Tag: military

UK works on military cyber attacks

DSTLThe British Defence Science and Technology Department (DSTL), is increasing its role to help prevent cyber attack against organisations and individuals here.

According to Professor Penelope Endersby, who heads up the lab: “Our adversaries present a real threat and it is therefore important that we too have the option to achieve military effects through and in cyberspace.”

DSTL, she said, is “developing new and novel capabilities to preserve the freedom of our armed forces to operate on a digital battlefield”.

The lab has opened a new facility called Cyber Evaluation and Assessment which she said will help government departments understand where vulnerabilities in the UK’s cyber defence capabilities may be.

DSTL will work with several unnamed government departments to create “cutting edge cyber capabilities for military operations”.

US ramps up cyber soldier training

Military academies catering to all three major service branches in the US are stepping up efforts to train a new breed of cyber warriors for the 21st century. The Army, Navy and Air Force academies are piling more tech courses on their students, including elaborate cyber warfare exercises.

Cyber warfare training is nothing new and US academies have been training cadets in the fine art of cyber warfare for more than a decade, but now the programmes are expanding as a result of new vulnerabilities and capabilities demonstrated by potentially hostile nations, reports The Washington Post

Director of national intelligence James Clapper recently described cyber warfare as the top threat to national security. He said the threats are more diverse, interconnected and viral than at any point in history.

“Destruction can be invisible, latent, and progressive,” he warned.

The US Naval Academy in Annapolis is now requiring freshmen to take a semester to cover the basics of cyber security, but next year it will add a second required cyber course for juniors. The Air Force Academy is rethinking its freshman computing course, half of which now deals with cyber security. It is also looking into adding an additional cyber course.

The Army is also taking cyber warfare seriously. West Point cadets are required to take two cyber courses and attend weekly computer group meetings.

Teams from all three academies take part in regular cyber warfare exercises, the latest of which was held last week. They were not pitted against each other, though. The teams tried to keep computer networks up and running while the NSA tried to take them down, acting like an aggressor team. The Air Force team came out on top. 

Is it ok to howitzer a hacker?

The US military is wondering if it is OK to kill hackers who are using their skills to bring down important infrastructure.

The military is used to shooting enemy operatives who damage property and key infrastructure and it is wondering if they should be treating hackers in the same way as a soldier with an assault rifle.

As seen on Slashdot, since 2009, when the NATO Cooperative Cyber Defence Centre of Excellence commissioned a panel of experts to produce a report on the legal underpinnings of cyber-warfare, the debate has been raging in the Pentagon.

What makes it tricky is that if you are at war you can justify all sorts of things, but most people will be a little cross if you wasted a 16 year old Russian script kiddie with a drone strike for breaking into a US nuclear power station to show his mates he could do it.

Current thinking is that a cyber attack that produces immediate destruction and death is likely to be viewed by the target state as a “use of force”.

Other factors, including the “military character” of the operation and whether the actual cyber-attack violated international law also play into the decision. We do wonder international law’s position on the use of drone strikes.

The US seems to be thinking that the means of attack is “immaterial” to whether an operation can be considered an armed attack. An engineered virus or a pound of plutonium left in an airport bathroom would trigger the “right of self-defense”.

But this would mean that your cyber warrior will have to start seeing themselves as being the same as any front line grunt. Their offices could be subject to bombing or direct assault. All this might sound obvious, but many cyber warriors probably don’t expect this. Their mums probably would not approve either. 

Partnership to make wearable electronics kicks off

Technology has once again met fashion as Peratech and the London College of Fashion have formed a partnership to develop wearable electronics.

Using Peratech’s QTC sensor technology, it is claimed that these designs, part of a three and a half year PhD research project funded by an EPSRC ICASE award, will help the military conduct remote monitoring of personnel for stress and chemical attack.

It is also predicted that the sensors could be incorporated into clothing for everyday health monitoring as early indicators of health problems.

