Illustration file picture shows a man typing on a computer keyboard in Warsaw

Hacking attack in Canada bears signs of Chinese army unit: expert

OTTAWA/TORONTO (Reuters) – The recent hacking attempt on a sensitive Canadian government computer network is similar to attacks mounted by an elite unit of the Chinese army based in Shanghai, according to a cybersecurity expert.

Canada said on Tuesday “a highly sophisticated Chinese state-sponsored actor” had broken into the National Research Council, a leading body that works with major companies such as aircraft and train maker Bombardier Inc <BBDb.TO>. Beijing on Thursday accused Canada of making irresponsible accusations that lacked credible evidence.

While Canada did not give details of the attack, CrowdStrike Chief Technology Officer Dmitri Alperovitch said it was similar to other hacking campaigns launched by a unit of the People’s Liberation Army that his company has nicknamed ‘Putter Panda.’ The group, Unit 61486, has thousands of people and conducts intelligence on satellite and aerospace industries, he said.

“It certainly looks like one of the actors we track out of China that we’ve seen going after aircraft manufacturers in the past,” Alperovitch said. CrowdStrike is a California-based security technology company.

Ottawa’s public complaint was the first time it had ever identified a suspect in a string of attacks on government and commercial computers.

A former Canadian cabinet minister, Stockwell Day, separately confirmed for the first time on Thursday that Chinese operators were suspected of hacking into the Finance Department and the Treasury Board, a body with overall responsibility for government spending, in 2011.

The Canadian government has never publicly said who it thought was behind the 2011 attacks. Day – who had some responsibility for cyber security when he was in office – said Ottawa suspected those responsible were Chinese.

China’s Foreign Ministry on Friday demanded that Canada “cease making groundless accusations against China”.

“Canada, lacking reliable evidence, has wrongly censured China without any provocation, and this is an irresponsible action,” ministry spokesman Qin Gang said, according to the ministry’s website. “China resolutely opposes this.”

WARNING SHOT

China is Canada’s second most important trading partner after the United States, and bilateral trade is growing. Total Canada-China trade was C$69.8 billion in 2012 and $72.9 billion in 2013, according to official Canadian data.

Although Canada enjoys good relations with China, which it sees as a promising market for crude, the high-profile nature of the latest target, the NRC, may have made it impossible for Ottawa to keep quiet.

“By making it public, it’s a warning shot across the bow, saying ‘We treat this stuff very seriously’,” said Gordon Houlden, a former Canadian diplomat who served for years in Beijing and who heads the University of Alberta’s China Institute.

In May, the United States charged five Chinese military officers and accused them of hacking into American nuclear, metal and solar companies to steal trade secrets. The officers in that case worked for PLA Unit 61398.

“All the action on the part of the U.S. government has opened the flood gates for others to talk,” Alperovitch said.

Canadian Prime Minister Stephen Harper’s office did not respond to a request for comment. Officials from Foreign Minister John Baird’s office declined to comment.

John McDougall, president of the National Research Council, told employees on a conference call on Tuesday that the hackers may have obtained client information and data.

“We know that any information held in our systems – including employees’ personal information – may have been compromised,” he said in the call, a recording of which was posted on CTV television’s website.

The NRC is being forced to set up a new secure computer network which could take up to a year to build.

Day said the NRC network had links to up to 40 other systems.

“If you get inside those cyber walls you are inside the building,” Day told Reuters, saying that once hackers had gained access they could “go down other corridors”.

The Communications Security Establishment, which detected the attack, declined to give further details.

A spokesman said the agency was actively working with the NRC and other government partners “to assess and mitigate this cyber-intrusion event”.

(Additional reporting by Mark Hosenball in Nwe York, Jim Finkle in Boston and Megha Rajagopalan in BEIJING; Editing by Tiffany Wu and Clarence Fernandez)

Malcolm Turnbull says studios should sue individuals.

Sue mum and dad pirates, Malcolm Turnbull tells film studios

Film studios and other content creators should sue “mums and dads and students” who download pirated content online, Communications Minister Malcolm Turnbull says.

Although doing this would be unpopular, he said it would help curb piracy.

Mr Turnbull’s advice on how to tackle online piracy came a day after he said any costs to crack down on it would need to be paid for by the content industry, not internet providers.

“… It is absolutely critical that rights owners have got to be prepared to actually roll their sleeves up and take on individuals,” Mr Turnbull told Sky News in an interview uploaded Thursday evening.

“Being characteristically candid and blunt with you, rights owners are not keen on taking people to court because it doesn’t look good, because it’s bad publicity.

“They have got to be prepared to sue people; sue mums and dads and students who are stealing their content. They can’t expect anyone else to do that for them.”

Mr Turnull said suing some users would make an example of them and therefore reduce piracy.

