Monthly Archives: May 2013

With Plan X, the Pentagon tries to turn cyberwarfare into ‘World of Warcraft’

Cyberware

Even as cybersecurity has become a buzzword when discussing national security, there are real questions about how to fit online warfare into a traditional military model. How do you explain a hacking attempt to someone who’s used to dealing in physical warfare? If you’re working on DARPA’s Plan X, you turn it into a video game. Plan X, which first surfaced in 2012, is an effort to make cyberwarfare as comprehensible and easy as firing a gun. “Say you’re playing World of Warcraft, and you’ve got this type of sword, +5 or whatever,” cybersecurity researcher Dan Roelker tells Wired. “You don’t necessarily know what spells were used to create that sword, right? You just know it has these attributes and it helps you in this way. It’s the same type of concept. You don’t need the technical details.”

This year, Plan X is set to enter the first full phase in a four-year program that will cost $110 million. A demo of the interface, however, has been developed with help from the luminary Frog Design and illustration company Massive Black, which has worked on BioShock, Transformers, and more. The gaming metaphor pervades every aspect of the project: one of Massive Black’s ideas was a “playbook” full of attack templates that could be launched with the press of a button, something Roelker compares to a Madden NFL option. The demo even includes RPG-style action points, encouraging fighters to conserve resources: “Maybe we spent $5 million building X, and if we use it, there’s a 50% chance we might lose it,” says Roelker, describing a cyberweapon that would have a higher point count.

“Say you’re playing ‘World of Warcraft,’ and you’ve got this type of sword, +5 or whatever.”

At this point, however, the interface isn’t tied to any real cyberwarfare system. “Battle units” might include denial of service attacks or rootkits, but Plan X won’t research new exploits — it’s focused on finding a way to make existing tools comprehensible to outsiders, allowing them to navigate a physical version of cyberspace on a massive touch table and select “nodes” to attack. At times, it’s not even clear whether the metaphors will stretch to cover reality. Can diverse and often highly tailored computer-based attacks be distilled into something from Uplink or Hackers? And will the visualization system be good for more than letting non-technical officers feel like they’re still in control?

The broader question is whether the game metaphor is an appropriate one for warfare. The interface described by Wired, which was able to see a demonstration, is largely full of placeholders, with fanciful weapon and plan names like “Angry Squirrel” or “Blanket Swarm.” And the real version likely won’t be a game any more than a tactical map covered in tokens is. But the constant metaphors are unsettling, as are the clear attempts to visually evoke a Hollywood movie or a hacking minigame. Unlike a “gamified” drone system, cyberwarfare doesn’t involve actual violence. But as officials warn the public about dire harm from foreign cyberattacks, there’s value in remembering that games often are so much fun precisely because they turn messy problems into neat, abstract puzzles.

Retrieved for The Verge

Chinese hackers reportedly steal advanced U.S. weapons system designs

The designs for over two dozen advanced U.S. weapon systems, including missile defenses, combat aircraft and ships, were reportedly accessed by Chinese hackers.The systems were listed in a previously undisclosed section of a report prepared for government, defense industry and Pentagon officials by the Defense Science Board (DSB), a committee of experts that advises the U.S. Department of Defense on technical and scientific matters, the Washington Post reported Monday.

“DoD and its contractor base have already sustained staggering losses of system design information incorporating decades of combat knowledge and experience that provide adversaries insight to technical designs and system use,” the advisory group said in a public version of the report released in January that covers the findings of an 18-month study into the resilience of military systems against advanced cyber threats.

Among the designs documents obtained by hackers were those for missile defense systems, including the PAC-3 Patriot missile system, the Terminal High Altitude Area Defense (THAAD) system and the U.S. Navy’s Aegis ballistic-missile defense system, according to the Washington Post, which obtained a copy of the previously undisclosed report section.