Peratech said its QTC materials have already been used to provide switches in clothing for a number of years. It said the core of QTC technology was that these materials change their resistance when a force is applied such as pressure. 

Printing QTC inks on to textiles would enable simple on/off switches to be created but also because the resistance changes proportionally to the amount of force applied, areas of the cloth can become touch sensitive or can be made to recognise pressure inputs.

The company said the project would combine technology, design and user needs to work out how this growing area of wearable technology can be developed.

It said there were already glasses that provided computer displays, “but they lacked a simple way to input and interact with them”.

Peratech believes that, using its technology, people could potentially print a keyboard onto a sleeve or onto the back of a glove and link it via Bluetooth to electronic glasses.

The material could also potetially detect the presence of volatile organic compounds (VOCs). Its printable QTC E-nose sensors work by the QTC material expanding in the presence of VOCs which changes the resistance of the QTC material, giving a quick response and recover times along with a high level of sensitivity.

Different formulations can be made according to the specific VOC to be detected so that low cost warning sensors and the associated electronics can be printed onto textiles to provide clothing that monitors the wearer for signs of illness, fatigue or exposure to dangerous chemicals, the company said.

Chinese hackers strike EADS and ThyssenKrupp

Aerospace EADS and German steelmaker ThyssenKrupp recorded major attacks by Chinese hackers in 2012, it has emerged. According to Der Spiegel, the efforts were part of a wider trend of increasingly significant cyber attacks targeting German companies.

EADS confirmed the attacks, telling Reuters that they were “standard attacks” and that the company is working closely with authorities to address the problem.

EADS is the parent company of Airbus and it is also one of the biggest defence contractors in Europe, responsible for projects such as the Eurofighter Typhoon, Eurocopter Tiger and with strong ties to Dassault Aviation, makers of the Rafale fighter jet.

ThyssenKrupp also confirmed the attack, saying it took place in the US and originated from a Chinese internet address. The company did not say whether the hackers obtained any sensitive information.

ThyssenKrupp is one of Europe’s biggest conglomerates, with operations spread out along 670 companies worldwide.

The German Federal Office for the Protection of the Constitution recorded 1,100 cyber attacks from foreign secret services in 2012. Most attacks targeted politicians involved with energy and finance. 

Dell hits the frontline with mobile military datacentres

Dell is unleashing its air-deployable military datacentre for computing on the front line.

The Tactical Mobile Data Center is a customisable datacentre that governments can send out to support military forces in whatever far flung corner of the world they are needed in.   

Frontline access to IT infrastructure is more necessary than ever Dell Federal, and the Tactical Mobile Data Center is aimed at allowing a datacentre to be quickly supplied, set up and torn down again before moving on to a new location.

Suitably the datacentres are able to put up with more intense situations than your average IT environment, and are apparently able to withstand 3G forces while in transit.

Each of the datacentres are shipped, or flown, with an ISU-96 flight certified container with automatic ventilation back up, intrusion detection and monitoring, fire suppression and emergency power off among other features.

Machine gun turrets are not an optional extra as far as we are aware.

The customisable datacentres comprises at least two components  – the IT Pack and AC/UPS Pack.

The IT Pack contains: three 42U – 15KW capacity server racks (45KW total), power distribution units, data connections.  Each container holds up to 120U’s or 10,000 lbs, according to Dell.

The AC/UPS Pack contains battery back up, with support for structured or generated power feeds, with Glycol closed loop system supporting cooling capacity.

NSA channels Joseph Heller

The US National Security Agency has decided that it is best to take a Joseph Heller approach to dealing with questions about how many people it had been spying upon.

The senators wrote to the NSA asking how many people’s personal privacy has been violated under new counterterrorism powers. The NSA wrote back and said it would really like to be able to tell civil libertarian Senators Ron Wyden and Mark Udall, but that would violate personal privacy.

So in true Joseph Heller style the NSA can’t tell you about infringements to personal privacy because that would infringe the personal privacy of the people whose privacy has been infringed.

