting of the visual aspect of the site the other the code for the search engine and that code you the user never sees. This is an Old SEO trick and it works, in politics it get’s nasty. Buying these sites and using them to throw out political messages are a form of a cyber weapons, a powerful weapon to control the words, idea and the message of the candidate.

So this is how Cyber War happens, you don’t have to hack a site or DDoS them, just put up a site and throw all the mud you want about someone. In today’s world a cyber reputation is just as important as a real live reputation. With a little downplay you can make your opponent suffer and spend time on rumors and innuendo while you look good and clean. You can even hide these sites so nobody can find your associated with the site. Today anyone can create a website and make some noise so corporations that want a little more lobbying can also put up dummy sites and do their thingy. The bad part is International Nations can mess with our politics more today then they ever could so we must be vigilant to outsiders controlling our affairs. I know the CIA has done this to other countries for the longest time but now we too must beware, it’s to damm easy to start a rumors online.

Well here’s to another profitable cyber war Godaddy is the big winner so far. Next the campaign will use the volunteers online using Facebook, Twitter and YouTube the other tools too spread mayhem into any political campaign. You will see them posting on sites to bring back links to the sites and the targets will be the media in each state, city and town. The media is so easy to control their 5 day 24 hour news cycle is controlled by the campaign already, the extra push from cyberspace planted stories can only help. The politicos need to control the message in politics and cyberspace is the place to do it via any stationary or mobile device. Controlling the message is what cyberspace is built for. In a cyber attack you can go passive and win the war with words and a little SEO (Search Engine Optimization) gAtO mAgIc.

In the last presidential election we saw the Internets rise to fame as a tool to get donations now they are adding the biggest Social Engineering Attack (SEA) to get and control the message. This is the same attics that competitions use covertly, you don’t want people to know that Pepsi has a dummy Coke.com site to make them look bad. In politics this is the norm for you to go ugly and send out false claims that the opponent has to fight to correct and then looses traction. It’s the coolest most cut throat game in town cYbEr PoLoTiCs baby.  gAtO say let the political cyber war begin for the lulz.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/ - http://cyber.uscyberlabs.com - http://ChinaCyberWarfare.wordpress.com - http://HacktivistBlog.wordpress.com/

Rick Perry WebSites by Mitt Romney

rickperrynot.com  – buryperry.com  -  CareerPolitician.com

Rick Perry WebSites by Obama

americansagainstperry.com  – stickittorick.com

Read More ..> http://www.theatlanticwire.com/politics/2011/10/mitt-romneys-cyber-war-rick-perry/43807/

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
10/20/11

Anonymous Is Interested In PLC’s & SCADA?

From Infosce Island this great article came up this is gAtOmAlO’s 2 cents on it.

https://www.infosecisland.com/blogview/17479-Anonymous-SCADA-Lulz-DHS-and-Motivations.html

Anonymous has shown that it’s MO is just trash and dump to brag & “the lulz”, nothing more nothing less. That anyone can attack a SCADA and say it’s Anon I just don’t think it would work. As their arrest have shown these are mostly kiddies except for the leaders Sabu (later covered). Yes an attack on SCADA can be tried by any bad Nation actor but if caught it would set a precedence for what kind of attacks are OK for any Nation to try. The United States weighed launching a cyber-attack to disrupt Libyan air defenses before the start of an air campaign but they stopped because it would set a level of expectation in any forward coming battle.

Anon -or- Occupy Wall Street - gAtO -sMiLe

As to skills from the Anon’s YES they can. These kiddies are focused and they have no lives except online. Just like if you give a kid a guitar they will play it while in the toilet until they get that riff or note. Now some of the Anon are adults and these are the more astute in who, what & were to attack but the basic skill set is there. If you can learn Phython, ruby -Rails you can learn Step7 commands.

As to Sabu I really think he was a spook or a professional. How you can get that level of talent in a crewz and still command respect from a bunch of young people that took talent and he is still free.

That someone (bad actors) may try it, possible but I think just like you said it’s not there MO to do this. It would be bad for the movement and if someone does attack and then blames them. Well I think that the Anon’s will get really mad and do some damage. Some of these kiddies as I called them are growing up and they understand that maybe they did something right or good. Maybe they just think that they can make a difference. I know that Security people are being hired left and right because of this so for some it good. Remember FEAR will get you budget $$$ that may be why DHS is doing it.