“The bottom line is …  the rights holders are going to have to be tactical about who they take to court, about who they want to sue,” he said.

“… And what you do as you raise awareness of this – that there is a risk that they could be sued and have to pay for what they have stolen – then the level of infringement and theft will decline.”

But Village Roadshow co-chair Graham Burke said suing individuals wouldn’t work and “would clog up the courts”.

“New Zealand has proven that that is ineffective and also the music industry has had a bad experience [with it],” Mr Burke told Fairfax Media in an interview on Friday.

“New Zealand has graphically demonstrated that with the music industry, after spending a fortune for a small market on lawyers and legal costs, and taking often up to 18 months to go through the court system et cetera.

“We’re either serious about stopping piracy or we’re not.”

In 2009, a US jury ordered a 32-year-old woman to pay $US1.92 million in damages for downloading 24 songs in a high-profile digital piracy case.

Since then, the music industry has gone to extra lengths to makes its content more available online and at an affordable price through streaming sites like Spotify and for download on services like Apple’s iTunes and Google’s Play store.

The music industry has also moved towards global release dates rather than regional ones, which has left people no longer having to wait to legally purchase new music in Australia.

But the movie industry insists on keeping a 120-day window, known as the “piracy window”, between the release of a movie and the time at which it is available on disc or for download.

It says to remove the window would decimate the cinema business and the experience that goes with it. And although the window is coming down to 90 days for some films in Australia, it’s unlikely to ever get to same-day download, according to Mr Burke.

Mr Turnbull and Attorney-General George Brandis on Wednesday released a discussion paper on online copyright infringement containing proposals to tackle the downloading of pirated content.

The paper includes proposals to block overseas websites that host pirated content and to compel internet service providers to stop users illegally downloading movies, television shows and music.

Movie studios, such as Village Roadshow, which has donated more than $4 million to the Liberal and Labor parties since 2008, are also lobbying for a scheme that would include notifications sent to users telling them to stop pirating.

Mr Burke also wants sanctions that slow down a pirate’s download speed if they were found to be pirating more than three times.

But Mr Turnbull said although slowing users down was “being canvassed”, it was not practicable.

“The practical ability to do that is very hard, I have to say,” he said.

“I think it would be met with enormous resistance, both from the public and the industry.”

Despite this, Mr Burke said slowing down of users should be an option.

He also said the fact paedophilia material was often removed or blocked from the internet should mean pirated content should also be removed.

“…  In my view there’s a parallel to paedophilia, of course not as serious, but there’s a parallel to it because there’s no thought of that existing or living on the internet,” Mr Burke said.

Mr Burke added that comments made by Mr Turnbull that the movie industry should adopt a Spotify-like service for movies would not fix the piracy problem as it had not curbed piracy in the music industry.

“There were 2.5 million [Australian music] downloads off Pirate Bay in June alone. People still opt to steal so that is not a solution,” Mr Burke said.

To create a Spotify for movies also wouldn’t work because of the greater cost of creating movies compared to music, he said.

“To say that movies should go out at the same time on Spotify-style price ignores the fact that music is recorded from somewhere from $30,000 to $300,000. Feature films cost anywhere from $5 million to $250 million,” Mr Burke said.

The Cyber Prosecutor Sending Nude-Photo Thieves To Prison

The Cyber Prosecutor Sending Nude-Photo Thieves To Prison

Federal prosecutor Wesley Hsu has been working cybercrime cases for over a decade. Chief of the cyber crime unit at the U.S. Attorneys’ Office in Los Angeles, his initial focus was on helping Hollywood protect its intellectual property and getting justice for companies that had been hacked by ex-employees. But in the last few years, his focus has shifted to a new area: helping stars protect their sexual property. His efforts aren’t limited to celebs. His team of prosecutors have gone after hackers of the hoi polloi as well, with an emphasis on cases that involve the exposure of scandalous selfies and sextortion. They call the crimes “emotional hacking” and the men responsible “cyber terrorists.”

“It’s such a shift as a prosecutor,” says Hsu. “Before, the victim was Visa. Now it’s harmed young women and teen girls.”

The list of men the L.A. DOJ unit has sent to prison over crimes involving nude photos is impressively long: two and a half years for Michael David Barrett who made a nude video of ESPN reporter Erin Andrews through a hotel peephole; four years for Christopher Osinger who stalked his girlfriend and created a Facebook account for her that featured her nude photos; 10 years for Christopher Chaney who hacked into the email accounts of Scarlett Johansson, Christina Alguilera and Renee Olstead, among other celebs, to unearth scandalous photos; six years for Luis Mijangos, a paraplegic sextortionist who hacked into teen girls’ computers and blackmailed them using their own pornographic photos; three and a half years for Tyler Schrier who stole naked photos from the email accounts of male professional poker players in order to extort them for hundreds of thousands of dollars; and five years for Karen “Gary” Kazaryan who hacked into hundreds of women’s accounts and had thousands of nude images on his computer, so many that law enforcement was unable to identify all of the victims. The office is currently pursuing a case against IsAnyoneUp’s Hunter Moore, the infamous purveyor of revenge porn. While it’s not illegal to operate a revenge porn site — “a big hole in the law,” says Hsu — prosecutors allege Moore paid a hacker to obtain photos of men and women so he could post them to his now-defunct site alongside screenshots of their Facebook profiles.

