Sunday, July 14, 2013

Sunday Globe Special: Hacking is Good Bu$ine$$

And USrael is behind most of it.

"Conflicts around the world creating profits for hackers; Nations pay well for software flaws they can exploit" by Nicole Perlroth and David E. Sanger |  New York Times, July 14, 2013

NEW YORK — On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs — not the island’s many beetle varieties, but secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit.

The hackers, Luigi Auriemma, 32, and Donato Ferrante, 28, sell technical details of such vulnerabilities to countries that want to break into the computer systems of foreign adversaries.

The two will not reveal the clients of their company, ReVuln, but big buyers of services like theirs include the National Security Agency — which seeks the flaws for America’s growing arsenal of cyberweapons — and US adversaries like the Iranian Revolutionary Guard.

At this point, after the Snowden revelations, it is safe to assume it is the U.S. and its intelligence apparatus that is behind the hacking (imho).

All over the world, from South Africa to South Korea, business is booming in what hackers call “zero days,” the coding flaws in software like Microsoft’s Windows that can give a buyer unfettered access to a computer and any business, agency, or individual dependent on one.

Why isn't government shutting this down?

Just a few years ago, hackers like Auriemma and Ferrante would have sold the knowledge of coding flaws to companies like Microsoft and Apple, which would fix them. Last month, Microsoft sharply increased the amount it was willing to pay for such flaws, raising its top offer to $150,000.

Increasingly, however, the businesses are being outbid by countries with the goal of exploiting the flaws in pursuit of the kind of success that the United States and Israel achieved three summers ago when they attacked Iran’s nuclear enrichment program with a computer worm that became known as “Stuxnet.’’

Yeah, you see, it's okay if USrael does it -- even if it spread and led to possible problems with the shutdown at Fukushima, as well as technical problems in Russian and German reactors.

******************************

“Governments are starting to say, ‘In order to best protect my country, I need to find vulnerabilities in other countries,’ ” said Howard Schmidt, the former White House cybersecurity coordinator. “The problem is that we all fundamentally become less secure.”

So government can come back and argue for more money to make us secure, etc, etc.

Ten years ago, hackers would hand knowledge of such flaws to Microsoft and Google free, in exchange for a T-shirt or perhaps for an honorable mention on a company’s website. Even today, so-called patriotic hackers in China regularly hand over the information to the government.

Yeah, right, pot-hollering-kettle media.

Now, the market for information about computer vulnerabilities has turned into a gold rush. Disclosures by Edward J. Snowden, the former NSA consultant who leaked classified documents, made it clear that the United States is among the buyers of programming flaws. But it is hardly alone.

Not something the AmeriKan ma$$ media has focused on, is it?

Israel, Britain, Russia, India, and Brazil are some of the biggest spenders. North Korea is in the market, as are some Middle Eastern intelligence services. Countries in the Asian Pacific, including Malaysia and Singapore, are buying, too, according to the Center for Strategic and International Studies in Washington.

To connect sellers and buyers, dozens of well-connected brokers now market information on the flaws in exchange for a 15 percent cut. Some hackers get a deal collecting royalty fees for every month their flaw lies undiscovered, according to several people involved in the market....

This is $ick, folks.

For start-ups eager to displace more established military contractors, selling vulnerabilities have become a lucrative opportunity.

Just what we need after the concerns regarding the privatization of intel after Snowden.

Firms like Vupen in Montpellier, France; Netragard in Acton, Mass.; Exodus Intelligence in Austin, Texas; and ReVuln, Auriemma and Ferrante’s Maltese firm, freely advertise that they sell knowledge of the flaws for cyberespionage and in some cases for cyberweapons.

--more--"

Where to look for work: 

"Hackers often go to the National Security Agency, where they work on offensive digital attacks on foreign nations."

Gotta stop blaming China then.

"US looks to recruit student hackers; Wants them to defend against foreign attacks" by Nicole Perlroth |  New York Times, March 25, 2013

WASHINGTON — In the eighth grade, Arlan Jaska figured out how to write a simple script that could switch his keyboard’s Caps Lock key on and off 6,000 times a minute. When friends weren’t looking, he slipped his program onto their computers. It was all fun and games, until the program spread to his middle school.

“They called my parents and told my dad I was hacking their computers,’’ Jaska, 17, recalled.

He was grounded and got detention. Yet he is just the type of youngster the Department of Homeland Security is looking to hire.

The secretary of that agency, Janet Napolitano, knows she has a problem that will only worsen.

Not for her. I wonder what is coming down the pike that she wanted out.

Foreign hackers have been attacking her agency’s computer systems. They have also been busy trying to siphon the nation’s wealth and steal valuable trade secrets. And they have begun probing the nation’s critical infrastructure — the power grid and water and transportation systems.

So she needs her own hackers — 600, the agency estimates. But potential recruits with the right skills too often have been heading for business, and those who do choose government often go to the National Security Agency, where they work on offensive digital attacks on foreign nations.

So they hack, too, huh?

At Homeland Security, the emphasis is on keeping hackers out, or playing defense. 

Call NSA. They are scooping up all communications, so.... ???

‘‘We have to show them how cool and exciting this is,’’ said Ed Skoudis, one of the nation’s top computer security trainers. ‘‘And we have to show them that applying these skills to the public sector is important.’’

One answer? Start young and make it a game, even a competition.

Start the Sieg Heils.

This month, Jaska and his classmate Collin Berman took top spots at the Virginia Governor’s Cup Cyber Challenge, a veritable smackdown of hacking for high school students that was the brainchild of Alan Paller, a security expert, and others in the field.

Well, I guess there is serious hacking, and then there is hacking.

With military exercises like NetWars, the competition had more the feel of a video game.

This is SICKENING and GROSS, folks.

Paller helped create the competition, the first in a series, to help Homeland Security, and likens the agency’s need for hackers to the shortage of fighter pilots during World War II....

The Catch-22 is the kids have been so propagandized (although methinks they are finally waking up to the lies).

It’s a far different pursuit — and a higher-minded one, enlightened hackers will say — than simply defacing websites....

It’s no coincidence that the idea of using competitions came, in part, from China, where the People’s Liberation Army runs challenges every spring to identify its next generation of digital warriors.

Tan Dailin, a graduate student, won several of the events in 2005. Soon afterward he put his skills to work and was caught breaking into the Pentagon’s network and sending reams of documents back to servers in China.

‘‘We have no program like that in the United States — nothing,’’ Paller said. ‘‘No one is even teaching this in schools. If we don’t solve this problem, we’re in trouble.’’

(Blog editor reads that and realizes it's over. This is Germany, early 1940s now. Nothing but war propaganda in the papers.)

*************

When eight students expressed interest in starting a security club, they had to persuade a Raytheon Co. employee to meet with them once a week. (One idea for a name, the Hacking Club, didn’t last. ‘‘We don’t want people who are going to go around defacing sites,’’ Berman said. They recently rebranded from the Cybersecurity Club to the Computer Security Club. The group dropped the ‘‘Cyber’’ because ‘‘it sounds like you’re trying to be cool but you’re not,’’ clarified Jaska.)

Nice little Nazi youth (although making the comparison is unfair to the Nazis).

Jaska and Berman heard about the Virginia competition through their school....

Three weeks ago, the pair traveled to the Governor’s Cup Cyber Challenge at George Mason University. There, they found something they rarely encounter in high school: a thriving community of like-minded teenagers, the best and brightest of a highly specialized task.

After several hours, the winners were announced....

 Jaska won, earning a $5,000 scholarship. Berman won $1,500 for third place.

This summer, Jaska is hoping to be an intern at Northrop Grumman.

Is that a paid internship, or do you have to pay them? 

Related: Court ruling stirs debate over intern pay

Napolitano may be pleased to learn that Berman is considering an internship at Homeland Security.

But she still has some convincing to do.

Not anymore.

Asked about their dream job, both students said they wanted to work in the private sector. ‘‘The problem with going into the government is you’re going to make a lot less,’’ said Berman.

‘‘Everything’s slower, there’s budget cuts and bureaucracy everywhere, and you can’t talk about what you do,’’ Jaska added. ‘‘It just doesn’t seem like as much fun.’’

Yeah, working for a Wall Street looter would be better. Or an organized crime or CIA front company. That would be a lot more fun.

--more--"

Related: Feds: 3 nabbed for widespread Gozi computer virus

Is that in line with the USraeli-created Stuxnet, or is it similar to Duqu, Gauss, or Flame?

Also see:


"Leaked emails from data security firm HBGary show the federal government is offering private intelligence companies contracts to create software to manage “fake people” on social media sites, possibly to manipulate public opinion or create the illusion of consensus on controversial issues."

“a strong likelihood that the next Pearl Harbor’’ could well be a cyberattack that cripples the US power grid and financial and government systems...."

Who are the hackers again? 

Yeah, all this PROPAGANDA and CRAP about hacking is about SHUTTING DOWN DISSENT on the INTERNET and NOTHING MORE!