Mirror, Mirror, on the Wall, Who’s the Hackiest of Them All?

/25 Comments/in /by

ClapperHere are some excerpts from the Global Threats report pertaining to the cyber threat.

We assess that computer network exploitation and disruption activities such as denial-of-service attacks will continue.

[snip]

… many countries are creating cyber defense institutions within their national security establishments. We estimate that several of these will likely be responsible for offensive cyber operations as well.

[snip]

Critical infrastructure, particularly the Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems used in water management, oil and gas pipelines, electrical power distribution, and mass transit, provides an enticing target to malicious actors. Although newer architectures provide flexibility, functionality, and resilience, large segments of legacy architecture remain vulnerable to attack, which might cause significant economic or human impact.

It’s as if the intelligence community called up NSA and CyberCommand, asked what they had been working on, and then “assessed” that those targets presented threats going forward.

And while I expect that China commits what would be judged the largest number of hacks (in part because much of the information we steal right from the communication backbone they would have to hack to get), the inclusion of SCADA in the list of vulnerabilities is particularly rich, considering we are believed to have pioneered that kind of attack with StuxNet.

Again, I’m not denying these other entities hack (the unclassified version of the report left off Israel and France, as unclassified versions tend to do). Just that we continue to exhibit no awareness that some part of this threat amounts to our genie blowing back in our face.

image_print
25 replies
  1. Don Bacon says:

    Clapper:

    We estimate that several of these will likely be responsible for offensive cyber operations as well.

    Well yeah, this is what the US is doing, offensive actions either now or later when deemed necessary. So I guess this genius’s “estimate” is right on.

    Infrastructure analysts like Snowden are not just looking for electronic back doors into Chinese computers or Iranian mobile networks to steal secrets, or to shut down their systems. They have a another purpose: building a target list in case American leaders in a future conflict want to wipe out the computers’ hard drives or shut down the phone system.

    For example, the whole US defense (i.e. offense) system, say in Asia-Pacific, depends upon GPS. Does anyone NOT “estimate” that China could shut down GPS in an emergency?

  2. joanneleon says:

    Alexander and DiFi were hyperfocused on getting the new cybersecurity laws, so afraid that it’s now politically impossible to get even more authority for the NSA. And it probably is pretty impossible unless you can sneak it into humongous bills or into some horrific deal the Democrats cut in a sort of dire emergency when you’ve allowed food stamps to be gutted, let people suffer by not extending unemployment, and things like that, and then say ‘well we had to do it’.

    Or maybe you play a little offense to scare people.

    And if history is any gauge, they’re probably trying to get legislation to justify things they have already built and are already doing with no legal authority. If anybody is nervous about illegality it’s the private companies they’re probably “information sharing” with already.

    To what lengths will they go? And yes, what you’ve pointed out is hilarious in that gallows humor kind of way. A threats assessment of dangers that you created, to some large extent, and frankly I think it goes even further than that. Hell, we are, right now, arming both sides in the fighting in Syria/Iraq. Beyond craven. Out of control.

  3. ApacheTrout says:

    This report was published with information as of January 15, just six days after the Elk River chemical spill by Freedom Industries. The spill, which continues to poison the drinking water of at least 300,000 people, was the result of industrial neglect. There are numerous examples where the physical and economic destruction caused by industrial neglect (see San Bruno gas explosion 2010, West Fertilizer plant explosion April 2013, just for starters, edit – almost forgot the BP Deep Horizon oil spill in the Gulf of Mexico!) was far greater than the damage from terrorism. Yet nothing in this report mentions this as a threat to “American lives and America’s interests anywhere in the world.” Remarkable tunnel vision on the part of our government.

  5. thatvisionthing says:

    ew: It’s as if the intelligence community called up NSA and CyberCommand, asked what they had been working on, and then “assessed” that those targets presented threats going forward.