“There are so many ways to victimize women on the Internet,” says Stephanie Christensen, a prosecutor in the Mijangos case. “The Internet has given predators machine guns that never run out. They can inflict so much damage on their victims which just wasn’t possible before.”

Hsu says he started seeing “emotional hacking” cases come across his desk only in the last few years. There are more nude photos around to get hacked than ever, with ‘sexting’ on the rise according to Pew Research Center; 9 percent of people admitted to Pew that they’ve sent nude photos to someone else, while 20 percent say they’ve received nude shots. Hsu, a slight man with short black hair and wire glasses, has a spacious office on an upper floor of the federal courthouse in downtown Los Angeles which feels crowded thanks to numerous stacks of case files on tables and the floor. Behind his desk is a framed ‘Buffy the Vampire Slayer’ poster, and next to it a photo of Buffy star Sarah Michelle Gellar, inscribed, “Keep beating the real bad guys.” He also has posters of Michelangelo’s Sistine Chapel — “Judgement day is appropriate,” he explains — and a photo of a man standing in front of a tank bound for Tiananmen Square. “It’s the power of one person to save others he doesn’t even know,” says Hsu. Growing up in Orange County, he decided he wanted to be a prosecutor in high school after his parents were hit by a drunk driver while crossing a street. His father suffered a broken rib and his mother went into a coma that lasted for two and a half months. “The guy who hit them got 8 months,” says Hsu. “I felt like I could have done better.” After undergrad and law school at Yale, he clerked for a California district judge with an interest in patent law and then spent three years in private practice at Gibson, Dunn and Crutcher, working intellectual property (IP) and patent cases. He fulfilled his teen vow in 2000, joining the U.S. Attorney’s Office. In 2001, it was one of the first federal prosecutors’ offices to open a cyber unit, which was piloted in San Francisco by Robert Mueller, who went on to become director of the FBI. Hsu switched over to it, a natural fit as most of the initial cases were IP ones, protecting copyright holders from pirates. He became chief of the unit in 2008.

Hsu’s unit has worked closely with FBI agents who, in a unique arrangement, are stationed at the Secret Service’s cyber lab and who also consider emotional hacking cases to be a high priority. “It’s a societal problem that these cases are seen as a violation of the right of privacy instead of as sexual assault cases,” said one of two fresh-faced agents with whom I spoke. They say they comb the FBI’s Internet Crime Complaint Center looking for revenge porn, sextortion and nude photo theft cases knowing they have the expertise to help get them prosecuted. They are difficult cases to investigate. For one, victims are often too embarrassed to report the theft of nude photos. For another, nude photos aren’t prioritized by HQ. The agents say they have to fight for the time they spend investigating them. “It’s hard to sell a victim’s year of anguish vs. a $5 million loss by a company,” said one agent. “For a lot of cyber squads, if there’s not a national security tie-in or huge money signs, they can’t take it.” Knowing that Hsu’s prosecutors will pursue the charges helps the FBI agents immensely.

The FBI agents’ other frustration — given how often they’re following a hacker’s digital trail — was with tech companies. “Some companies make our lives difficult. It used to be easier to get evidence from them,” said one agent. “We just sent a letter along with a subpoena that said, ‘Please don’t tell.’ Now they want an actual court order to disclose non-content information like IP addresses or a name associated with an account and many companies will inform a user as soon as they hear about a subpoena.” They said it’s harder with big companies than smaller ones, who are more likely to cooperate but have less data. The Justice Department formally echoed the agents’ complaint in the Washington Post, saying that Apple, Microsoft, Facebook and Google changing their practices to routinely notify users about law enforcement requests threatens investigations.

“Companies get their radar up about privacy, and it becomes a customer relations issue,” says Hsu.

When Hsu’s team first started bringing nude photo cases into federal courts, some judges were skeptical, especially in cases that didn’t involve celebrities for whom public image has obvious value; they saw the theft of nude photos as a state crime, especially in cases where the defendant and the victims all lived in California. “But state law enforcement was not well-equipped to deal with cyber cases, whereas we are,” says Hsu. “It made sense to me that we should be turning our attention to those types of cases or they would just fall through the cracks.”

