Fordham Law School banner photo


Cyber Brief - 2/6/12

This Week’s Top Stories

ANONYMOUS TAKES AIM AT FBI

The global hacking group Anonymous eavesdropped on a January conference call between the FBI, Scotland Yard, and other international law enforcement agencies discussing the investigation of the group and its affiliates. Anonymous released a recording of the call on the web and taunted the FBI via Twitter over the breach: "The FBI might be curious how we're able to continuously read their internal [communications] for some time now." The FBI played down the ingenuity of the crime, noting that the perpetrators had not compromised FBI networks, but intercepted an email containing the call information from a foreign police official to a private email account. Anonymous said it committed the act as part of a string of similar actions targeting international law enforcement. (NYT, LATimes, WSJ)

Anonymous also threatened to leak a massive trove of emails related to the deaths of twenty-four civilians during a 2005 U.S. raid in the Iraqi town of Haditha. The hacker group claims to have stolen the information from Puckett Faraj, a law firm representing one of the U.S. Marines implicated in the Haditha case. (WashPost, Atlantic)

Hackers claiming an association with Anonymous also took credit for crippling the websites of Citigroup and Citibank on Friday. While services of the websites were suspended by the action, company officials say no client information was compromised. The incident is linked to a series of attacks by Anonymous on several Brazilian banks. (NYT)

POLICY

House: Three bills related to cybersecurity are currently working their way through the House of Representatives. One, sponsored by Rep. Dan Lungren (R-CA), deals with multiple cybersecurity issues and creates a new information sharing organization. Bill is still in committee. (H.R. 3674)

A second, sponsored by Rep. Mike Rogers (R-MI), also deals with information sharing; and some suggest it may end up competing with the Lundgren legislation. Bill is also in committee. (H.R. 3523)

And a third, sponsored by Rep. Michael McCaul (R-TX), focuses on cybersecurity research, development, and technical standards, and is seen as non-controversial. Bill was reported to full House. (H.R. 2096)

Senate: A so-called "comprehensive" cybersecurity bill is expected to be introduced any day in the Senate. The legislation is likely to deal with a spectrum of issues including FISMA reform, governmental authorities, critical infrastructure protection, R&D, information sharing, and data breaches. (NextGov)

Legal Insight: Lawfare blog previews some of the central issues that will be up for debate in the forthcoming cybersecurity legislation including information sharing, regulatory structure, and criminality. (Lawfare)

East v West: The gap between Western states and Russia and China with regard to an international agreement on cyberspace "norms of behavior" may be widening. Issues of internet freedom and the theft of commercial property remain primary bones of contention. (Reuters)

HACKERS

VeriSign: The network infrastructure giant VeriSign was the target of repeated hacking in 2010, according to its SEC filings. Stolen data could allow hackers to direct people to faked websites and intercept emails. The origin and extent of the attack are still unknown. (Reuters)

SEC Filings: At least six major U.S. corporations whose networks have been breached by cyber criminals have failed to report the incidents in the regulatory findings, despite new guidance from the SEC on the matter. (FiscalTimes)

Commerce Dept: The U.S. Commerce Department says one of its job-development agencies was the target of a computer virus that required a ten-day suspension of web connectivity. Authorities do not know who perpetrated the attack or whether any sensitive material had been stolen. (WashPost)

THREAT ASSESSMENT

In House testimony, FBI Director Robert Mueller said he expects "the cyber threat will equal or surpass the threat from counter terrorism in the foreseeable future." (CBS)

In Senate testimony, National Director of Intelligence James Clapper raised concern over cyber threats from foreign intelligence agencies, including Iran, China, and Russia. (FierceGov)

NATO officials are unprepared for an attack on the organization's digital networks, according to Wired's "Danger Room" blog. The transatlantic security alliance is uncertain what threshold of cyber attack would warrant a response and unsure what that response would be. (Wired)

A Bloomberg Government study found that the organizations responsible for the nation's critical infrastructure such as power, water, and financial systems, would have to spend nearly nine times as more on cybersecurity in order to prevent a catastrophic attack. (Bloomberg)

EDITORIALS AND MUST READS

Nate Anderson profiles Anonymous: The hacker collective known as Anonymous has become a formidable actor in global politics, writes Anderson for Foreign Policy, but what are their objectives and how should government respond? "While governments can hardly countenance disorder and vigilantism on the Internet," he says, "they might more productively reach out, at least rhetorically, to Anonymous and similar movements, emphasizing shared values and encouraging innovative online dissent and activism through legal channels."

Christopher Caldwell talks privacy: The Supreme Court's majority opinion in United States v. Jones, which ruled that a warrant is required to GPS track a suspect, is problematic because justices could not agree on why tracking citizens should be a problem under the Fourth Amendment. Scalia's emphasis on the government's trespass of private property (police broke into the car to install the device) implies that as long as physical property is not violated, such police surveillance is constitutional, writes Caldwell.

Mark Zuckerberg discusses "The Hacker Way": In his letter to potential investors, the Facebook founder and CEO outlines the company's social mission noting that, "we don’t build services to make money; we make money to build better services." Facebook's "hacker culture" encourages continuous improvement and innovation often through multiple iterations before everything is right. He says Facebook's hacker mantra, "Code wins arguments," places a premium on the implementation of ideas versus idle talk.