The answer was the brainchild of Charles McCullough, the Inspector General of the Office of the Director of National Intelligence, the nominal head of the 16 US spy agencies.

According to Wired, McCullough told the senators a review of the cases would also violate the privacy of US persons.

However, there was not a lot of detail that the senators wanted. Wyden asked for a ballpark estimate of how many Americans have been monitored under this law, and he said it was disappointing that the Inspectors General cannot provide it.

He said that if no one will estimate how many Americans have had their communications collected under this law then it is all the more important that Congress close the ‘back door searches’ loophole, to keep the government from searching for Americans’ phone calls and emails without a warrant.

The changes to the Foreign Intelligence Surveillance Act in 2008 relaxed the standards under which communications with foreigners that passed through the United States could be collected by the spy agency.

The NSA did not need probable cause to intercept a person’s phone calls, text messages or emails within the United States as long as one party to the communications was “reasonably” believed to be outside the United States.

Back door found in Chinese-made chip

A chip which was built in China for the US military chip came with a backdoor which made it vulnerable to “IP theft, fraud and Trojans”.

Insecurity experts at Cambridge University found that a microprocessor used by the US military but made in China contains secret remote access capability.

Apparently a secret “backdoor” that means it can be shut off or reprogrammed without the user knowing.

Cambridge University’s Computing Laboratory has not named the chip but said it was widely used in military and industrial applications.

All Chinese spooks have to do is flick a switch and the PC is p0wned at a chip level. From there they can do pretty much what they like.

The discovery was made during testing of a new technique to extract the encryption key from chips which was being developed by Cambridge spin-off Quo Vadis. There is no way to fix the bug and the chip must be replaced.

Cambridge University researcher Sergei Skorobogatov and Quo Vadis Labs research Christopher Woods wrote that the discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry.

The report added that the discovery also raises some questions about the integrity of manufacturers making claims about the security of their products without independent testing.

Large numbers of chips are made within China and shipped out to the west. 

Lulzsec is back

Despite the fact that the FBI claims to have arrested its senior members, the hacking collective Lulzsec is back on the attack.

After many months, the group claims to have exposed the accounts of nearly 171,000 miltary members of a dating site.

It appears to be a return to form by the group, which in 2011 put the fear of god into the FBI, CIA, Sony and even PBS.

This time the group has hacked into the dating site MilitarySingles.com and taken emails from members which include those with “us.army.mil” addresses.

The group said it dumped 170,937 email accounts.

Robert Goebel, CEO of Esingles, refused to admit if the hack was real but said that it had carried out a series of security procedures in response.

Goebel does not think the dating site was actually hacked. He said the website was down for some time over the weekend, but that was due to scheduled maintenance. The site only has 140,000 members so some of the names can’t be from the site.

He told AP that site members shouldn’t panic. Even if the hackers were successful, the site’s passwords are encrypted so all accounts are safe. 

Woman pleads guilty to selling fake chips to US military

An American woman has pleaded guilty to selling fake computer chips to the US military.

Stephanie McCloskey, who is from Florida, worked as an administrator for VisionTech Components. The company sold what were supposed to be military-grade integrated circuits able to handle very high temperatures and inhospitable environments, all of which bore labels of large chip firms like Intel and Texas Instruments. It was later discovered that these chips were counterfeit.

The fake chips, which numbered up to 60,000, were imported from Hong Kong and China and some were in such poor condition that VisionTech employees needed to use erasers to “polish” them. The company also tampered with chip labels to make it impossible to match the circuit number with the one on the box.

VisionTech conducted business with the US military and various other companies, particularly linked with defence, bringing in $15.8 million over three years, while only spending $425,000 on buying the counterfeit chips.

The woman received $166,141 in pay for working for the company, which she has agreed to forfeit as part of her guilty plea. This is likely to lessen her potential sentence.

Her employer, Shannon Wren, has also been charged. Both were arrested in September and face sentencing at an as yet undecided time.

McCloskey faces a possible fine of $250,000 and up to five years behind bars.