“Many judges only pay closer attention if there’s some kind of monetary component,” says Tracy Wilkison, Wesley Hsu’s deputy. And sometimes there is, as in the case of actress Scarlett Johansson who incurred over $60,000 in expenses trying to get websites to take her hacked naked photos down. “Even if these victims haven’t lost money, their lives are destroyed. It ruins their professional relationships, their personal relationships. Some of them never recover from this.”

To turn their cases into federal ones, Hsu and his team of prosecutors sometimes use “tools not created for the Internet” — laws against trespassing, wiretapping (Mijangos put malware on victims’ computers so he could activate microphones and listen to their conversations), and stalking. Thanks to a 2013 Congressional revision of the Violence Against Women Act, cyber-stalking no longer has to occur across state lines to be considered a federal crime. But the best weapon at their disposal is a federal law for crimes that involves computers: the Computer Fraud and Abuse Act (CFAA), an anti-hacking law. Getting a prison sentence worth federal prosecutors’ time is difficult with crimes that don’t involve physical violence or drugs unless there is significant financial damage. Sentencing guidelines don’t take emotional damage into consideration (though Hsu wishes they did). “A case is higher priority if it’s a longer sentence,” says Hsu, explaining that a primary goal for prosecutors is to get defendants to take a plea deal so that a case doesn’t incur the expense of a trial. It also means victims won’t have to testify about the trauma of their nude photos being seen by strangers. “It’s easier if you have a long sentence to get someone to plea. 97% of cases plead,” says Hsu. Absent extortion, it’s hard to prove financial damage in cases involving nude photos, where the harm is reputational and mental, but the CFAA comes with harsh 5 to 20 year prison sentences baked in for “unauthorized access” to another person’s computer. Hsu’s team have used it in every case but the Erin Andrews peephole case, as nowadays the best way to get a naked photo of someone is not to be a peeping Tom at their window but to be an unwanted intruder gaining “unauthorized access” to an online account.

The anti-hacking law has been a controversial one in the last year, coming under attack for being too draconian, too vague, overly harsh in its penalties, and inappropriately used by prosecutors to imprison AT&T flaw exposer Andrew “weev” Auernheimer and to intimidate Internet activist Aaron Swartz, who committed suicide last year. Critics say that laws shouldn’t punish people more just because their crimes involve a computer. Virtual trespassing on a company’s network will land you far more years in prison than physically breaking into its headquarters. I asked the prosecutors what the sentence would be for a man that broke into a woman’s home to steal nude photos she had in a drawer. They didn’t know. “That’d be a local crime,” said one.

In fact, the L.A. bureau is responsible for one of the most controversial deployments of the CFAA. In 2006, when Hsu was deputy chief of the cyber crimes unit, it indicted Minnesota mother Lori Drew, who had assumed a false persona on MySpace to bully a 13-year-old who eventually committed suicide. The prosecutors said Drew had run afoul of the CFAA by violating MySpace’s terms of service with a fake account and thus gained “unauthorized access” to the service, committing a federal crime; the loose tie to southern California was MySpace being based in Beverly Hills. The case was a disaster. A jury did find Drew guilty of misdemeanor hacking but the judge acquitted her, criticizing prosecutors for trying to turn a TOS violation into a felony.

“It was a situation where there was a real crime but there was nothing we could do,” says Hsu. The office learned a lesson about how far it could take the CFAA. “There are plenty of clear violations of the statute. We haven’t needed to wade into controversial waters,” Hsu says. “I’m a technology geek. I’m cognizant of the argument that a not-entirely thought out prosecution could lead to the suppression of ideas and technology, and I have no desire to do that.”

Hsu does have a controversial desire though. He wants to prosecute an Internet troll.

“Part of the calculation of bringing any case is the deterrent effect we can have,” said Hsu. “I’d like to see a threat case where the threat is a result of someone’s speech on the Internet, and someone is threatening to harm the speaker to shout them down.” He was deeply moved by Amanda Hess’s article on women not being welcome on the Internet, and her arguments that women face a far greater proportion of online threats of violence and rape for expressing opinions. He is on the look-out for a case where a journalist or female writer sees a “true threat” — made seriously and not in jest — in the comments section. He thinks a successful prosecution of the harasser could make the Internet a more civilized place. “It couldn’t hurt.”

A 20-year-old woman holds her smartphone as she waits for her friends at a train station before a ceremony in Tokyo

Smartphone management flaws puts users at risk, researchers say

VIENNA (Reuters) – Security researchers have revealed two separate threats this week they say could put up to 90 percent of the world’s 2 billion plus smartphones at risk of password theft, stolen data and in some cases let hackers take full control of devices.

One vulnerability involves flaws in the way scores of manufacturers of Apple, Google Android and Blackberry devices, among others, have implemented an obscure industry standard that controls how everything from network connections to user identities are managed.

