Cyber Brief - 3/26/12

This Week’s Top Stories

U.S. NUCLEAR ARSENAL FACES HACKING BARRAGE

The U.S. stockpile of nuclear weapons is under constant bombardment from hackers, according to Thomas D'Agostino, head of the National Nuclear Security Administration. In response, the agency is looking to increase its cybersecurity budget from about $126 million in 2012 to $155 million for 2013. The millions of daily hacking attempts originate from foreign governments as well as non-state actors, he said. In April of last year, hackers successfully breached the Department of Energy's Oak Ridge National Laboratory and stole several megabytes of data.

Cybersecurity expert Adam Segal says it is highly unlikely that hackers would be able to launch a nuclear weapon remotely because such sensitive systems are "airgapped," or detached from the internet. However, he notes the Stuxnet worm that struck an Iranian nuclear facility in 2010 provides a cautionary tale for relying on this method of security. (U.S. News & World Report)

CYBERWEAPONS TO BE DEPLOYED TO U.S. COMBATANT COMMANDS

Offensive cyber weapons that have traditionally been centrally housed at U.S. Cyber Command (CYBERCOM) are being distributed to regional combatant commanders as part of a new posture on deployment and deterrence, according to written testimony from the chief of CYBERCOM, General Keith Alexander. The move will allow regional commands greater access, faster response times, and the ability to align kinetic force with cyber capabilities. At this point, U.S. Central Command (Middle East) is the only region with a completely operational cyber element, while Pacific Command has partial integration. DOD expects this capability to be deployed at Africa Command and Southern Command within the next six months. (Defense News)

SARKOZY TO CRACKDOWN ON HATE WEBSITES

French President Nicolas Sarkozy announced plans to make it illegal for people to consult with websites that promote terrorism or hate crimes. The statement followed the police shooting of an al Qaeda-inspired gunman, Mohamed Merah, who had killed seven people in southwest France. President Sarkozy also vowed to go after those that go abroad for ideological indoctrination, and said his government would investigate whether French prisons were being used to incubate extremists. (Reuters)

ON THE HILL

Foreign Internet Freedom: A House subcommittee is set to vote on legislation this Tuesday that would prevent U.S. companies from helping foreign nations obstruct internet freedom. The Global Online Freedom Act has received new attention given recent events in Syria and Egypt. (The Hill)

Privacy Practices: In an effort to promote greater transparency in privacy matters, two House Democrats, Waxman (D-CA) and Butterfield (D-NC), requested details from thirty-four application developers—including Twitter and Facebook—on how they collect and employ user data. (Wired)

Counterterrorism Data: The White House is seeking to increase the length of time the government can store data about citizens gathered for reasons other than national security. The move, which would also permit extensive mining of this data, would increase this period from 180 days to five years. (NYT)

The Cybersecurity Debate: This article from NPR discusses the Lieberman-Collins legislation being debated on the Hill, and whether its mandates are "heavy-handed" or necessary measures to prevent a crippling cyberattack on critical U.S. infrastructure, such as the power grid. (NPR)

COURTS

Megaupload: The Motion Picture Association of America has asked a federal judge to maintain data on the 66 million users of the defunct file-sharing service Megaupload. The MPAA says it might need that information to sue Megaupload and others for copyright infringement. (Wired)

Celeb Hacker: A Florida man accused of hacking into celebrities' email accounts to steal and distribute nude photos of his victims agreed to plead guilty to federal charges. Christopher Chaney was arrested last October after an 11-month investigation by the FBI. (Reuters)

The FBI & GPS: The FBI says the Supreme Court's ruling in U.S. v. Jones, which said GPS tracking of a suspect's automobile requires a warrant, will inhibit a practice that has been "tremendously beneficial." The Bureau had to turn off some 250 out of roughly 3000 devices after the ruling. (NPR)

Rent-a-Fraud: Dmitry Naskovets, a Belarusian who ran a "rent-an-accomplice" website for bank thieves, has been sentenced in a New York Southern District Court to nearly three years in prison. He pled guilty to helping some 2,000 identity thieves commit more than 5,000 acts of fraud. (Wired)

HACKERS

Foreign Spies: The Pentagon says its cybersecurity should focus on protecting data rather than controlling access, according to Senate testimony. Such a posture would develop a strategy based on the assumption that foreign spies have already infiltrated U.S. military networks. (BBC)

Canuck Vote:  An attempted cyberattack was able to delay the national vote for the leader of Canada's New Democratic Party. However, the voting system itself was not harmed. (Winnipeg Free Press)

Hong Kong Poll: A mock poll for Hong Kong's chief executive was disrupted by a cyberattack that bombarded the website with millions of clicks, denying access to users. (BBC)

LulzSec Returns?: Ars Technica reports that the hacking community Anonymous is attempting to revive its LulzSec affiliate after the recent arrests of top members. Anonymous posted a YouTube video claiming a new hacking campaign will begin April 1. (Ars Technica)

Caribbean Target: Most Caribbean governments and businesses underestimate the threat posed by hackers, reports Dominican Today. While great efforts have been made to increase web access, little has been done in many jurisdictions to protect this infrastructure. (Dominican Today)

REPORTS

Verizon: Hacktivists were responsible for over half the data stolen last year, according to Verizon's annual Data Breach Investigations Report. 98 percent of cyberattacks on companies were perpetrated by outsiders, of which 86 percent were profit-seeking criminal groups.

GAO: The Government Accountability Office says that agencies involved with national security need to do more to protect their IT supply chains. Enemies could implant malware to secretly pilfer, erase, or alter data on those systems, even controlling them remotely.

EDITORIALS AND MUST READS

Esther Dyson on the closing of the Web: Is the internet in the process of being closed by web giants such as Google, Apple, and Facebook, asks Dyson for Project Syndicate. "The Web’s openness or closure is not a matter to be settled once and for all, but rather a fluctuating situation," she writes. "The great thing about Internet companies is that they, unlike governments, can be relatively easily deposed. They cannot outlaw competition, and, though they can engage in anti-competitive practices and filter content for their users, eventually consumers and startups fight back."

Paul Rosenzweig on Cybersecurity Legislation: The current cybersecurity legislation up for debate in Congress needs to have an international component, writes Rosenzweig for the Lawfare blog. "Much of American critical infrastructure is interconnected with Canadian counterparts.  Most notably our electric grids," he says."Cyber is a borderless domain. The insight today is that so are at least some of critical infrastructures dependent on cyber."

Quentin Hardy profiles investor Gilad Elbaz: "In the booming world of Big Data, where once-unimaginably huge amounts of information are scoured for world-changing discoveries," writes Hardy for the New York Times, "Mr. Elbaz may be the most influential inventor and investor." Elbaz has interests in dozens of big-data startups, and has launched his own company, Factual, which is trying to identify every fact in the world.

Ross Andersen on how cyber and drones are changing warfare: "In today's democracies politicians are obligated to explain, at regular intervals, why a military action requires the blood of a nation's young people," writes Andersen for the Atlantic, whereas "wars waged by machines might not encounter much skepticism in the public sphere." In an interview with Mariarosaria Taddeo, a Marie Curie Fellow at the University of Hertforshire, Andersen discusses the moral implications of information warfare.