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
10/14/11

Cyberspace the Class-Warfare Equalizer

Cyberspace is the Class-Warfare Equalizer | Occupy Wall Street Online Movement 

Occupy Wall Street (OWS), The Arab Spring these are the events that cyberspace brings today via computers, smart-phones and game consoles. I read “If you want to change the world start with yourself” and as a society we have changed or been force to change because of our technology.

To the Occupy Wall Street movement, the establishment (the 1%) say -There all anarchist, no direction.

They are a just a bunch of smelly (patchoulihippies, a bunch of English majors that have nothing better to do, Startbuck-sipping, Levi-clad, I-Phone clutching protesters denouncing Corporate America.

Smelly Hippies -Woz and Steve -aPpLe aNyOnE

They should just get a job and stop this nonsense. The 1%’er don’t realize that if they had a job, they wouldn’t be protesting. If they had a job that payed a living wage, they wouldn’t be protesting. This is only the beginning of the new revolution(same old) in cyberspace.

Organizations see insider threat everywhere – I wonder why? 

2011 will be know for the year that hacktivist were born. Remember (in the old days) everyone saying W W W. “Dub,Dub,Dub_xxx . com” (1990) the same year that “The Simpson -Bart- Homer, Marge, Lisa” started. I used “xxx-dot-com” because the porn industry really began the revolution. Some may argue but distribution of naked pictures was the first business model, for a web application, and it worked and it made lot’s of $$$ money.

Next came the Internet, I remember my buddy took a new job in Seattle, with what was called push-technology (1995) the next killer web-app. What a concept instead of people looking for websites to see what was new-(more naked pictures), we developed a way to “push information” out to people. As more and more information was connected to the internet, it brought many new changes like, “searching for information”. Microsoft said at the time “no one can make money just  by searching for information”… old Billy.G boy ate his words a few years back when Yahoo and Google broke the trend and made money. Google is now a verb and a noun, Billy.G is just rich.

Let’s get back to cyberspace, the 1% also said, These indignant indolence saddled with their $50,000 student loans and English degrees.

Their lack of gainful employment is rooted in the malice of the millionaires, to the applause of Democrats suffering acute Tea Party envy.

Republicans-Democrats, here we have it folks, the 1%-ers finally see it, and their scared. The millionaires senators and congressman cannot only help their millionaire friends exclusively any more. The people finally get it. In cyberspace we the people have the power to change things. Look at President Obama -I voted for him, but he is a disappointment to most liberals. Why? Either he has joined the club or it’s so bad, there is nothing we can do. Have the rich corrupted the system so bad, that to fix America, America will all fall apart. I think not. Cyberspace is here to stay and save the day- just like Mighty Mouse.

uscyber labs - Cyberspace controls kinetic devices

Cyberspace controls kinetic devices

This is what cyberspace is all about. Giving freedom of speech all over the world to the people. That’s very powerful, the ones in power (1%) know it. That’s why they are screaming so loud now. It has given the people the chance to take an active part in democracy, in decency, in caring about and helping each other -one American to another American. Cyberspace has made freedom a world wide thing and Occupy Wall Street is the new movement in cyberspace that will change the world for the better, I hope.

I  believe that Americans, cyberspace and the “Occupy Wall Street movement” all over the country show’s what “the people” can do with cyberspace for a better America and world. Cyberspace is the Class-Warfare Equalizer

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
09/29/11

Man-In-the-Middle Remote attack Diebold Voting Terminals | Hack-a-Vote?

Man-In-the-Middle Remote attack on Diebold Voting Machine.

Elections are coming real soon! Hack-a-Vote?

The cost of the attack that you’re going to see was $10.50 in retail quantities,” explains Warner in the video. “If you want to use the RF [radio frequency] remote control to stop and start the attacks, that’s another $15. So the total cost would be $26.

 ”This is a national security issue,” VAT team leader Roger Johnston told me, echoing what I’ve been reporting other computer scientists and security experts telling me for years. “It should really be handled by the Department of Homeland Security.” ”The level of sophistication it took to develop the circuit board” used in the attack “was that of basically an 8th grade science shop,” says Argonne’s John Warner. “Anybody with an electronics workbench could put this together.”