System designs related to the F/A-18 fighter jet, the F-35 multirole combat aircraft, the V-22 Osprey aircraft, the Black Hawk helicopter and the Navy’s Littoral Combat Ship (LCS) class of vessels were also among those listed in the breach report.

The DSB did not indicate when and where the data breaches occurred or who was behind them. However, according to the Washington Post, unnamed senior military and defense industry officials familiar with the breaches said that most of them were the result of Chinese cyberespionage efforts against defense contractors.

During the past year, U.S. government officials have been increasingly vocal about China being responsible for cyberattacks that resulted in the theft of intellectual property and other sensitive information from U.S. companies and government agencies. In a report released this month, the DOD said that last year “numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military.”

The Chinese government has repeatedly denied its involvement in cyberespionage and dismissed such accusations as baseless.

In the public version of its report, the DSB described the cyber threat as serious and said that in some ways its consequences are similar to those of the nuclear threat of the Cold War.

The DOD’s actions to combat this threat are numerous, but fragmented, so the Department is not yet prepared to defend against it, the DSB said. “It will take years for the Department to build an effective response to the cyber threat to include elements of deterrence, mission assurance and offensive cyber capabilities.”

Retrieved from PC World

Attacking the attackers: Can active cyber defense stay within the rules?

 

Exploded dye pack in stolen bank money

The growing number of cyberattacks on U.S. networks and infrastructure is prompting calls for a more aggressive response, particularly for those attacks involving espionage and the theft of intellectual property.

And in at least one case, more forceful responses could become policy. The Joint Chiefs of Staff is about to OK new standing rules of engagement (SROE) that would allow the military to strike back at attackers without, as it does now, first getting approval from the National Security Council, according to a report in Defense News.

The new rules, in the works since 2010, signal a more aggressive stance that military sources say is essential to combatting attackers in the cyber domain, the report said. But because the SROE is classified, there were no details on what steps military commands could take.

Meanwhile, an independent commission studying the theft of U.S. intellectual property, considered among the biggest cyber threats, is recommending a couple specific steps — that companies and organizations essentially steal back stolen files and develop other ways to prevent information from being taken in the first place.

The Commission on the Theft of American Intellectual Property, a panel co-chaired by former Ambassador to China Jon Huntsman Jr. and former Director of National Intelligence Dennis Blair, and including former Deputy Defense Secretary William Lynn III, said in a report that: “Without damaging the intruder’s own network, companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information.”

The commission says that files can be protected by meta-tagging, beaconing and digital watermarking techniques, which could alert organizations if files had been taken from an authorized network and potentially allow those organizations to find where they’ve gone.

The report also suggests writing software that not only prevents an authorized user from opening a file, but which could lock down the thief’s computer, leaving him with instructions on how to contact law enforcement agencies to unlock the account. The idea is to make stealing information more trouble than it’s worth.

“Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved,” the report says.

The report’s reference to existing Internet laws underscores the ongoing debate over offensive cyber defense, which many security experts say could do more harm than good. Conducting cyberattacks is illegal, and even an attack to retrieve stolen intellectual property or pursue a cyber criminal is complicated by the problem of attribution. Because IP addresses can be spoofed and attacks can be routed through botnets or other servers, it’s difficult to know exactly who is behind an attack. An aggressive response to a cyberattack could wind up wounding innocent third parties.

While acknowledging that some active cyber defense tactics are currently against the law — the report  mentions, without recommending, tactics such as photographing a hacker with his PC’s camera, infecting his network or destroying his computer — the commission argues that a new approach is needed. The report estimates annual loses of U.S. intellectual property to be comparable to $300 billion, the level of annual U.S. exports to Asia. The authors attribute between 50 percent and 80 percent of the thefts to China.

And although the commission report concentrates on U.S. commercial interests, its concerns extend to government systems. Many of the most targeted industries involve government contractors and critical infrastructure, and agencies have long been a target of foreign hackers.

