Share This

Showing posts with label Central Intelligence Agency. Show all posts
Showing posts with label Central Intelligence Agency. Show all posts

Sunday 2 December 2012

US building new spy wing to focus on Asia

12/2/2012
The Pentagon, in a major expansion of its intelligence gathering activities, plans to assemble an espionage network rivaling the Central Intelligence Agency in size, The Washington Post reported.

Citing unnamed US officials, the newspaper said that as part of the project, US military officials will send hundreds of additional spies overseas.

They also plan to overhaul the Defense Intelligence Agency (DIA) which has focused primarily during the past decade on activities related to the wars in Iraq and Afghanistan.

When the expansion is complete, the DIA is expected to have as many as 1,600 intelligence "collectors" around the world -- a major step-up for an agency whose presence abroad has not exceeded triple-digits in recent years, the paper said.

The total includes military attaches and others who will not work undercover, The Post wrote.

But US officials told the daily that the plan also includes deployment of a new generation of clandestine operatives to be trained by the CIA.

These new operatives are to work frequently with the US Joint Special Operations Command, but they will get their spying assignments from the Department of Defense, the paper said.

The Pentagon's top intelligence priorities are Islamist militant groups in Africa, weapons transfers by North Korea and Iran, and military modernization underway in China, the newspaper wrote.

Sunday 28 August 2011

Arab spring has created 'intelligence disaster', warns former CIA boss






Michael Scheuer says rendition should be brought back as lack of intelligence has left UK and US unable to monitor militants
Michael Scheuer, the former head of the CIA unit in charge of pursuing Osama bin Laden, said the Arab spring had ‘delighted al-Qaida’. Photograph: Murdo Macleod

The Arab spring has “delighted al-Qaida” and caused “an intelligence disaster” for the US and Britain, the former head of the CIA unit in charge of pursuing Osama bin Laden has warned.
Seal of the Central Intelligence Agency of the...Image via Wikipedia

Speaking at the Edinburgh international book festival, Michael Scheuer said: "The help we were getting from the Egyptian intelligence service, less so from the Tunisians but certainly from the Libyans and Lebanese, has dried up – either because of resentment at our governments stabbing their political leaders in the back, or because those who worked for the services have taken off in fear of being incarcerated or worse.

"The amount of work that has devolved on US and British services is enormous, and the result is blindness in our ability to watch what's going on among militants."

The Arab spring, he said, was "an intelligence disaster for the US and for Britain, and other European services".



Scheuer headed the Bin Laden unit at the CIA from 1996 to 1999, and worked as special adviser to its chief from 2001 to 2004. The author of a biography of Bin Laden, he now teaches on the peace and security affairs programme at the University of Georgetown.

He said: "The rendition programme must come back – the people we have in custody now are pretty long in the tooth, in terms of the information they can provide in interrogations.

"The Arab spring has been a disaster for us in terms of intelligence gathering, and we now are blind both because of the Arab spring and because there is nothing with which to replace the rendition programme."

 Newscribe : get free news in real time 

Monday 27 June 2011

The new anarchists - Are Hackers The 21st Century’s First Revolutionary Movement?






Hackers’ efforts to fight the power may lead to a backlash


Peter Steiner’s now famous cartoon for the New Yorker, “On the Internet, nobody knows you’re a dog,” first appeared in 1993 but didn’t, according to the artist, receive much attention until the Internet became more familiar to people. It was a rare instance of a cartoon doing what it’s not supposed to do, gaining relevance over time as people understand just how pithily it captured an essential truth. This, surely, elevates it to one of the most important cartoons in history (Steiner told the New York Times in 2000 that he felt a little like the person who invented the smiley face).

History has shown Steiner’s vision to be much too benign, and the cyber events of the past year — hacking and theft on the scale of 18th-century piracy — demand an update, perhaps along the lines of, “On the Internet, no one knows you’re China.” But even that may have been spoiled after the events of this week, which saw the appearance of an alliance between two groups of clandestine hackers, Anonymous and LulzSec, both of which have been implicated in numerous high profile security breaches.

In a statement announcing “Operation Anti-Security,” LulzSec declared that “the government and white hat security terrorists across the world continue to dominate and control our Internet ocean … we encourage any vessel, large or small, to open fire on any government or agency that crosses their path.”



This was accompanied by “an open letter to citizens of the United States of America” on Anonymous’ news site, which sounded uncannily tea party-ish in its call on Americans to “wake up” and take back their liberties from a corrupt government.

To judge from the reaction of some information security experts, the alliance was on the scale of Germany teaming up with Japan during World War II. Except by the end of the week, LulzSec was apparently calling it quits, alarmed, perhaps, by the arrest of an alleged member in Britain and the attempts by other hackers to expose their identities.

With subterfuge as the name of the info-war game, the virtual equivalent of smoke and mirrors makes it difficult to say what’s true and what might be misdirection, especially with organizations that are leaderless and decentralized. But here’s the upshot of this recent cycle of cyber shenanigans: On the Internet, one person’s freedom fighter is another’s terrorist.

Technological prowess has given hackers an extraordinary sense of political entitlement. It’s easy to theorize about how the world should work if your only engagement with it is through a computer and you’re in your teens or 20s. But weaponize your theories through hacking and you’re all but certain to lose the public, who will demand ever more stringent crackdowns and restrictive laws that, in turn, will push some hackers to even more extreme responses.

At the same time, the hacker collectives do possess a technological prowess that is beyond the imagining of most people, and with a deep understanding of how technology works, there is the privilege of insight. The explosive development of the Web raises serious, complex questions about ownership, privacy and freedom. And if these are ignored by politicians, or dominated by commercial interests, or dismissed by a mainstream media averse to complexity, then hacker frustrations will turn to direct action as a way of getting attention.

This is, after all, what non-governmental organizations and other advocacy groups do on a much more limited scale to promote their interests. (Still, it’s one thing to disrupt traffic with a protest march; it’s another to disrupt Internet traffic with a denial-of-service attack.)

The question is what kind of politics is this technology empowering? If you don’t acknowledge genuine concerns or even good faith in the info security community, if government is irredeemably corrupt, then you haven’t just abandoned politics, you’re anti-political; all that’s left is a war of attrition.

Oddly, the most useful insights on hacker culture may come from a re-engagement with the politics of anarchism, as noted in a review of new books on the subject in the summer issue of BookForum by Columbia historian Mark Mazower. While Mazower makes a mistake, in my view, in seeing revolutionary politics as still being mediated through academic leftism rather than through technology, his point — that the anarchist theories of the 19th century are more relevant than Marx to explain the present political conditions — is timely.

Anarchism’s combination of individual commitment, ethical universalism and deep suspicion of the state as a political actor mark it out as the ideology of our times,” writes Mazower, before ending his piece with the claim that “we are all anarchists now.”

But we’re not. We are disenfranchised because today’s anarchism belongs to the hackers — and they have the means to make much better bombs. Whether the alliance between LulzSec and Anonymous was ever real or not, it defines the new ideological reality of our times: the network as an emerging anarchic state actor. Whether we like it or not, this politics of technology forces us toward libertarianism, to maximal freedom, because the alternatives — anarchy and control — are dancing toward disaster.

Newscribe : get free news in real time

Saturday 18 June 2011

Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!





By HARIATI AZIZAN sunday@thestar.com.my

Some do it for fun or fame, others to make a political statement. But a bigger number of hackers are now doing it for money.

THEY brought down the CIA website and attacked Sony, Nintendo and a few tech companies with links to FBI and the US Senate. They wanted to expose the online weaknesses of these entities, “for the Lulz”, they bragged.

But what is grating the American authorities and security experts most about the group who carried out the cyber attacks, Lulz Security, an offshoot of the notorious activist hacker group Anonymous, is that they used basic hacking “tools” available for free online.

One irate network security expert, Paul Ducklin of Sophos, even branded them “a bunch of schoolboys” who did something as intellectually challenging as “boasting in the playground about who's got the hottest imaginary girlfriend”.

 
Beware: A hacker group threatening to attack Malaysian government websites.

It sounds like sour grapes to me, laughs a local IT student and part-time hacker who only wants to be known as “W”.

“This is the democratisation power of technology; it is now easy for anyone to start hacking,” he says.

Technological advancement has inadvertently lowered the bar for hacking, concurs Nigel Tan, the Asia-South principal consultant at online security company Symantec Corporation (Malaysia).

“In the past you have to write the programme yourself. Now there are toolkits available online, and you can create your own malware easily using these toolkits,” he says.

Symantec believes that the availability of these kits are likely responsible for the increase of malicious attacks on the Internet.

As its recent Internet Security Threat Report showed, there were more than 286 million new cyber threats last year, compared with 120 million in 2008.

But you don't really need statistics to show how rampant cyber attacks are growing.

Since last December, the world has been bombarded by a flurry of hacking incidents the highest-profiled possibly being the hacking of PayPal, MasterCard, and Visa by Anonymous in support of WikiLeaks' Julian Assange.

In March, the database of marketing group Epsilon was rampaged and millions of email addresses were stolen. In April and May, Sony's PlayStation network was attacked, more than once, exposing some 77 million users' data.

And in the past three weeks, the security of the International Monetary Fund, CitiBank, the Spanish police, Google, the CIA and our own government websites was breached.

While many of the hackers prefer to remain in the dark corners of the Internet, there seems to be an increase of groups like Lulz and Anonymous who want to grab their 15 minutes of fame for their hacking activities.

New breed

In their claim to fame, Lulz went as far as to open up a hotline to get public suggestions for their next target. The hotline number is said to spell out LULZSEC and callers are reportedly greeted by a male voice heavily tinged with a French accent, which then apologetically explains that “Pierre Dubois and Francois Deluxe” are unavailable because they are “up to mischief on the Internet”.

The group is obviously relishing the limelight, publicly taunting the authorities, not even bothering to hide (or purposely exhibiting) their telephone area code.

Despite their pop cultural references they use the Guy Fawkes masks popularised by the comic book and movie V for Vendetta for their public image Anonymous is less playful.

The “hacktivist” group's activities are self-proclaimed as acts of political activism. In its attack on the Malaysian government websites, for instance, Anonymous announced that it was a protest against the Government's decision to block a few file-sharing websites, which they claim is an infringement of Malaysians' human rights.

The open stance aside, the real identities of these two groups are difficult to detect, as international security personnel who have been tasked to trace them are discovering.

Anonymous, which has been around for almost a decade, for one, is a loose group made up of an indefinite number of members.

As one admirer was quoted: “If you claim you are a member of Anonymous, then you are a member.”

There is a cautionary tale on the web of how one man, HBGary Federal chief executive officer Aaron Barr declared war on Anonymous, only to find himself at their mercy.

In February, Barr had claimed that he had successfully uncovered the real identity of the group's top honchos and announced that he would expose them. Before he knew it, his website was hacked and his database compromised. Important files were deleted while his phone system was crosswired.

Anonymous also took control of the company's email, leaking confidential business emails and dumping thousands of others. The whole attack cost HBGary Federal million-dollar losses and he retracted his claims.

As Anonymous announced later, the company was taken down by five of its members, which included a 16-year-old girl, another slap in Barr's already burning face.

A young Malaysian hacker who only wants to be known as Ahmad shares that many of his peers look up to Anonymous not only because of their political activism but also their technical prowess.

Says the IT student, “It is now easy to hack into different systems, but it is not easy to cover your tracks. Anonymous is master at it.”

Ahmad, however, concedes that he finds it strange that Anonymous has targeted Malaysia. “Sure, they have clearly stated their intentions, but I am still trying to wrap my mind around what it has to do with them. Why is Malaysia important to them?”

W believes that the web may be the final frontier for activism, as promoted by Anonymous and the growing breed of hactivists. “In the last few years, the Internet has been a useful tool for activists to get their message out and to mobilise supporters. Maybe now it is time to carry out their activism campaign in cyberspace itself.”

When asked if he had taken part in the recent Anonymous-initiated cyber attack on Malaysian government websites, Ahmad profusely denies any involvement, but he admits that he and his friend have hacked into other websites before.

“We like to challenge each other, as a test of our IT skills. Many of us do it for fun, just to see if we can get in. We don't steal the data or do any other harm. We have also hacked for classroom lessons' after being assigned tasks of hacking into a few websites to learn about cybersecurity,” he reveals.

For many young hackers, he says, many do it to get noticed by security firms.

“It is still a new area and there are not many professional' hackers those who work with security firms to hack into their systems after they install it to ensure that the systems are really secure. Then there are companies who hire hackers to test the security of new programmes. Our hacking activities are like our auditions or resumes,” he shares.

Symantec's Tan, however, alerts that while these so-called harmless “fun hacking” and hacktivism activities appear to be growing, a bigger number of hackers are doing it for money lots of it.

“I believe that in the last few years, there was a major shift in hacking those who are doing it for fame or fun have decreased. Now hackers are doing it for money. It is big business. Those who are making a big noise are the minorities; more prevalent are those who are involved in the underground economy activities. They are more quiet and targeted in their attacks and would rather keep below the radar so that they can continue their work longer,” he cautions.



Who do the anonymous hackers represent?

THE STAR SAYS

THE flap over the hacker attack of the Malaysian Government's portal has come and gone as swiftly as the click of a mouse.

However, the scale of the problem and the magnitude of the issues around it remain considerable.

To avoid unnecessary confusion, it is important to spell out the issues at stake before dwelling on the justness or otherwise of any particular motive.

In this specific instance, the hackers in the collective international identity of Anonymous had targeted the official websites of a sovereign nation.

Since it was not an attack on a political party or individual personalities but on an entire country's online representation, the hackers are culpable of anything from vandalism to subversion.

The attack was also not against any sinister policy of the Government but rather against its obligated move to block file-sharing websites that allow unlawful downloading of films and music.

Thus Anonymous is merely a group of selfish persons seeking to benefit personally from the work of professional artistes at the latter's expense.

Their motivation was therefore neither just nor defensible.

They are an accessory to illegal and unethical activities, if not also guilty of those activities themselves.

The fact that Malaysia became the first country in the region to block file-sharing websites does not detract from the rights and wrongs of the issues.

A country such as Malaysia has been besieged by various parties clamouring for better enforcement of laws against copyright piracy.

Whatever the record of such enforcement on the street, the clampdown on illegal file-sharing websites is certainly a plus especially when most infringements these days are being committed this way.

At the same time, for a government to resist Internet censorship despite the temptations is definitely commendable.

Attempts to liken Anonymous to Wikileaks are also grossly misplaced.

Wikileaks did not try to deface or destroy websites or to steal official secrets, but only to relay information of public interest to the public domain against the wishes of governments claiming to work for the public.

If hackers had any righteous values or morals, they would have applied their skills to attack websites spewing race hatred and child pornography, among others.

They fact that they do not, and that they have had to remain anonymous, speak volumes about their lack of scruples.

Seduction on the web

LIKE the spider luring the fly into his web, hackers are “seducing” their victims and luring them to their websites.

A major way for cybercriminals to obtain confidential data is by creating fake websites to host malicious software (malware) or to trick you into providing this information (phishing), says Nigel Tan, the Asia-South principal consultant at online security company Symantec Corporation (Malaysia).

Symantec's study shows that spikes in hacking and phishing occur during major events in the world, like the recent British Royal Wedding or the tsunami tragedy in Japan.


Hackers take advantage of these events to get people to click on links to their fake websites so that they can steal people's confidential information.

“It is human nature to get the latest update of an important global event or to see pictures of a tragedy. Hackers exploit this by sending emails with links for pictures or stories on the event or tragedy,” he says.

“When someone clicks on the link, they will be taken to the fake website where their confidentiality will be compromised or their computer may be affected.”

However, it remains a challenge to determine whether a website is genuine or fake other than the obvious spelling and grammatical errors (many fake websites are rush jobs) or shoddy infrastructure and programming.

Worse, sometimes you can go to a trusted website which has links to websites or advertising that may not be genuine and contain malware or phishing mechanisms.


Sometimes, all you have to do is to click the link and you will taken to a website that will affect your computer.

“We call this drive-by download,'” says Tan.

Password

Password is another easy prey for cyber criminals. With many websites out there now requiring users to register, most people are resorting to using personal information like date of birth or address as their password. Worse, people are increasingly using the same password for everything.

“It is understandable that people will not remember if they use different passwords, but the danger of using the same password for everything is that once a website or your email is compromised by a hacker, they will have access to everything else.”

Fortunately, it is not too difficult to strengthen your password, says Tan, advising people to use at least eight letters in a combination of capital letters, small letters, numbers and symbols.

If you use the same password, you can have variations on it by adding different letters or numbers or symbols, the significance of which should only be understood by you.

“Another effective safeguard is to segmentise your passwords by having one set of password for communication, another set for websites and another for banking and shopping online,” he elaborates.

Technology has also enabled hacking activities to be more targeted, so like those living in big houses in affluent areas who are targeted by burglars, those with bigger bank accounts or higher profiles, for instance, will be more susceptible to cyber attacks and need to be more vigilant on the Net.

Botnet alert

Another growing threat is hackers using our identity or computer to launch an attack.

Citing the recent gov.my hacking as an example, Tan says that while an individual may not be a direct focus target of most hackers, they may be a part of the attack without realising it.

The more common modus operandi is for hackers to use our personal information to get access to their target website. A method that is growing rampant is to control our computer to do their dirty work.

Explains Tan: “Now, hackers do not create malware to crash the computer, they want it to be alive. What they do is to plant malware called botnets (which are like sleeper spies) that will stay quietly in the background in your computer until they are activated by the Master to hack into official websites or to send spam emails that will phish information or crash a website.”

For example, if a hacker wants to spam people, they will just activate the malware they have planted in the different computers around the world and something like a pyramid scheme will be at work (the number of spams spread exponentially).

“The computer owner may not be doing anything but his or her computer will be hard at work. This trend is growing, especially now with broadband; so many people are connected 24 hours a day, even when they are asleep,” says Tan.

It is thus vital that people ensure that their computers are well-protected.

“One thing to remember is that although it is getting easier for cyber criminals and hackers to attack us, it is also getting easier for us to protect ourselves. The problem is that people just don't do it,” he notes, adding that it is also important to ensure that your software and programmes are up-to-date as older computers with outdated software are the most prone to attacks.

Ultimately, he stresses, it boils down to common sense.

“Typically, you won't walk into a dark alley or you won't give a stranger your IC number, so you should not do the same on the Net,” says Tan.

Related Stories:

Tackling cyber piracy needs careful planning; Hackers mainly locals

Malaysia Websites hacked but not whacked after threatened; time to build secured websites!

Beware of criminal hackers   

Meet the good hackers