The threat could enable attackers to remotely wipe devices, install malicious software, access data and run applications on smartphones, Mathew Solnik, a mobile researcher with Denver-based cyber security firm Accuvant, said in a phone interview.

A separate threat specifically affecting up to three-quarters of devices running older Android software has been unearthed by researchers at Bluebox Security of San Francisco. Dubbed “Fake ID”, the vulnerability allows malicious applications to trick trusted software from Adobe, Google and others on Android devices without any user notification, the company said on Wednesday.

“Essentially anything that relies on verified signature chains of an Android application is undermined by this vulnerability,” Bluebox said in a statement referring to devices built before Google updated its core software late last year.

These risks could not be independently verified by Reuters.

Solnik stressed that the threat to smartphone management software identified by Accuvant remained remote to average users and said that only a few dozen mobile communications experts in the world would currently be able to replicate the technique. But by publicizing the risks, his company hopes to avert this becoming a danger on a global scale.  

FIXING FLAWS

The global smartphone industry has been scrambling for the past few years to respond to an increasing number of vulnerabilities uncovered in mobile technology.

Both research groups will present their findings at next week’s Black Hat hacking conference in Las Vegas, which is highlighting research on mobile technology, among other themes.

An Apple spokesmen declined immediate comment.

Blackberry said it was aware of Accuvant’s findings and was seeking more details.

“BlackBerry has been working closely with Accuvant. Internal and external security researchers serve a critical role in improving industry security standards,” a spokeswoman said.

A Google spokesperson declined to comment on the general vulnerability raised by Accuvant about many smartphone devices. He confirmed that Google had quickly distributed a patch to Android phone makers on learning of the issue from Bluebox.

In general, Android’s open software development process encourages individuals and security firms to report security issues, allowing the company to push patches to manufacturers, which in turn must implement the fixes.

The spokesperson said it has scanned all apps in Google Play, Android’s application market place, and elsewhere and have found no risks to users. “We have seen no evidence of attempted exploitation of this vulnerability,” he said.

Christina Richmond, a security services analyst with research firm IDC said detecting these vulnerabilities is positive in that the phone industry has a chance to act on these findings before they can be exploited by bad actors.

“These security threats have become everyday issues for billions of smartphone users worldwide,” she said. “Mr. and Mrs. end user needs to understand the risk of not updating their phone’s software.”

The disclosures come as market share statistics released on Thursday by mobile research firm Strategy Analytics show Android capturing a dominant 85 percent share of smartphones shipped worldwide in the second quarter. All major rivals from Apple iOS to Microsoft to Blackberry lost market share.

Security researchers say Android’s rapid growth and dominant market share has come with an Achilles heel.

Until late last year, successive versions of Android were distinct creatures, making it hard, if not impossible for developers to update products for each software release, and meaning most Android security features could not be back-dated.

The “Fake ID” vulnerability is widespread in Android phones dating back to the January 2010 release of Android 2.1 software and affects all devices not patched by Google, Bluebox said.

(Editing by Alison Williams)

IAI refutes claim that Iron Dome makers were hacked

IAI refutes claim that Iron Dome makers were hacked

Israel Aerospace Industries disproved reports by a US-based computer forensics expert that said three Israeli defense contractors behind the Iron Dome rocket-defense system and related systems were robbed of hundreds of documents by hackers linked to the Chinese government starting in 2011.

“The information reported regarding the leakage of sensitive information is incorrect. The publications refer to an attempt to penetrate the company’s civilian non-classified Internet network, which allegedly occurred several years ago. IAI’s cyber security systems operate in accordance with the most rigorous requirements and also, in this case, they were proven to be effective,” the aerospace and aviation manufacturer said Tuesday.

The statement was in response to claims by Comment Crew, an American hacking group, which said it stole designs for Israeli rocket systems in a spree of attacks in 2011 and 2012, Joseph Drissel, chief executive of Cyber Engineering Services (CyberESI), said Tuesday.

The targets of the online attacks were top military contractors Elisra Group, IAI, and Rafael Advanced Defense Systems. The companies built the system that now partially insulates Israel from rocket barrages fired from the Gaza Strip.

Israeli and US officials have said Iron Dome systems are responsible for shooting down more than 90 percent of the rockets they have engaged, while ignoring missiles on a trajectory to fall wide. That accounts for about a fifth of the rockets Israel has said Palestinians have fired during Operation Protective Edge.

Krebs on Security, a blog operated by former Washington Post security reporter Brian Krebs, first reported details of the intrusions on Tuesday after being briefed by Drissel on his company’s findings.

Four years ago, Drissel founded CyberESI, a threat intelligence consulting firm based in Columbia, Maryland. That came after a decade in the computer forensics lab of the Defense Cyber Crime Center, an arm of the US Air Force, where he was acting section chief.

His company, which includes former colleagues from his US Defense Department forensic lab, traced the intrusions into Israeli contractors and identified more than 700 stolen emails, documents and manuals pertaining to development of the Iron Dome project and other missile projects.

“Comment Crew is so named for a very specific reason: They insert malware with hidden comments on various public web pages they control and use those sites as command and control centers to download stolen documents,” Drissel said.

CyberESI identified these sites and was able to grab evidence of the stolen documents before Comment Crew could cover their virtual tracks, he said.

Drissel said he was disclosing the attacks only now, after years of seeking unsuccessfully to persuade the affected companies and US and Israeli government authorities to address both the security issues that led to the breaches and to take stock of what specific weapon systems may have been compromised.

In May, the US Justice Department indicted five Chinese military officers who allegedly belonged to Comment Crew, also known as Unit 61398 and based in Shanghai.

They were accused of hacking into the networks of US Steel Corp, Toshiba Corp’s Westinghouse Electric unit and four other US companies in order to steal trade secrets.

Allegations of hacking and other espionage have strained ties between China and the United States, with Beijing denying last year that it had set up a special military unit to conduct such activity.

China retaliated by shutting down a bilateral working group on cyber security.

Two of the Israeli companies named by Drissel declined to comment on the computer security expert’s revelations.

An official at the third company, Rafael, who declined to be identified by name, said of the report: “Rafael does not recall such an incident. Rafael’s databases, including its air defense databases, are extremely well protected.”

A former senior IDF official said assertions that these key defense contractors had been hacked would fit with a pattern of military and industrial espionage around the globe.

“The Chinese have been doing that to all defense contractors in the West, so if this really happened, we are not alone,” said Uzi Rubin, a former head of missile defense at the Defense Ministry and now head of the Rubicon consultancy firm.

Drissel said stolen materials recovered by his company included specifications for the Arrow III system and other ballistic missile defenses. Much of the technology for these systems was developed by Boeing and other contractors for use in US weapons.

Rubin speculated that if the Comment Crew hacking group’s purpose was to steal the missile system plans, it was likely that China wanted to obtain technology on the cheap rather that resell it to other nations.

“If the Chinese really did it, maybe we shall see a Chinese Iron Dome in the future,” he said. “It is said that imitation is the sincerest form of a compliment.”

Chinese officials were not immediately available for comment.

All rights reserved © The Jerusalem Post 1995 – 2014 Provided by SyndiGate Media Inc. (Syndigate.info).

Want to make $1 million per month? Retire from the NSA

Want to make $1 million per month? Retire from the NSA


NSA's Keith Alexander Private Online Security

Former NSA director Keith Alexander will charge companies up to $1 million a month to keep them safe from online hackers, Foreign Policy reports. Apparently Alexander and business partners from IronNet Cybersecurity have founded a new firm after leaving the government and military in March. The company supposedly offers a new technology that has a “unique” approach when it comes to detecting hackers online.

His stint at the NSA is directly responsible for many tools the organization developed to prevent cybercriminals from stealing money and/or trade secrets online, although the new product was developed in private. Alexander’s new technology will help various companies and institutions, with the former NSA boss expected to file at least nine patents to protect it. While at the NSA, he filed seven other patents related to “end-to-end cybersecurity,” and describing means of “systematically doing cybersecurity in a network.”

His new system is able to “detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network in order to steal secrets of damage the network itself.” It’s unclear whether the technology will also catch the NSA’s tools that can be used in similar manner to collect data from unsuspecting parties.

Apparently the patents aren’t related to other technology he developed while running the agency, and the former exec has consulted with lawyers to make sure his new patents were “ironclad.”

“We’ve got a great solution. We’ve got to prove that it works,” Alexander said, revealing he already inked deals with three unmentioned companies. “It will be another way of looking at cybersecurity that gives us greater capabilities than we’ve had in the past.”

“Alexander said that his new approach is different than anything that’s been done before because it uses ‘behavioral models’ to help predict what a hacker is likely to do,” the publication writes. “Rather than relying on analysis of malicious software to try to catch a hacker in the act, Alexander aims to spot them early on in their plots. Only the market will tell whether his approach is as novel as he claims.”

Apparently, the former NSA chief did not use this privately developed technology while running the agency because one of its core components related to behavior models comes from a business partner who took a special approach to the matter, which the government did not consider.

However, an unnamed former national security official told Foreign Policy the “behavioral-model approach is highly speculative and has never been used successfully.”

Communications Minister Malcolm Turnbull says film and music companies should foot the bill for a crackdown on online piracy.

Film and music companies should foot bill for online piracy crackdown, says Malcolm Turnbull

Communications Minister Malcolm Turnbull says film and music companies, not internet users, should foot the bill for any scheme cracking down on online piracy.