Most recently, the Washington Post, citing a confidential report prepared for the Pentagon, said that Chinese hackers had compromised designs for some of the U.S. military’s most sophisticated weapons, including missile defense systems, the F/A-18 fighter jet, V-22 Osprey, the Black Hawk helicopter, the Navy’s Littoral Combat Ship and the F-35 Joint Strike Fighter.

The commission’s report concludes that defensive measures have not kept pace with attacks. “Almost all the advantages are on the side of the hacker; the current situation is not sustainable,” the authors write. “Moreover, as has been shown above, entirely defensive measures are likely to continue to become increasingly expensive and decreasingly effective, while being unlikely to change the cost-benefit calculus of targeted hackers.”

retrieved from GCN

The coming data tsunami: mobile networks to carry 1,000 times more data 10 years from now

Data ones and zeros

The exponential growth of technology, first noticed by Intel’s Gordon E. Moore and known commonly as Moore’s law, looks like it also applies to the amount of data we create, store, archive and transmit. For mobile carriers and wireless infrastructure creators it is this last category – transmission – that is paramount. A recent panel held at CTIA 2013, a wireless communications trade show, heard from wireless experts including Peggy Johnson, EVP and President of Global Market Development at Qualcomm. During the talk Johnson estimated that within the next 10 years, mobile networks will carry 1,000 times more data than compared to what is used today.

Dubbed as the ‘data tsunami’ it is clear that the wireless industry will need to look at new and interesting ways to transmit all that data. Johnson also estimates that there will be 25 billion connected devices in circulation in the next five years. That is a lot of devices and a lot of data.

We have to stay ahead of it and it’s going to be tough – many devices talking to many people and many objects. Peggy Johnson, EVP at Qualcomm

Fifteen years ago the average phone just made phone calls and sent text messages, today mobile devices – with their touch screens, quad-cores and 3G or 4G LTE connectivity – use huge amounts of data for video calls, video streaming, photos, mapping, navigation and online gaming. It looks like this trend isn’t heading for a down turn any time soon. As both devices and the networks improve, new services will appear that use those improvements and existing services will be enhanced with greater quality.  Historically this can be seen with the improvements in the quality of video streaming services, today HD is increasingly the norm and the latest generation of flagship phones all have HD screens.

There is a worry in the mobile industry about handling all this data. Although the bandwidth issues could be partially solved by using more spectrum, 1,000 times more data is a huge amount and soon mere hardware optimizations won’t be able to provide sufficient increases in data capacity.

One way forward is to reduce the size of mobile network cells. A cell is the area covered by one radio tower. All the devices in that cell send and receive data via that fixed radio mast. As a user moves to another physical location the next nearest cell is used and so on. By reducing the size of the cells (meaning there are more of them, each covering a smaller area and a smaller number of users) each cell can handle a greater amount of data.

Whatever the technology solution it seems that our appetite for data isn’t about to be satiated

Retrieved from Somedroid

Apple Pumping More Money Into Lobbying

houseofcards

Apple has never had much of a profile inside the Beltway. It shuttered its big government affairs office in Washington, D.C., in the late ’90s and since that time hasn’t had much of a presence in the nation’s capital.

But now, as it finds itself under increasing scrutiny for its business practices and tax policies, the company is ramping up its Washington lobbying efforts.

In 2012, Apple spent $1,970,000 on lobbying, according to Open Secrets. This year, Reuters reports, it’s on track to spend double that. So, close to $4 million.

That’s not a massive lobbying expenditure; certainly it pales in comparison to those of rivals like Google and Microsoft, which doled out $18 million and $8 million, respectively. But it’s high for Apple, which a decade ago spent a little more than half a million dollars on lobbying. And it reflects a renewed effort to make its voice heard by D.C. policymakers, one that began in early 2011 with the hiring of Fierce, Isakowitz & Blalock, a formidable lobbying firm with a number of executives who did stints in the Bush administration and the Republican National Committee.

Not at all surprising, given Apple CEO Tim Cook’s calls this week for a “dramatic simplification” of U.S. tax code that should eliminate corporate tax expenditures, lower overall tax rates, and make it easier to repatriate funds from overseas. If Apple truly wants a corporate tax rate in the “mid-20s” and a single-digit repatriation rate, as Cook said, it’s going to have to fight for them in Washington.

Retrieved from AllthingsD

GNC Nasa

NASA could take 3D food printing to Mars, and beyond

NASA is interested in this because the substrate used by the printer could be stored as a dry powder. So there might be one tube for the printer filled with sugar, another with protein powder, another with specific dried foods and several with flavoring ingredients. Stored in the right conditions, the raw materials, the stuff the printer needs to make food, might be good for 30 years.

In its proposal summary, NASA says the idea is to “test a complete nutritional system for long duration missions beyond low Earth orbit,” which, theoretically at least, could include an eventual manned mission to Mars. NASA also notes that a successful 3D food printer also could be used by the military, providing optimal nutrition to warfighters while cutting down on logistical challenges and waste.

Printing out a food item on the printer, anything from a hot dog to a chocolate cake, would simply be a two-fold process. First, the powdered fuel would need to be reconstituted with the right amount of water and in the right ratios. Apparently the food can be baked as its being reconstituted.

Then it would need to be sprayed out of the nozzle in a pattern to shape the food item into whatever it’s supposed to look like, or at least into something edible. That second part is almost no different than how other 3D printers work when building a model from a CAD file out of ABS plastic or harder substrates. In this case, you just eat the finished product.

NASA struggles with how to keep astronauts alive in space, but also how to keep them happy. Eating the type of food one might pack for a long campout would get very old after a few weeks. Eating the same thing for years on end might be maddening. So a machine that can prepare different kinds of food and still maintain a nutritional balance has a lot of appeal. In fact, pizza is on NASA’s early menu, because it’s made in layers, which would be conducive to printing. It would depend on the quality of the ingredients, but it would probably be no worse than eating at most cafeterias.

On a large scale, NASA and Contractor envision food printers helping to end hunger around the world. NASA’s summary notes that the world’s population is expected to reach 12 billion by the end of the century, and that effective 3D printing of food, “may avoid food shortage, inflation, starvation, famine and even food wars.”

Contractor told Quartz that if a cheap food base, the tubes of fuel and flavoring, could be loaded up and printed out in homes, it not only would it eliminate waste, but go a long way toward stopping hunger too. Though it might take some getting used to, the current unchecked population boom might create a real need for something like a food printer.

“I think, and many economists think, that current food systems can’t supply 12 billion people sufficiently,” Contractor told Quartz. “So we eventually have to change our perception of what we see as food.”

Contractor says he will keep the software that drives his food printer open-source — his design uses the RepRap open-source printer — so that people can look at the code, see how the machine works and create their own food recipes.

I don’t think Contractor’s vision of our food future is all that bad. I’d really like to be able to print out a nice dinner without having to fire up the stove or head out to the store, other than to occasionally refill my food printer’s bins. As long as I can create potato chips along with all the healthy fare, I think I’ll be happy. Oh, and a cup of hot Earl Grey tea would be lovely too, if that’s not too much to ask.

Retrieved from GNC

Verizon Cloud backup app now on iOS

Verizon Cloud iOS app

Following a limited release on Android last month, Verizon’s Cloud app is now available on iOS. The app will let you back up your photos and videos to cloud storage, as well as facilitate access to contacts, documents, and music you’ve stored in the cloud via your PC. Additionally, if you’re already using Verizon’s Backup Assistant or Assistant Plus services, all your content will be available through the new app.

Due to the nature of iOS, Cloud isn’t quite as full-featured as its Android counterpart, which also backs up text messages, call logs, and contacts. You will get the same 500MB of storage for free, though, and Verizon will happily sell you more storage at monthly prices ranging from $2.99 (25GB) to $9.99 (125GB). Separately, Verizon also updated the Android version of Cloud to support the newly released Galaxy S4 yesterday. If you’re not already signed up for Dropbox, Google Drive, SkyDrive, SugarSync, Box, or Apple’s iCloud service — or if you’d just like to try out something new — you can find the Cloud app in the App Store.

Retrieved from  The Verge

SAP cloud chief Lars Dalgaard steps down as company consolidates development

SAP

SAP, the legacy business software behemoth that is now definitely, totally, 100 percent A Cloud Company,  just lost the man who made it so. Lars Dalgaard, who joined SAP when the German-U.S. giant bought his company, SuccessFactors, in late 2011, has quit to become an investor. He will stay on as a cloud advisor to SAP, however.

The news came out Friday as part of a flurry of SAP announcements. Another of those also relates to a departure – that of human resources chief Luisa Delgado, whose responsibilities will be taken on by CFO Werner Brandt – but the big non-quitting-related news is that SAP is consolidating its business to better reflect its newfound cloudiness.

SAP’s cloud “go-to-market” strategy will now all be under the purview of Bob Calderoni, CEO of Ariba (alongside SuccessFactors, one of SAP’s major cloud buys of the last two years). And development will all be under the control of technology chief Vishal Sikka.

SAP is pitching this new structure as an innovation accelerator, but does it finally signal a streamlining of the company’s sprawling and often confusing portfolio (a condition I like to call IBMitis)? Yes! And no.

As Sikka said on a conference call today:

“We see an opportunity to not only consolidate and streamline the portfolio, but bring incredible efforts… to transform that in the power of the cloud. We will get into areas that are truly unprecedented – applications for new industries that weren’t possible before [such as] healthcare, banking, oil and energy.”

Which is nice, but – as co-CEO Jim Hagemann Snabe chipped in – SAP has “a lot of commitments” to its existing customers too, and “we’re a company that stands by our commitments.” This may mean we should expect some redundancy within the portfolio to continue for a while yet, in order to keep those with more old-school SAP systems in place happy.

As for SAP’s ongoing cloud strategy, co-CEO Bill McDermott promised that Dalgaard’s exit would lead to “zero business disruption”:

“Our cloud DNA is now embedded across 65,000 minds and hearts and it’s become the soul of SAP. While it’s nice to have one evangelist for the cloud, it’s even better to have 65,000.

“Lars took us from $20 million in terms of revenue to a $1 billion run rate in the cloud. Now it’s about scale because everything is cloud. No other company has gone through this transition so fast – it literally happened in 12-15 months under his leadership.”

McDermott added that Dalgaard had been having “open conversations” with him and Hagemann Snabe for some time about his plans to downgrade his role to that of advisor. “This is the nicest balance he could find in his personal life and we were happy to accommodate him because we think the world of the guy,” he said.

Speaking of SAP’s thorough cloudiness, the company also announced on Thursday that it would deliver its products – including, of course, those on the in-memory HANA platform — on VMware’s newly-re-announced vCloud Hybrid Service IaaS platform, as well as vCloud Suite. This will allow for fully managed services on-premise, in the cloud and in hybrid deployments.

Retrieved from Gigaom

Citrix Receiver now supports Android smart-card authentication

Citrix Receiver with BAI CAC readerMany federal agencies have taken steps to begin implementing mobile work environments, though security remains a concern. When GCN last year reviewed the Citrix Receiver software, we found it had good security for in-transit data, but did nothing for securing the endpoint — the mobile device being used by the mobile employee.

That should change now that Citrix has announced that Citrix Receiver supports the Biometric Associates baiMobile 3000MP Bluetooth Smart Card Reader and the baiMobile 301 USB Smart Card reader. It will enable Common Access Card and Personal Identity Verification holding users to access Citrix applications and virtual desktops via compatible Android devices.