    @joanneleon: And yes, what you’ve pointed out is hilarious in that gallows humor kind of way. A threats assessment of dangers that you created, to some large extent, and frankly I think it goes even further than that.

    http://www.correntewire.com/in_the_wonky_weeds_with_marcy_more_on_obamas_spy_speech_three_days_later

    Marcy Wheeler: And so they’re trying to kind of develop this Panopticon within U.S. networks. And that’s the solution they want to come up with to defend our networks, rather than, by the way, increasing encryption and security and everything like that. And the reason they don’t want to do that is because it makes their spying harder. So it’s this circular issue, and I think it’s a dangerous circular issue because basically the NSA is making us less safe with what it’s doing with encryption, and then having made us less safe, it’s insisting that it needs to be able to police U.S. networks in a more intrusive fashion because it’s made us less safe.

    http://www.nakedcapitalism.com/2014/01/real-state-union.html

    Hugh’s State of the Union: There is the War on Terror with its endless, pointless mini-wars and drone strikes. It is the epitome of self-licking ice cream cones, producing more terrorists and anti-Americanism than it eradicates.

    Yes, yes, yes, yes. You’d think we’d learn. If we wanted to.

  6. P J Evans says:

    @ApacheTrout:
    San Bruno wasn’t neglect, it was straight-up negligence. In several different ways. (I’ve read the NTSB report, and the report of CPUC’s expert witness on recordkeeping. Where I worked, we were looking at this stuff and going ‘they did that? they did what? OMG, are they that fucking clueless?’)

  7. Frank33 says:

    False Flag Cyber Terror Theatre coming to a Computer near you. Sponsored by Google, Microsoft, Koch Industries, James Clapper and the NSA.

  8. ApacheTrout says:

    @P J Evans:
    I consider all industrial neglect intentional. Whether it was done by specific order (i.e. don’t fix that….) or by callous indifference (I’ll take home the pay, let the next CEO be responsible for hiking the maintenance budget and reducing shareholder profits by a penny), it’s one and the same.

  9. Michael Murry says:

    Clapper’s Claptrap Catches The Clap

    Clapper on the inside
    Clapper on the outside
    Clapper in the crapper smooching
    Clapper’s boss’s backside

    Clapper lying one day
    Clapper lying next day
    Clapper lying any day that
    Clapper gets a pay day

    Clapper’s cushy satrap
    Clapper spouting claptrap
    Clapper rapping pure crap till
    Clapper caught his own clap

    Michael Murry, “The Misfortune Teller,” Copyright 2014

  10. john francis lee says:

    Looking at the smiling, lying face of the Director of National Intelligence, James Clapper at the top of this bit reminds me of just who it is who are the traitors in the Land of the Free and the Brave.

    Snowden-Interview in English

    You started this debate, Edward Snowden is in the meantime a household name for the whistleblower in the age of the internet. You were working until last summer for the NSA and during this time you secretly collected thousands of confidential documents. What was the decisive moment or was there a long period of time or something happening, why did you do this?

    I would say sort of the breaking point is seeing the Director of National Intelligence, James Clapper, directly lie under oath to Congress.

    There’s no saving an intelligence community that believes it can lie to the public and the legislators who need to be able to trust it and regulate its actions.

    Seeing that really meant for me there was no going back.

    Beyond that, it was the creeping realisation that no one else was going to do this. …

    If I am a traitor who did I betray?

    I gave all of my information to the American public, to American journalists who are reporting on American issues.

    If they see that as treason I think people really need to consider who do they think they’re working for.

    The public is supposed to be their boss not their enemy.

    Beyond that as far as my personal safety, I’ll never be fully safe until these systems have changed.

  12. JTMinIA says:

    “And while I expect that China commits what would be judged the largest number of hacks …, the inclusion of SCADA in the list of vulnerabilities is particularly rich, considering we are believed to have pioneered that kind of attack with StuxNet.”

    During my day job, we call that projection.

  13. emptywheel says:

    @ApacheTrout: Right. And many of those same companies are the same ones the NatSec types are so worried about cyberattacks on.

    Thing is, if they’re not keeping up their physical infrastructure AND they’re not keeping up their cyberdefenses, the cyber aspect is not the problem.

  14. thatvisionthing says:

    @ApacheTrout: I love it when Harry Shearer reads the news on Le Show. From the Apologies of the Week @22:53:

    http://harryshearer.com/le-shows/january-26-2014/

    A former Halliburton manager apologized to his family and friends this week before a federal judge sentenced him to one year of…. probation for destroying evidence in the aftermath of the massive oil spill in the Gulf of Mexico four years ago. Anthony Badalamenti of Katy, Texas had faced a maximum of one year in prison after he pleaded guilty in October to… a misdemeanor count of destruction of evidence. He has to perform 100 hours of community service and pay… a thousand-dollar fine. He was the cementing technology director for Halliburton, BP’s cement contractor on the Deep Water Horizon drilling rig. Prosecutors say he instructed two employees of Halliburton to delete data during a post-spill review of the cement job on the blown-out well. The judge said the sentence of probation is very… reasonable in this case. “I still feel you’re a very honorable man,” he told Badalamenti. Badalamenti expressed remorse for causing undue stress… on his relatives and friends. “I’m truly sorry for what I did,” he said.

    Halliburton cut its own deal with the Justice Department, pleading guilty in September to a misdemeanor charge related to Badalamenti’s conduct. The company agreed to pay a $200,000 fine and make a $55,000,000 contribution to the National Fish and Wildlife Foundation.

    Four current or former BP employees also have been charged in federal court for spill-related crimes. One, Kurt Mix, was convicted in December of trying to obstruct the federal probe in the spill. Prosecutors said he was trying to destroy evidence when he deleted a string of text messages. He faces a maximum sentence of 20 years in prison and a $250,000 fine. Maybe he’s not on an honorable man.

  19. thatvisionthing says:

    @thatvisionthing: Oh hey, reading Snowden’s interview:

    When you are on the inside and you go into work every day and you sit down at the desk and you realise the power you have – you can wire tap the President of the United States, you can wire tap a Federal Judge, and if you do it carefully no one will ever know because the only way the NSA discovers abuses are from self reporting.

  20. john francis lee says:

    @thatvisionthing

    I changed the link once, when ard/google forced the first one down. Now they’ve forced the second one down as well. I don’t find anymore at youtube at present. I found a magnet link and downloaded the video myself, just so I’d be able to see it when it becomes a hazy memory. The ard site was inaccessible to me from the get go, I think you needed to ‘be in Germany’ to see it. Now, unwilling to allow people in other countries to see ‘their’ work the cowards/rentiers at ard/google have made it unavailable. If I were you I’d find a magnet link myself and download the whole thing. It’s probably the only way you’ll get to watch it, what with google’s crocodile tears and fingerpointing at ard. Google spelled backwards is NSA.

    Words are good. The transcript is faithful to the video content. Can’t touch the spoken word, of course. Maybe I’ll make an audio soundtrack. At about 0.5 gigabytes the video requires a good bit of bandwidth and storage … hell, you kids can all put it on your iPhones, can’t you?

  23. thatvisionthing says:

    @john francis lee: I saw the .mp4 magnet link but couldn’t save anything with it. I never have a clue. I don’t think I can do magnet or torrent, though I can find links for both. Vimeo had it and then took it down. So grateful for the transcript.

  25. Frank33 says:

    Our Idiot Secretary of State is worried about corrupt, wealthy oligarchs trampling the ambitions of people. The ultra wealthy Kerry is one of the oligarchs who is trampling on people and stifling political dissent.

    It is distrubing that these war profiteers, such as Kerry and his friends the Koch Brothers think we are so stupid not to notice.

    Secretary of State John Kerry has criticized what he calls a “disturbing trend” among governments in eastern and central Europe to “trample the ambitions” of their people.

    Speaking at an international security conference in Munich, Germany, Kerry said:

    “The aspirations of citizens are once again being trampled beneath corrupt, oligarchic interests — interests that use money to stifle political opposition and dissent, to buy politicians and media outlets, and to weaken judicial independence and the rights of non-governmental organizations.”

Comments are closed.