Mr Turnbull also says companies arguing for tough anti-piracy measures will have to justify why Australians pay more to download movies and music, and why they have to wait longer to access it, than overseas consumers.

But Mr Turnbull, an Australian internet pioneer before entering politics, said governments could not ignore the issue of illegal downloading because of the dangers it posed to the viability of the creative sector.

Mr Turnbull and Attorney-General George Brandis on Wednesday released a discussion paper on online copyright infringement containing proposals to tackle illegal downloading.

The paper includes proposals to block overseas websites that host pirated content and to compel internet service providers (ISPs) to stop users illegally downloading movies, television shows and music.

“I am a passionate defender of the internet and freedom of the internet but freedom of the internet doesn’t mean freedom to steal,” Mr Turnbull told ABC radio.

“The fundamental problem we’ve got is that internet piracy is a big issue – there are billions of dollars globally being stolen.”

Mr Turnbull said an Australian anti-piracy scheme could be modelled on New Zealand’s. There, internet service providers (ISPs) are required to send customers a desist notice when rights owners inform them of illegally downloading. After three notices, the rights owner can take the customer to court.

“There are some people in the content industry who believe that the costs should be borne in whole or part by the telecommunications sector – by the ISPs,” he said. “I don’t find that a persuasive argument.”

Mr Turnbull said government had a role but that rights holders had the most power to discourage online piracy by making their content available quickly and cheaply.

Australians pay 50 per cent more than US consumers on iTunes for the Top 50 songs according to consumer group CHOICE.

“We’re never going to eliminate piracy, like you’ll never eliminate theft,” he said.

”I think we can drastically reduce it, but everyone has to play their part.

“The content owners in the debate that’s going to follow this discussion paper have got to justify why they charge more to Australians, why they are not releasing content in Australia at precisely the same time as it’s released in the United States or anywhere else in the world.”

Mr Turnbull was a founding director of ISP Ozemail before entering politics.

He said he stood by his view that the High Court was correct to find internet service provider iinet had not authorised its customers’ illegal downloading in a landmark 2012 case.

IAI refutes claim that Iron Dome makers were hacked

IAI refutes claim that Iron Dome makers were hacked

Israel Aerospace Industries disproved reports by a US-based computer forensics expert that said three Israeli defense contractors behind the Iron Dome rocket-defense system and related systems were robbed of hundreds of documents by hackers linked to the Chinese government starting in 2011.

“The information reported regarding the leakage of sensitive information is incorrect. The publications refer to an attempt to penetrate the company’s civilian non-classified Internet network, which allegedly occurred several years ago. IAI’s cyber security systems operate in accordance with the most rigorous requirements and also, in this case, they were proven to be effective,” the aerospace and aviation manufacturer said Tuesday.

The statement was in response by claims by Comment Crew, an American hacking group, which said it stole designs for Israeli rocket systems in a spree of attacks in 2011 and 2012, Joseph Drissel, chief executive of Cyber Engineering Services (CyberESI), said Tuesday.

The targets of the online attacks were top military contractors Elisra Group, IAI, and Rafael Advanced Defense Systems. The companies built the system that now partially insulates Israel from rocket barrages fired from the Gaza Strip.

Israeli and US officials have said Iron Dome systems are responsible for shooting down more than 90 percent of the rockets they have engaged, while ignoring missiles on a trajectory to fall wide. That accounts for about a fifth of the rockets Israel has said Palestinians have fired during Operation Protective Edge.

Krebs on Security, a blog operated by former Washington Post security reporter Brian Krebs, first reported details of the intrusions on Tuesday after being briefed by Drissel on his company’s findings.

Four years ago, Drissel founded CyberESI, a threat intelligence consulting firm based in Columbia, Maryland. That came after a decade in the computer forensics lab of the Defense Cyber Crime Center, an arm of the US Air Force, where he was acting section chief.

His company, which includes former colleagues from his US Defense Department forensic lab, traced the intrusions into Israeli contractors and identified more than 700 stolen emails, documents and manuals pertaining to development of the Iron Dome project and other missile projects.

“Comment Crew is so named for a very specific reason: They insert malware with hidden comments on various public web pages they control and use those sites as command and control centers to download stolen documents,” Drissel said.

CyberESI identified these sites and was able to grab evidence of the stolen documents before Comment Crew could cover their virtual tracks, he said.

Drissel said he was disclosing the attacks only now, after years of seeking unsuccessfully to persuade the affected companies and US and Israeli government authorities to address both the security issues that led to the breaches and to take stock of what specific weapon systems may have been compromised.

In May, the US Justice Department indicted five Chinese military officers who allegedly belonged to Comment Crew, also known as Unit 61398 and based in Shanghai.