The baiMobile 3000MP Bluetooth Smart Card Reader has been approved by the Defense Information Systems Agency for use in the Defense Department and meets both the National Security Agency and DISA requirements for secure Bluetooth communications.

After the card reader pairs to an Android smart phone or tablet via Bluetooth, Citrix Receiver can communicate through the stack to pass the credentials to a Citrix XenDesktop or Citrix XenApp back-end framework and securely authenticate a user via his CAC credentials to a session running safely in the data center. When coupled with Citrix Netscaler to provide FIPS 140-2 Level 2 hardware encryption, every user session is secure, and no resident data remains on the Android device that could potentially compromise security.

“Today’s focus is largely about enabling mobility for the defense sector, and we are in the midst of a powerful convergence of necessity, the need for the defense sector to do more with less and a growing consumer demand for anytime-anywhere connectivity,” said Tom Simmons, area vice president of public sector for Citrix.  “These realities, fueled by important defense policy drivers, such as the DOD Mobile Strategy, are driving new mobile requirements.”

Citrix Receiver can also now be used with other solutions, such as Citrix XenMobile and Citrix CloudGateway, as part of an Enterprise Mobility Management strategy, and feds can gain additional benefits such as enabling mobile thin client computing. When coupled with XenMobile, defense agencies can deploy this Citrix Receiver capability automatically to all Androids in a department with a just a few clicks. It also can fully wipe Citrix Receiver from a “bring your own device” Android should an employee and/or contractor leave the agency.

Users can also connect to remote virtual desktops and applications, while accessing native Android applications from an agency application store when using CloudGateway. That means that CloudGateway can elevate Citrix Receiver from an independent computing architecture client to a comprehensive solution with secure access to native applications, Web, and software-as-a-service applications, and with follow-me data through ShareFile.

As agencies move to mobile computing, CAC and PIV authentication of smart phones and other mobile devices becomes more important. In 2012, Thursby Software released the PKard Reader, the first smart-card authentication reader for iOS devices. The reader, and a free app, are FIPS 140-2 validated, work with CAC, PIV, PIV-Interoperable and Commercial Identity Verification cards, and have been put to use in agencies across government.

Retrieved from GCN

The wide world of hacking in China

The Chinese have been known to be experts at hacking for quite some time. But what might surprise some is that it’s epidemic across the country in all levels of society.

China has been cited as allegedly hacking into U.S. government and corporate networks for years now. Generally, the thinking has been that the government is the only entity in the country actively hacking. But a new report seems to indicate that’s not even close to the truth.

The News York Times on Thursday released a report on hacking across China. The Times found that not only does hacking occur at the highest levels of the government, but that everyone on down from local law enforcement officials to company owners to criminals are using their hacking techniques to take aim at citizens. Companies have even sprung up with the sole purpose of locating “anyone who spreads a rumor on the Internet.”

Surprised? Here are just a few of the ways hacking has unfolded in China:

  • Hacking there reaches all levels. From taking data from foreign governments to spying on competitors to making sure no one is launching rumors against the government, hacking is everywhere.
  • The Ministry of Education, along with China-based universities, sponsor hacking events designed to see who has skills the army might need.
  • Corporations are increasingly turning to freelance hackers to spy on competitors. In fact, it’s a somewhat common practice across the country to find out what others are doing in their respective fields.
  • Local law enforcement officials have no choice but to hire hacking companies. The federal government says that it’s their responsibility to ensure people in their areas are not spreading dissent on the Web.
  • Cybercriminals are obviously getting in on the fun and have been known to easily hack their way into a host of online-gaming services and credit-card databases to score funds.
  • Hacking can be a lucrative job in China. Highly skilled hackers can make $100,000 a year if they team up with the right hacking company.

For its part, China has said that its government is not the hack-happy entity that the U.S. says it is. China has also said that the U.S. and other foreign governments have made attempts to hack into its own systems and networks. It appears, if nothing else, that it’s a hack-centric world out there.

Retrieved from Cnet