Read More …> http://thehackernews.com/2011/09/man-in-middle-remote-attack-on-diebold.html

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
08/18/11

Cyber Team for Cyber Warfare

A cyber attack is simply defined as someone is in your system doing something you don’t want then to do. Differentiating between attacks that is design to destroy rather that espionage makes no difference. Our military is on one hand fighting the cyber attackers and with the other fighting congressional budgets and the global media. This is a no win situation for everyone and while we fight and bicker the enemy is hacking us and getting military secrets and intellectual property that will defeat us if we do not do something fast.

The answer is once again simple. Find the best cyber hackers in America. The good anti-hackers are hackers that do not have a perfect service records, they are not good at talking face to face with people, these folks do not think inside the box and if you think they will do push-ups think again, and usually were victims of bulling so they turn to computers and learn to fight with their minds not their fist.

US Cyber Labs- Cyber Team Diagram

US Cyber Labs- Cyber Team Diagram

Base by base, department by department this team needs to work over your security just like a bad guy. After they find the security holes and make everyone feel bad for having such pours security despite all the their topic-appropriate badges and certification it time for this group to move on.  Don’t let this team hang around and become friends they need to just do one thing and that is to hack you. This team needs to be free of anyone going after them or getting a general or congressman mad.

Once the weaknesses have been identified you need a different team for remediation, to go in and fix the problems and train the people that do the regular day-to-day operations.  Remember in the military things are very rigid, by the book. Well to hackers rigid security is laughable most of the time and if you hack one site then the next site will be a lot easier since they all follow the same game plan.

Last but not least after your Alpha Team goes and hacks you have them start on the enemy. Let them go at China, Russia or anyone else and let them find out what others are doing right and wrong. This will give you a better understanding of the enemy’s capabilities and we can learn how to counter what they throw at us.

Don’t be surprised if these teams get back to you via email, twitter or IM. They don’t really like to talk to people in person anyway.  Below are some notes I made for a cyber team and their functions it’s a .01 draft so it’s still very primitive.

How can we build a cyber team for cyber warfare let’s look at talent not the rigid military structure to foster the hacker mind set. Remember the movie” Men who Stare at Goats” these teams will be unconventional just like Seal Team Six but without all the muscle.

Note to Myself for Cyber Team: - In-House Intelligence Cyber Security Team –

The Team Must Identify Process Which Assesses Risk to the Environment

Monitoring:

  • Compile Hacker Channels to your industry. Social Networks, Twitter, IRC
  • The Team can monitor activity over hacker channels for the bad guys.
  • The Team will spend time analysis cyber-chatter.
  • The Team will conduct assessments and make reports.

Once the Monitoring team has done its job and made reports. Management of the Monitoring Team can do assessments and assess what to do from that perspective.

Intelligence Cyber Security Team

Defense – we have the tools and controls in place to look at activity within our environment

Defense

  • Team identifies a real risk
    • Process Which Assesses Risk to the Environment
    • We look at our threat profile
    • We look at our countermeasure profile
    • We look at what’s called our ‘impact profile’.

The threat profile, the countermeasure profile and the impact profile are assessed all the time.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://ChinaCyberWarfare.wordpress.com

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
08/10/11

Hong Kong Exchange Hacked | Payback For -Operation Shady RAT

Hong Kong is a special administrative region of China. When someone goes for the Money Shot like this, it looks like a nation state to me. Maybe a message for ”Operation Shady RAT.”. Call this a shot across the bow China. Good Cyber Shot U.S.

Seems like the McAfee is getting in the U.S. viewfinder.In a letter to Dmitri Alperovitch, vice president of threat research for McAfee and author of the report, Bono Mack requested a briefing with his research team and asked how the government and private sector could more effectively mitigate data breaches. Representative Mary Bono Mack, chairman of the House Commerce subcommittee with jurisdiction over cybersecurity, said she was alarmed by the report on a slew of cyber attacks that McAfee has dubbed “Operation Shady RAT.”

Operation Shady RAT is an eye sour for the U.S government and China now is telling us that we should decrease our military and reduce social programs. China is telling us how to be more financially prudent. Well I think someone in high places just kicked China in the cyber financial teeth….

 

mEoW – gatoMalo

Read More>>> http://chinacyberwarfare.wordpress.com/2011/08/10/hong-kong-exchange-hit-by-hackers-good-cyber-shot-u-s/

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit