Terrorism – Is it Going Away?

Terrorism - Is it Going Away?

Going on 13 years since 9/11…

Ukraine invaded by Russia seeking to annex Crimea

Malaysia Airline with 239 aboard missing and still a mystery

Sochi, suspected hijacker tries to divert plane, F-16s scrambled

Syria aided by Hezbollah fighters, estimates of more than 150,000 dead

Iran ships medium range missiles to Hamas in the Gaza Strip

Iraq Suicide bombing a somewhat regular occurrence

Pakistan death toll in war on terror estimated at 49,000

Saudi Arabia concerned about Muslim Brotherhood and
Hezbollah

Lebanon, twin suicide car bombings in capital

Egypt, terror attack on tourist bus in Red Sea resort

Somalia, car bombing at national intelligence headquarters

North Korea accused by South of “reign of terror”

Where are we in the war on terror–are we really any safer?

All opinions my own.

(Source Photo: Andy Blumenthal)

Security Is A Joke!

Fascinating video with Dan Tentler on the Shodan Search Engine…which CNN calls the “scariest search engine on the Internet.”

The search engine crawls the Internet for servers, webcams, printers, routers, and every type of vulnerable device you can imagine.

It collects information on more than 500 million devices per month and that was as of last year, so it’s already probably a lot more.

Tentler shows the unbelievable amounts and type of things you can access with this, including our critical infrastructure for the country –from utilities to traffic lights, and power plants:

– Private webcams
– Bridges
– Freeways
– Data Centers
– Polycoms
– Fuel cells
– Wind farms
– Building controls for lighting, HVAC, door locks, and alarms
– Floor plans
– Power meters
– Heat pump controllers
– Garage doors
– Traffic control systems
– Hydroelectric plants
– Nuclear power plant controls
– Particle accelerators
– MORE!!!!

Aside from getting information on the IP address, description of the devices, locations (just plug the longitude and latitude into Google for a street location), you can often actually control these devices right from YOUR computer!

The information is online, open to the public, and requires no credentials.

– “It’s a massive security failure!”

– “Why is this stuff even online?”

Where is our cyber leadership????

>>>Where is the regulation over critical infrastructure?

If there is a heaven for hackers, this is it–shame on us. 😦

National State Of Cyber Insecurity

This video is a wake up call on the state of our national cyber insecurity.

It is the opening statement (about 6 minutes) of Chairman Michael McCaul (R-TX) of the Homeland Security Subcommittee of Oversight, Investigations, and Management.

What he describes is quite grave and every American should listen carefully about the state of our cyber insecurity that poses a real and significant threat to our economy and national security.

We are under attack by cyber criminals, terrorists, and hostile nation states.

Our adversaries seek to and can paralyze our critical infrastructure, steal our intellectual property, conduct espionage, and access our personal and financial information.

The collapse of our military networks, financial system, energy, transportation, and electricity “is not science fiction.”

The cyber attacks are “real, stealth, and persistent, and can devastate our nation.”

It is “not a matter of if, but when a Cyber Pearl Harbor will occur.”

And “we have been fortunate that up until this point that cyber attacks on our country have not caused a cataclysmic event.”

I read from the Center for Strategic and International Studies (2011) that cybersecurity has taken a back seat after 9/11 to the War on Terror as well as the economic fight after the recession of 2008, with the result that “the United States is unprepared to defend itself.”

Chairman McCaul critically states at the end of his opening statement, “Let’s do something meaningful [now] because it is not a tolerable situation!”

Like Buying A Nuke On The Black Market

Like Buying A Nuke On The Black Market

Buying a serious computer vulnerability is now like acquiring a nuke on the black market.

Nations and terrorists will pay to find the fatal flaw in computer programs that will enable them to perpetrate everything from subversive cyber spying to potentially massively destructive cyber attacks.

As the world is focused on nuclear non-proliferation, computer weapons are the new nukes–able to do everything from a targeted strike on an organization or agency to taking out vast swaths of our nation’s critical infrastructure.

According to the New York Times (13 July 2013), there is a great interest in buying “zero-day exploits”–one where governments or hackers can strike using a computer vulnerability before anyone even knows about it and can correct it.

The average zero-day exploit persists for “312 days–before it is detected”–giving amble time for attackers to cash-in!

Brokers are now working to market the computer flaws for a 15% cut, with some even “collecting royalty fees for every month their flaw is not discovered.”

The average flaw “now sells for around $35,000 to $160,000” and some companies that are selling these are even charging an annual $100,000 subscription fee to shop their catalog of computer vulnerabilities in addition to the cost for each one that varies with it’s sophistication and the pervasiveness of the operating system behind the exploit.

While governments and terrorists are on the prowl to buy the exploits for offensive purposes, technology companies are competing to purchase them and are offering “bug bounties” in order to identify the flaws and fix them before they are exploited.

We’ve come a long way from people and organizations buying software with their regular upgrades and patches to nations and hackers buying the knowledge of the flaws–not to patch–but to spy or harm their adversaries.

You can buy the bomb shelter or software patch, but someone else is buying the next more lethal bomb or vulnerability–the question is who will pay more to get the next exploit and when and how will they use it.

(Graphic by Andy Blumenthal adapted from here with attribution for the mushroom cloud photo to Andy Z.)