NSA Creating Spy System to Monitor Domestic Infrastructure

[FastTadpole]

Quote:Report: NSA creating spy system to monitor domestic infrastructure
By Daniel Tencer
Wednesday, July 7th, 2010 -- 9:07 pm

Internal Raytheon email calls system 'Big Brother'

The National Security Agency has begun work on an "expansive" spy system that will monitor critical infrastructure inside the United States for cyber-attacks, in a move that detractors say could end up violating privacy rights and expanding the NSA's domestic spying abilities.

The Wall Street Journal cites unnamed sources as saying that the NSA has issued a $100-million contract to defense contractor Raytheon to build a system dubbed "Perfect Citizen," which will involve placing "sensors" at critical points in the computer networks of private and public organizations that run infrastructure, organizations such as nuclear power plants and electric grid operators.

In an email obtained by the Journal, an unnamed Raytheon employee describes the system as "Big Brother."

"The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," the email states. "Perfect Citizen is Big Brother."

"Raytheon declined to comment on this email," the Journal reports.

Some officials familiar with Perfect Citizen see it "as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide," the Journal states.

The program is reportedly being funded under the Comprehensive National Cybersecurity Initiative, a program launched by the Bush administration in January, 2008, and continued under the Obama administration. The initiative is budgeted to cost $40 billion over several years.

ANOTHER WAR WITHOUT DEFINITION?

News of the spy system comes in the wake of months of news reports and government statements on the the threat of cyber-attacks. Last year, the US pointed the finger of blame at North Korea for a "widespread" attack on US and South Korean government computers. Earlier this year, a coordinated attack on Google servers was identified as originating from China.

But many observers say the threat of cyberwar is exaggerated, and they suggest that profit may be a motive behind efforts to build cyber-defense systems.

"It's about who is in charge of cyber security, and how much control the government will exert over civilian networks," writes security technology expert Bruce Schneier at the CNN Web site. "And by beating the drums of war, the military is coming out on top."

Schneier sees danger in the media "mislabeling" activities like computer hacking and "cyber-activism" as "cyberwar."

"One problem is that there's no clear definition of 'cyberwar.' What does it look like? How does it start? When is it over? Even cybersecurity experts don't know the answers to these questions, and it's dangerous to broadly apply the term 'war' unless we know a war is going on."

MONEY TO BE MADE

In a report published last month, Cecilia Kang at the Washington Post described cyber-security as "Washington's growth industry of choice," and companies in the business are "in line for a multibillion-dollar injection of federal research dollars."

Kang reported:

Delivering the keynote address at a recent cybersecurity summit sponsored by Defense Daily, Dawn Meyerriecks, deputy director of national intelligence for acquisition and technology, said that along with the White House Office of Science and Technology, her office is going to sponsor major research "where the government's about to spend multiple billions of dollars."

Tom Burghardt at Pacific Free Press notes that the conference at which Meyerricks spoke was sponsored, among other firms, by Raytheon.

http://digg.com/politics/NSA_creating_sp...astructure
http://rawstory.com/rs/2010/0707/nsa-cre...structure/

Related:

Pentagon's Cyber Command: Civilian Infrastructure a "Legitimate" Target
http://concen.org/forum/showthread.php?tid=32606

Frightening new cyber-war piece from Tom Burghardt. Cyber 9/11?
http://concen.org/forum/showthread.php?tid=33640

U.S. Cyber Command: Waging War In World’s Fifth Battlespace
http://concen.org/forum/showthread.php?tid=33137

Cyberwar, the Internet and the Militarization of Civil Society
http://concen.org/forum/showthread.php?tid=32713

[h3rm35]

no longer relevant

[h3rm35]

file this under: "warm-up to Brooklyn Bridge sales pitch":

http://www.reuters.com/article/idUSN0820863820100709

Quote: July 8 (Reuters) - A contract has been awarded for research to help counter computer-based threats to national-security networks, the chief U.S. code-cracking and eavesdropping agency said, amid mounting concern over cyber vulnerabilities.

The program, dubbed Perfect Citizen, is "purely a vulnerabilities-assessment and capabilities-development contract," Judith Emmel, a National Security Agency spokeswoman, said in an email to Reuters.

"This is a research and engineering effort," she said. "There is no monitoring activity involved, and no sensors are employed in this endeavor."

The Wall Street Journal, in its Thursday editions, described Perfect Citizen as relying on sensors it said would be deployed in networks running critical infrastructure such as the electricity grid and nuclear-power plants.

Raytheon Co (RTN.N) won a classified contract for the classified work's initial phase valued at up to $100 million, the report cited a person familiar with the project as saying.

Joyce Kuzmin, a Raytheon spokeswoman, told Reuters in response: "We have no info on this."

The NSA, a Defense Department arm, did not confirm or deny that the contract in question had been awarded to Waltham, Massachusetts-based Raytheon.

"This contract provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks," Emmel said.

It would be inappropriate to confirm or deny details of the Journal report because of "the high sensitivity of what we do to defend our nation," she added.

"Any suggestions that there are illegal or invasive domestic activities associated with this contracted effort are simply not true," Emmel said. "We strictly adhere to both the spirit and the letter of U.S. laws and regulations."

U.S. Deputy Secretary of Defense William Lynn said last month that more than 100 intelligence agencies and foreign militaries were actively trying to penetrate U.S. computer systems, and "weapons-system blueprints are among the documents that have been compromised."

The United States must be able to operate freely in cyberspace amid dangers of "remote sabotage," General Keith Alexander said June 3 in his first public remarks as head of U.S. Cyber Command. It was activated in May to harmonize offensive and defensive U.S. operations in cyberspace.

[h3rm35]

Are You a "Perfect Citizen"?
NSA Will Deploy Snooping Sensors on Private Networks

Rather than addressing an impending social catastrophe, Western governments, which serve the interests of the economic elites, have installed a "Big Brother" police state with a mandate to confront and repress all forms of opposition and social dissent. -- Michel Chossudovsky and Andrew Gavin Marshall, Preface, The Global Economic Crisis: The Great Depression of the XXI Century, Montreal: Global Research, 2010, p. xx.

In a sign that illegal surveillance programs launched by the Bush administration are accelerating under President Obama, The Wall Street Journal revealed last week that a National Security Agency (NSA) program, PERFECT CITIZEN, is under development.

With a cover story that this is merely a "research" effort meant to "detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants," it is also clear that the next phase in pervasive government spying is underway.

With "cybersecurity" morphing into a new "public-private" iteration of the "War On Terror," WSJ reporter Siobhan Gorman disclosed that giant defense contractor Raytheon "recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million."

This wouldn't be the first time that Raytheon had positioned itself, and profited from, a media-driven panic. As investigative journalist Tim Shorrock documented for CorpWatch, "as the primary spying unit of defense industry giant Raytheon," the firm's Intelligence and Information Services division (Raytheon IIS) is the premier provider of command and control systems "capable of transforming data into actionable intelligence."

According to Shorrock, the unit's "most important clients ... are the NSA, NGA, and NRO, for which it provides signals and imaging processing, as well as information security software and tools;" in other words, agencies that are at the heart of America's electronic warfare complex.

The program, Gorman writes, "would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack." While Journal sources claim the program "wouldn't persistently monitor the whole system," a leaked Raytheon email paints a different picture, in line with other NSA intrusions into domestic affairs.

"The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," the whistleblower writes. "Perfect Citizen is Big Brother."

These revelations have triggered concerns that projects like PERFECT CITIZEN, and others that remain classified, signal a new round of secret state surveillance and privacy-killing programs under the catch-all euphemism "cybersecurity."

The Journal reports that information captured by PERFECT CITIZEN "could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year."

In other words, the program will have major implications "beyond the critical infrastructure sector" and could adversely affect the privacy rights of all Americans. In fact, it wouldn't be much of a stretch to hypothesize that PERFECT CITIZEN may very well be related to other "intrusion detection programs" such as Einstein 3's deep-packet inspection capabilities that can read, and catalogue, the content of email messages flowing across private telecommunications networks.

One unnamed military source told the Journal, "you've got to instrument the network to know what's going on, so you have situational awareness to take action."

However, as the UK publication The Register noted, "many of the networks that the NSA would wish to place Perfect Citizen equipment on are privately owned, however, and some could also potentially carry information offering scope for 'mission creep' outside an infrastructure-security context."

The Register's Lewis Page, a former Royal Navy Commander and frequent critic of the surveillance state, writes that "full access to power company systems might allow the NSA to work out whether anyone was at home at a given address. Transport and telecoms information would also make for a potential bonanza for intrusive monitoring."

When queried whether the program would be yet another snooping tool deployed against the public, NSA spokesperson Judith Emmel told The Register Friday: "PERFECT CITIZEN is purely a vulnerabilities-assessment and capabilities-development contract."

According to NSA, "This is a research and engineering effort. There is no monitoring activity involved, and no sensors are employed in this endeavor. Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems."

When specifically asked by Page if NSA is "seeking to spy on US citizens by means of examining their power or phone usage, tracking them through transport systems etc, the NSA would simply never think of such a thing."

"Any suggestions that there are illegal or invasive domestic activities associated with this contracted effort are simply not true. We strictly adhere to both the spirit and the letter of US laws and regulations," insisted Emmel.

Which raises an inevitable question: what would lead a Raytheon insider to compare the project to "Big Brother"? This is strong language from an employee of one of America's largest defense firms, a company in the No. 4 slot on Washington Technology's 2010 Top 100 list of prime federal contractors with some $6.7 billion in total revenue, 88% of which are derived from defense contracts.

At this point we don't know, and Siobhan Gorman hasn't told us since the Journal, as of this writing, hasn't seen fit to enlighten the public with the full text, if one exists, as to why someone obviously familiar with the program would put their job at risk if PERFECT CITIZEN were simply a "vulnerabilities-assessment and capabilities-development contract" and not something far more sinister.

The Pentagon Rules. Any Questions?

The Journal reported that the project began as "a small-scale effort" under the code name APRIL STRAWBERRY. Over time, the classified program was "expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration," Gorman wrote. Now, with billions of dollars available "the NSA is now seeking to map out intrusions into critical infrastructure across the country."

As Antifascist Calling reported earlier this year (see: "Obama's National Cybersecurity Initiative Puts NSA in the Driver's Seat"), although the administration has released portions of the Bush regime's National Security Presidential Directive 54 (NSPD-54) in a sanitized version called the Comprehensive National Cybersecurity Initiative (CNCI), the full scope of the program remains shrouded in secrecy.

Indeed, most of NSPD-54 and CNCI have never been released to the public. This led the Senate Armed Services Committee (SASC) to write in a 2008 report that "virtually everything about the initiative is classified, and most of the information that is not classified is categorized as 'For Official Use Only'."

Due to the opacity of the highly-secretive program and stonewalling by the administration, the SASC joined their colleagues on the Senate Select Committee on Intelligence and called for the initiative to be scaled-back "because policy and legal reviews are not complete, and because the technology is not mature."

Hardly beacons of transparency themselves when it comes to overseeing depredations wrought by the secret state, nevertheless SASC questioned the wisdom of a program that "preclude public education, awareness and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties. ... The Committee strongly urges the [Bush] Administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative."

In fact, as the investigative journalism web site ProPublica reported last summer, the White House "has erased all mention of the Privacy and Civil Liberties Oversight Board from its Web site. The removal, which was done with no public notice, has underlined questions about the Obama administration's commitment to the board." As of this writing, it remains an empty shell.

Despite repeated efforts by civil liberties and privacy groups, the Obama administration has been no more forthcoming than the previous regime in answering these critical concerns, particularly when the "policy and legal issues" are cloaked in secrecy under a cover of "national security."

Instead, CNCI's "Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains," offer little more than linguistic sedatives meant to lull the public as to how and through what means the administration plans to build "on the existing and ongoing partnership between the Federal Government and the public and private sector owners and operators of Critical Infrastructure and Key Resources (CIKR)."

While the administration claims that the "Department of Homeland Security and its private-sector partners have developed a plan of shared action with an aggressive series of milestones and activities," as we now know the civilian, though securocratic-minded Homeland Security bureaucracy is being supplanted by the Pentagon's National Security Agency and U.S. Cyber Command as the invisible hands guiding the nation's "cybersecurity" policies.

As I reported last month (see: "Through the Wormhole: The Secret State's Mad Scheme to Control the Internet"), corporate greed and venality aren't the only motives behind hyped-up "cyber threats." Armed with multibillion dollar budgets, most of which are concealed from public view under a black cone of top secret classifications, agencies such as NSA are positioning themselves as gatekeepers over America's electronic communications infrastructure.

The Media's Role

With corporate media serving as "message force multipliers" for the flood of alarmist reports emanating from industry-sponsored think tanks such as the Bipartisan Policy Center (BPC) and the Center for Strategic and International Studies (CSIS), or lobby shops like the Armed Forces Communications and Electronics Association (AFCEA) and the Intelligence and National Security Alliance (INSA), it is becoming clear that consensus has been reached amongst Washington power brokers, one that will have a deleterious effect on the free speech and privacy rights of all Americans.

Floated perhaps as a means to test the waters for restricting internet access, The New York Times reported July 4 that "the Internet affords anonymity to its users--a boon to privacy and freedom of speech. But that very anonymity is also behind the explosion of cybercrime that has swept across the Web."

Reporter John Markoff, a conduit for "cyberwar" scaremongering, informs us that "Howard Schmidt, the nation's cyberczar, offered the Obama administration's proposal to make the Web a safer place--a 'voluntary trusted identity' system that would be the high-tech equivalent of a physical key, a fingerprint and a photo ID card, all rolled into one."

"The system" Markoff writes, "might use a smart identity card, or a digital credential linked to a specific computer, and would authenticate users at a range of online services."

Schmidt has described the Obama administration's approach (note the warm and fuzzy phrase hiding the steel fist) as a "voluntary ecosystem" in which "individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on."

Markoff's reporting would be humorous if we didn't already know that secret state agencies themselves have already compromised the Secure Socket Layer certification process (SSL, the tiny lock that appears during supposedly "secure" online transactions), as computer security and privacy researchers Christopher Soghoian and Sid Stamm revealed in their paper, Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL.

In March, Soghoian and Stamm introduced the public to "a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications." They provided "alarming evidence" that suggests "that this attack is in active use," and that a niche security firm, Packet Forensics, is already marketing "extremely small, covert surveillance devices for networks" to government agencies.

Not everyone is thrilled by Schmidt's call to create this allegedly "voluntary" system. Lauren Weinstein, the editor of Privacy Journal, told the Times that "such a scheme is a pre-emptive push toward what would eventually be a mandated Internet 'driver's license' mentality."

The stampede for increased state controls are accelerating. Stewart Baker, the NSA's chief counsel under Bush, told the Times that the "privacy standards the administration wants to adopt will make the system both unwieldy and less effective and not good for security." Baker and his ilk argue that all internet users "should be forced to register and identify themselves, in the same way that drivers must be licensed to drive on public roads."

Considering that police have increasingly turned to license plate readers that are fast becoming "a fixture in local police arsenals," as the Center for Investigative Reporting revealed last month, and that such devices have been deployed for political surveillance here in the heimat and abroad, as both The Guardian and Seattle Weekly disclosed in reports documenting outrageous secret state spying, a licensing scheme for internet users is an ominous analogy indeed!

The Grim Road Ahead

A confidence game only works when "marks," in this case American citizens, allow themselves to be defrauded by a person or group who have gained their trust.

And when trust cannot be won through reason, fear tends to take over as a powerful motivator. This is amply on display when it comes to Washington's ginned-up "cybersecurity" panic.

According to this reading, fraudulent internet schemes, identity theft, even espionage by state- and non-state actors (say corporate spies who benefit from NSA's ECHELON program) have been transformed into a "war," one which Bush's former Director of National Intelligence, Mike McConnell, currently an executive vice president with the spooky Booz Allen Hamilton firm, claims the U.S. is "losing."

But as security technology expert Bruce Schneier wrote last week, "There's a power struggle going on in the U.S. government right now.

"It's about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top."

Schneier avers that "the entire national debate on cyberwar is plagued with exaggerations and hyperbole." Googling "cyberwar," as well as "'cyber Pearl Harbor,' 'cyber Katrina,' and even 'cyber Armageddon'--gives some idea how pervasive these memes are. Prefix 'cyber' to something scary, and you end up with something really scary."

Hackers, criminals and sociopaths have been around since the birth of the "information superhighway." Schneier writes, "we surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of 'war,' we feed our fears."

This is precisely the intent of our political masters. And if the purpose of "cyberwar" hype is to breed fear, mistrust and helplessness in the face of relentless attacks by shadowy actors only a mouse click away then, as Schneier sagely warns: "We reinforce the notion that we're helpless--what person or organization can defend itself in a war?--and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime."

Destroy trust, increase fear: create the "Perfect Citizen."

[FastTadpole]

Oh it's totally fine,everything is OK. False alarm everyone. The NSA claims that Perfect Citizen is merely a "research project". Thanks for clearing that up and alleviating our suspicions NSA, you all had us worried for nothing. We trust you.

Quote:NSA offers explanation of Perfect Citizen
July 9, 2010 12:53 PM PDT
by Lance Whitney

The Perfect Citizen project is purely a research-and-engineering effort, not an attempt to monitor companies against cyberattack, the National Security Agency said Thursday.

The NSA issued a brief explanation of the new project in response to a Wall Street Journal story that described Perfect Citizen as a government system designed to monitor vital agencies and private utilities against potential cyberthreats. The project would establish a series of sensors installed throughout various computer networks that would raise an alarm in case of a pending cyberattack, according to the Journal.

But in an e-mail statement attributed to NSA spokeswoman Judith Emmel, the agency denied that Perfect Citizen would involve any type of monitoring activity or sensors, and labeled it as "purely a vulnerabilities assessment and capabilities development contract." She added that "it does not involve the monitoring of communications or the placement of sensors on utility company systems."

Although the agency called the Journal's story an "inaccurate portrayal of the work performed at the National Security Agency," it said that due to the highly sensitive nature of its work, it could not confirm or deny specific allegations addressed in the article. As a result, the NSA shared few details on the project.

Specifically referring to it as a contract, the NSA said Perfect Citizen "provides a set of technical solutions that help the agency better understand the threats to national-security networks, which is a critical part of NSA's mission of defending the nation." The Journal had pinpointed Raytheon as the recipient of the initial phase of the contract in a deal worth up to $100 million, though neither the NSA nor Raytheon would confirm that report, according to Reuters.

As described in the Journal, the project has reportedly triggered mixed reactions, with some eyeing it as an effort by the NSA to intrude into domestic affairs and others seeing it as an important step in combating cyberattacks.

Addressing those allegations in the statement, Emmel said "any suggestions that there are illegal or invasive domestic activities associated with this contracted effort are simply not true. We strictly adhere to both the spirit and the letter of U.S. laws and regulations."

Whether Perfect Citizen is a monitoring system, as reported by the Journal, or a simply an R&D contract, as defined by the NSA, the threat of cyberattacks against the United States remains real. Security experts both inside and outside the beltway have long been warning that a serious cyberattack against the nation's infrastructure could do significant damage.

Although cybersecurity has been on the government's agenda for the past few years, many believe that the United States remains highly vulnerable and still has much work to do to shore up its cyberdefenses.

http://news.cnet.com/8301-1009_3-2001015...s-Security

Maybe if critical systems like water treatment and power distribution were not (intentionally?) linked to computers and internet systems, this wouldn't be an issue?

[h3rm35]

I don't think they were expecting the press they got... this kind of took them by surprise.

It's heartening to know that they'd even release something like that. It means they didn't have any idea that people were paying attention to the Orwellian bullshit that they're attempting to perpetrate. They'll keep a tighter lid on this stuff in the future, I guess, and I feel sorry for whoever leaked the info in the first place... Raytheon's taking their security VERY SERIOUSLY around this topic... they gave my brother an ultimatum, who was hired due to an overall lack of interest and availability, to head recruitment and administrate the training program for one of their non-combat departments - no one else was willing to do it without the equivalent of combat pay, and they were willing to threaten him with termination.

This is a big deal.

[FastTadpole]

Look out ... this could create a rat society where we could get people calling up NSA's CYBERCOM division and reporting people that say not nice things to the CYBER police!



.. but it's all to protect the kids.

[h3rm35]

pertinent stuff starts @ ~2:50 and check out around 3:27 in particular


its a good film - about the beast that is corporate media.
worth a watch if you haven't seen it yet.

[h3rm35]

Highly Dangerous Zero-day Windows Trojan Targets Espionage
By Ms. Smith
Created Jul 19 2010 - 12:29pm

[1]There is a new vicious rootkit-level malware infection targeting critical infrastructure and aimed at corporate or government espionage. It often enters the enterprise through USB sticks. Finnish security company F-Secure advised [2] that the current malware is very dangerous and poses, "a risk of virus epidemic at the current moment." F-Secure further warns [3] that this is an espionage attack using LNK (*.LNK) shortcut files. All Windows operating systems are vulnerable, even Windows 7, though F-Secure says it has added detection modules for these rootkits to its own anti-malware products. Problem is, once it added the detection module, it started discovering infections all over the world, and the hole that the virus exploits remains unfixed. Because this is a rootkit infection, the virus bypasses security mechanisms [4]. From regular Joes to enterprises, this spy rootkit is in the wild and spreading infection.

Like hackers sniffing out sweets and set loose in a candy store, the very dangerous threat may prove too juicy of a target not to be widely exploited. The data stealing malware in the wild is meant to infiltrate systems, weaponized software aimed at critical infrastructure systems, perhaps with the magnitude of destruction that security researchers have warned is coming for years.

VirusBlokAda [2], an anti-virus company based in Belarus, discovered the malicious software that piggybacks on USB storage devices and exploits the way Windows processes shortcut files. Although it’s mainly being distributed by USB drives, it can also be transferred over shared networks when a user browses affected shortcuts in removable media or WebDAV share. It doesn't require administrative privilege to run. In an enterprise environment, users often execute files from network shares as standard operations and many organizations rely on SharePoint.

Sophos senior technology consultant Graham Cluley said [5], "This waltzes around autorun disable. Simply viewing the icon will run the malware." Windows Explorer executes the malicious file, a rootkit and a dropper, even if the location of the shortcut is simply browsed to, allowing the process to execute as if retrieving an icon. The malware hides itself immediately after the system has been infected by using drivers digitally signed by Realtek Semiconductor Corporation.

Microsoft released a security advisory [6], publicly addressing this Windows Shell vulnerability. It's a serious enough threat that Microsoft urges [7] anyone who believes to have been affected "to contact the national law enforcement agency in their country." Microsoft Malware Protection Center wrote [8], "Specifically, it takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system. In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction. We anticipate other malware authors taking advantage of this technique."

Microsoft has offered suggested workarounds. Though some security experts believe that the workarounds, which require disabling certain services [9], may cause an enterprise a lot of trouble, particularly for SharePoint users.

Independent researcher Frank Boldewin discovered that the malware targets SCADA control systems used to control industrial machinery in power plants and factories, and specifically Siemens WinCC SCADA systems. Boldewin wrote [10], "Looks like this malware was made for espionage."

Why would someone want to infiltrate a SCADA system? According to Wesley McGrew [11], "There may be money in it. Maybe you take over a SCADA system and you hold it hostage for money."

According to Krebs on Security [12], Jerry Bryant, a group manager of response communications at Microsoft stated that "When we have completed our investigations we will take appropriate action to protect users and the Internet ecosystem."

Although right now the attacks seem targeted, the attempt to infect new machines has increased. MMPC blogged [8], "In addition to these attack attempts, about 13% of the detections we’ve witnessed appear to be email exchange or downloads of sample files from hacker sites. Some of these detections have been picked up in packages that supposedly contain game cheats (judging by the name of the file)."

While security researchers are making educated guesses that this trojan was made for espionage, worms that use USB propagation vector may be best suited to attack isolated or air-gapped systems. If you recall, the DoD found this out [13] in late 2008 before banning thumb drives, CDs, flash media cards, and all other removable data storage devices to prevent a worm assault from spreading any further in its network.

Although NSA spokeswoman Judith Emmel, denied [14] there is any monitoring activities on utility companies [15] and called on the public to trust the NSA’s adherence to the law, will this new vicious malware aimed at utilities and factories and power plants issue broader allowances for NSA's Perfect Citizen?

MMPC writes [8], "We have multiple signatures that detect this threat for customers using Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform. In addition to using antimalware technology, MSRC has released an advisory [6] with work-around details."

Source URL: http://www.networkworld.com/community/bl...r-nsas-per

Links:
[1] http://img11.nnm.ru/7/1/c/4/c/0c3ae61973...0_prev.jpg
[2] http://www.f-secure.com/weblog/archives/...kit_en.pdf
[3] http://www.f-secure.com/weblog/archives/00001986.html
[4] http://www.sophos.com/blogs/chetw/g/2010...s-systems/
[5] http://www.zdnet.co.uk/news/security/201...-40089564/
[6] http://www.microsoft.com/technet/securit...86198.mspx
[7] http://blogs.technet.com/b/msrc/archive/...eased.aspx
[8] http://blogs.technet.com/b/mmpc/archive/...sting.aspx
[9] http://www.networkworld.com/news/2010/07...-goes.html
[10] http://www.wilderssecurity.com/showpost....stcount=22
[11] http://www.networkworld.com/news/2010/07...trial.html
[12] http://krebsonsecurity.com/2010/07/exper...tcut-flaw/
[13] http://www.networkworld.com/news/2008/11...-worm.html
[14] http://online.wsj.com/article/SB10001424...63108.html
[15] http://www.wired.com/threatlevel/2010/07...en-denial/
[16] http://www.networkworld.com/community/pr...863?page=1

[FastTadpole]

Homeland Security is another arm of this monitoring operation. The practice is being disclosed overtly but only naming selected sources. Many of these sources are within arms length of intelligence agencies anyways and are a clever way to prop up, promote and legitimize straw men and have the appearance for those outside these circles to be led to believe in a false level of transparency.

Fact is the entire internet is monitored and flagged. The only variable we're not sure how deep they go to search out and follow up on this information, and how it may be skewed or censored depending on where you are viewing it (maybe even custom tailored disinfo, custom advertising already is) or what is presented when searching for it. The fact sites are being shut down and entire protocols and points of exchange like bittorrent and bloggers (taxes, RealID ..) are being tapered off leads one to believe there is a desire for more control for whatever purpose.

It's hard to trust information and how it is framed and cherry picked. We must look at it for what it is and try to share it with others to give the full perspective. The best way to do so is through personal human contact to relay our personal experiences. There has to be trust to counter the negative sceptical view many of us here have otherwise how are we to build common relations and collaborate work towards mutually beneficial goals.

Quote:Department of Homeland Security Monitors Public Intelligence
5 May 2010
Public Intelligence

Under the “BP Oil Spill Response Social Media Event Monitoring Initiative” the Department of Homeland Security’s National Operations Center (NOC) monitors “publicly available online forums, blogs, public websites, and message boards” in order to provide “situational awareness and establish a common operating picture for the federal government, and for those state, local, and tribal governments, as appropriate, assisting with the security, safety, and emergency response associated with the oil spill”. According to a “Privacy Impact Assessment” from April 29, 2010 available on the DHS website, Public Intelligence is included in the list of sites monitored by NOC analysts.

In February, Wired.com’s Danger Room blog reported that a similar assessment for the “2010 Winter Olympics Social Media Event Monitoring Initiative” listed Wikileaks, Cryptome, along with a number of mainstream news sites. Many of these sites are not listed in the latest assessment, however, Danger Room is included in both assessments.

   

http://publicintelligence.net/department...elligence/

We also have a publicly disclosed financial arm of the CIA (In-Q-Tel) involved in the spectrum. This is not to mention private firms, freelance information mercenaries worldwide, government / corporate insiders and infiltrators and other intelligence agencies, many of whom are above the law. The net is wide and largely unchecked. This article deals with the fairly obvious practice monitoring of social media and forums such as ConCen. This cannot detract from out pursuit of truths though to present us a clearer picture of reality.

Quote:U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets
By Noah Shachtman
October 19, 2009

America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon.

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

Visible crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords.

“That’s kind of the basic step — get in and monitor,” says company senior vice president Blake Cahill.

Then Visible “scores” each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (“Trying to determine who really matters,” as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface.

In-Q-Tel says it wants Visible to keep track of foreign social media, and give spooks “early-warning detection on how issues are playing internationally,” spokesperson Donald Tighe tells Danger Room.

Of course, such a tool can also be pointed inward, at domestic bloggers or tweeters. Visible already keeps tabs on web 2.0 sites for Dell, AT&T and Verizon. For Microsoft, the company is monitoring the buzz on its Windows 7 rollout. For Spam-maker Hormel, Visible is tracking animal-right activists’ online campaigns against the company.

“Anything that is out in the open is fair game for collection,” says Steven Aftergood, who tracks intelligence issues at the Federation of American Scientists. But “even if information is openly gathered by intelligence agencies it would still be problematic if it were used for unauthorized domestic investigations or operations. Intelligence agencies or employees might be tempted to use the tools at their disposal to compile information on political figures, critics, journalists or others, and to exploit such information for political advantage. That is not permissible even if all of the information in question is technically ‘open source.’”

http://www.wired.com/dangerroom/2009/10/...ring-firm/

[FastTadpole]

More fuel for the fire for ramping up the CYBERCOM initiative. At least they are not trying to tie this in with an Anonymous action.

Quote:US water facility 'was shut down by hackers'
12:09AM GMT 21 Nov 2011
US federal investigators are looking into a report that hackers managed to remotely shut down a utility's water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.

The Nov. 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.

The attackers obtained access to the network of a water utility in a rural community west of the state capital Springfield with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers. He said that the same group may have attacked other industrial targets or be planning strikes using credentials stolen from the same software maker.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.

"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

Cyber security experts said that the reported attack highlights the risk that attackers can break into what is known as Supervisory Control and Data Acquisition (SCADA) systems. They are highly specialised computer systems that control critical infrastructure – from water treatment facilities, chemicals plants and nuclear reactors to gas pipelines, dams and switches on train lines.

The issue of securing SCADA systems from cyber attacks made international headlines last year after the mysterious Stuxnet virus attacked a centrifuge at a uranium enrichment facility in Iran. Many experts say that was a major setback for Iran's nuclear weapon's program and attribute the attack to the United States and Israel.

In 2007, researchers at the U.S. government's Idaho National Laboratories identified a vulnerability in the electric grid, demonstrating how much damage a cyber attack could inflict on a large diesel generator.

Lani Kass, who retired in September as senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said the United States should take the possibility of a cyber attack seriously.

"The going in hypothesis is always that it's just an incident or coincidence. And if every incident is seen in isolation, it's hard – if not impossible – to discern a pattern or connect the dots," Kass told Reuters.

"Failure to connect the dots led us to be surprised on 9/11," she said, describing the Sept. 11, 2001 hijacking attacks as a prime example in which authorities dismissed indicators of an impending disaster and were caught unaware.

Representative Jim Lanvevin, a Democrat from Rhode Island, said that the report of the attack highlighted the need to pass legislation to improve cyber security of the U.S. critical infrastructure.

"The stakes are too high for us to fail, and our citizens will be the ones to suffer the consequences of our inaction," he said in a statement.

Several media reports identified the location of the attack as Springfield. City officials said that was inaccurate.

Don Craven, a lawyer and a trustee for the Curran-Gardner Township Public Water District, said late on Friday that the small water utility was aware that "something happened" but that he did not have much information on the matter.

"We are aware there may have been a successful or unsuccessful attempt to hack into the system," Craven said by telephone from his Springfield, Illinois, office.

"It came through a software system that's used to remotely access the pumps," he said. "A pump is burned out."

The district serves some 2,200 customers in a rural district West of Springfield. He said there was no interruption in service as the utility operates multiple pumps and wells. Its water comes from an aquifer underneath the Sangamon River.

Craven said he did not know what software at the utility was involved but said he was confident that no customer records were compromised. He said he was mystified as to the reason hackers might have targeted the tiny district.

The general manager of the utility has not returned messages.

Quoting from the one-page report, Weiss said it was not yet clear whether other networks had been hacked as a result of the breach at the U.S. software maker.

He said the manufacturer of that software keeps login credentials to the networks of its customers so that its staff can help them support those systems.

"An information technology services and computer repair company checked the computer logs of the system and determined the computer had been hacked into from a computer located in Russia," Weiss quoting from the report in a telephone interview with Reuters.

Workers at the targeted utility in central Illinois on Nov. 8 noticed problems with SCADA systems which manages the water supply system, and discovered that a water pump had been damaged, said Weiss, managing partner of Applied Control Solutions in Cupertino, California.

Also from the Telegraph:

Japan parliament hit by China-based cyber attack 25 Oct 2011
A history of major cyber attacks 20 Sep 2011

http://www.telegraph.co.uk/technology/ne...ckers.html

Why have these systems connected to the internet? Closed systems for vital infrastructure anyone? Seems rigged to fail like nuclear but for a entirely different agenda. We could see further attacks a symptom of inherent two way communication in the hastily installed smart grid (++link).

[Dunamis]

Not that it was true anyway...

Quote:Federal officials find no proof of cyberattack on water pump in Illinois
By Ellen Nakashima, Thursday, November 24, 12:05 AM
The Washington Post

Federal officials said Wednesday they have found no evidence to support an initial state report that foreign hackers caused a pump at an Illinois water plant to fail this month.

The preliminary report, collected by a statewide terrorist intelligence center in Illinois, had said that a Russian hacker had taken control of the operating system at the water plant in Springfield. The pump turned on and off repeatedly, burning out the motor, the report said.

Security expert Joe Weiss obtained the report and read it to The Washington Post. If confirmed, the incident would have been the first report of a cyber­attack causing physical damage to a water system in the United States.

But the Department of Homeland Security and the FBI said they could not confirm reports of a cyber­attack. DHS spokesman Chris Ortman called the Illinois state report nothing more than “raw, unconfirmed data.”

He said that the federal investigation also could not confirm the report’s claim that hackers broke into a software company’s database and retrieved user names and passwords, which enabled access to the water plant system.

“In addition,” Ortman said, “DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported.”

Officials from the state intelligence center did not return phone calls seeking comment Wednesday.

Weiss said that federal officials were seeking a degree of proof impractical for such a cyberattack. The control system at the Illinois plant probably does not log signals sent to the water pumps and, as a result, would contain no data on who might have gained access to the system, he said. “Control systems don’t have that kind of logging.”

The pump was having problems, Don Craven, a trustee on the Curran-Gardner water board, said in a phone interview. “We noticed some glitches,” Craven said. The district passed the information to the state Environmental Protection Agency, he said.

Craven said the board later saw a report — he did not recall from which agency — that “came to the conclusion that somebody had hacked into the system.”

Robert Green, another water board member, said that the water district manager told him “there were some intrusions.”

“They think some people hacked it, but they weren’t in long enough to do anything,” he said.

Green said that there were some glitches with the pump. “But was it the pump,” he said, “or was it a hacker, or was it something that went wrong in the [control] system, too?”

Source: http://www.washingtonpost.com/world/nati...story.html

...this is simply more evidence that certain departments and individuals are seeking to use any situation possible to further their goal of rolling out the most advanced control and "monitoring" system ever conceived. Adding this to all the other things going on, it already surpasses Orwells expectations...by far. At times it's almost as if the internet has been hijacked (and if so, probably very early on) to further the globalist, one world agenda.

[FastTadpole]

You beat me to posting this follow-up Dunamis. Thanks.

[FastTadpole]

Quote:NSA Whistle-Blower Tells All - Op-Docs -"Stellar Wind" collects Data from ALL Americans




Published on 11 Sep 2012 by connectingdots2

http://www.connectingdots1.com - Published on Aug 29, 2012 by The New York Times

The filmmaker Laura Poitras profiles William Binney, a 32-year veteran of the National Security Agency who helped design a top-secret program he says is broadly collecting Americans' personal data.

Related Article: http://nyti.ms/STdGJz

https://www.youtube.com/watch?v=hg269ARu-0k

Quote:William Binney about the NSA




Published on 11 Jun 2012 by radio24

William Binney worked almost 40 years at the NSA, and was at the end of the function of the technical director of the "World Geopolitical and Military Analysis Reporting Group" of the NSA. When he discovered that the NSA abhörte U.S. citizen, she could not legally, he announced. He was the main source for the detailed and excellent article by James Bamford: "The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)".

On 20 April 2012 gave a short Binney Democracy Now exclusive interview.
More information: http://www.offiziere.ch/?p=8380

https://www.youtube.com/watch?v=rO8BZXleiYE

Playlist on YouTube: https://www.youtube.com/watch?v=hg269ARu...Zl4f-6qU-P

Related:

ABC News on Israeli "art students" in Utah ...
http://concen.org/forum/showthread.php?tid=35158

Court Rules Against NSA's Illegal Spying, Illegal NSA Spying Continues
http://concen.org/forum/showthread.php?tid=32432

NSA to oversee government internet traffic
http://concen.org/forum/showthread.php?tid=2371

NSA offering 'billions' for Skype eavesdrop solution
http://concen.org/forum/showthread.php?tid=4815

Even Congress Wants To Know What The NSA Is Doing With This $2 Billion Spy Center
http://concen.org/forum/showthread.php?tid=45282

Lone Democratic(!)Senator Blocks Renewal of NSA Wiretap Program
http://concen.org/forum/showthread.php?tid=46087

NSA
http://concen.org/forum/showthread.php?tid=2294

SSL, Firewalls, Email Owned by NSA
http://concen.org/forum/showthread.php?tid=11853

Don't Work For The NSA
http://concen.org/forum/showthread.php?tid=10958

Microsoft: No NSA Backdoor in Windows 7
http://concen.org/forum/showthread.php?tid=30486

Is the NSA Using Optical/Quantum Processors?
http://concen.org/forum/showthread.php?tid=11814

NSA's Domestic Spying Grows
http://concen.org/forum/showthread.php?tid=10092

Cut Fiber Cable Solved - Advanced NSA Monitoring Operation
http://concen.org/forum/showthread.php?tid=10569

NSA's Electronic Surveillance to Be Revealed
http://concen.org/forum/showthread.php?tid=13282

Get your FBI file — and your NSA and CIA files too, while you’re at it
http://concen.org/forum/showthread.php?tid=13684

AT&T/NSA Domestic Spying Program?
http://concen.org/forum/showthread.php?tid=16322

How NSA & FBI Can Spy on You Through Cable TV
http://concen.org/forum/showthread.php?tid=16423

iPhone: NSA iSnoop Device?
http://concen.org/forum/showthread.php?tid=17190

NSA Linux distro
http://concen.org/forum/showthread.php?tid=17412

Narus, The NSA And The Internet Surveillance System
http://concen.org/forum/showthread.php?tid=18447

Help Making A FOIA Request To The NSA
http://concen.org/forum/showthread.php?tid=18576

NSA Rolls With Tech Changes To Keep Spying
http://concen.org/forum/showthread.php?tid=18799

NSA Helped Microsoft Build Vista
http://concen.org/forum/showthread.php?tid=24315

Nightline Show: Nsa Busted For Spying On Citizens
http://concen.org/forum/showthread.php?tid=21861

Cook - Big Brother & NSA Its Little Brothers - National Security Agency's Global Survellance Network (1998)
http://concen.org/forum/showthread.php?tid=22343
http://concen.org/forum/showthread.php?tid=21940

Information Operations Roadmap - NSA
http://concen.org/forum/showthread.php?tid=23478

Alex Jones - NSA & Google Are NWO Spies
http://concen.org/forum/showthread.php?tid=26296

New NSA Bill Makes Patriot Act Look Weak
http://concen.org/forum/showthread.php?tid=28758

It's Time To Start Talking About NSA Warrantless Surveillance
http://concen.org/forum/showthread.php?tid=29256

Video: O'Reilly Asks If Judge Who Ruled Against NSA Wiretaps Wants Americans To Die
http://concen.org/forum/showthread.php?tid=29651

A Damning Admission: New York Times Concealed NSA Spying Until After 2004 Election (interesting that William Binney was soapboxed by the NYT)
http://concen.org/forum/showthread.php?tid=29706