They were accused of hacking into the networks of US Steel Corp, Toshiba Corp’s Westinghouse Electric unit and four other US companies in order to steal trade secrets.

Allegations of hacking and other espionage have strained ties between China and the United States, with Beijing denying last year that it had set up a special military unit to conduct such activity.

China retaliated by shutting down a bilateral working group on cyber security.

Two of the Israeli companies named by Drissel declined to comment on the computer security expert’s revelations.

An official at the third company, Rafael, who declined to be identified by name, said of the report: “Rafael does not recall such an incident. Rafael’s databases, including its air defense databases, are extremely well protected.”

A former senior IDF official said assertions that these key defense contractors had been hacked would fit with a pattern of military and industrial espionage around the globe.

“The Chinese have been doing that to all defense contractors in the West, so if this really happened, we are not alone,” said Uzi Rubin, a former head of missile defense at the Defense Ministry and now head of the Rubicon consultancy firm.

Drissel said stolen materials recovered by his company included specifications for the Arrow III system and other ballistic missile defenses. Much of the technology for these systems was developed by Boeing and other contractors for use in US weapons.

Rubin speculated that if the Comment Crew hacking group’s purpose was to steal the missile system plans, it was likely that China wanted to obtain technology on the cheap rather that resell it to other nations.

“If the Chinese really did it, maybe we shall see a Chinese Iron Dome in the future,” he said. “It is said that imitation is the sincerest form of a compliment.”

Chinese officials were not immediately available for comment.

All rights reserved © The Jerusalem Post 1995 – 2014 Provided by SyndiGate Media Inc. (Syndigate.info).

Advice from Google and others that piracy is primarily a "pricing and availability" problem has fallen on deaf ears, the government would rather listen to the likes of Village Roadshow.

Film companies back government crackdown on ‘ill gotten gains’ of online piracy

The creative sector has praised federal government proposals to crack down on online piracy, saying illegal downloading threatens the viability of local film and music production.

But consumer group Choice, which argues the proposals are unlikely to prove effective, is urging the government to also address the high prices Australians pay for movies, music and books online.

The government’s draft discussion paper, released by Attorney-General George Brandis and Communications Minister Malcolm Turnbull on Wednesday, includes proposals to block overseas websites that host pirated content and to compel internet service providers (ISPs) to stop users illegally downloading movies, television shows and music.

The proposal to extend “authorisation liability” to ISPs would essentially overturn a decision by the High Court in 2012, which found that internet service providers could not be found liable for authorising an act by a subscriber that infringes copyright.

Village Roadshow co-chairman Graham Burke said Australia would struggle to maintain a local film production industry unless illegal downloading is tackled.

“There is no reason why websites such as The Pirate Bay should be accessible in Australia when they are not available in the UK and many other countries in Europe and around the world,” he said.

“Village Roadshow is supportive of amending the Copyright Act to make internet service providers part of the solution to assist in copyright protection.

“The only opposition to the government plan will be from those reaping millions and the people misled by the disgraceful propaganda they pump out to protect those ill gotten gains.”

Foxtel CEO Richard Freudenstein said: “Government should put in place a regulatory system that encourages legitimate use and discourages illegitimate use of content, while content owners need to make content available quickly and conveniently.

“ISPs should also assist by mitigating, to the extent they can, use of their networks for unauthorised purposes.

“Illegal downloading is not just an issue for businesses, it affects the livelihoods of actors, writers, directors, set designers, caterers and everyone else involved in the production of these programs.”

But Choice campaign manager Erin Turner said international experience showed the proposals were “high-cost with low results”.

“If the government is serious about addressing piracy, it needs to consider the driving factors behind piracy in Australia. Australians often find it hard to gain access to content like movies and television, and when they do, they pay far too much compared to consumers in other countries.”

Communications Alliance CEO John Stanton, representing telecommunications companies, said the government should not rush to amend the Copyright Act to extend authorisation liability to ISPs.

“This proposal has the potential to capture many other entities, including schools, universities, libraries and cloud-based services in ways that may hamper their legitimate activities and disadvantage consumers,” Mr Stanton said.

“If the government does ultimately decide to amend the Copyright Act, this should only take place after an agreement on an industry scheme is reached, as such a scheme may go a long way to addressing their concerns.”

The Australian Subscription Television and Radio Association released polling showing 53 per cent of Australians believe the government should do more to prevent online piracy. Sixty per cent of Australians believe illegal downloaders should be prosecuted, according to the Auspoll results.

Essential Media polling released this week found 79 per cent of Australians are concerned about being charged significantly more than their US counterparts for digital downloads. Fifty-eight per cent were concerned that movies and TV shows were available for downloading in other countries but not legally in Australia.

A parliamentary inquiry into price discrimination last year found information technology goods and services are significantly more expensive in Australia than other countries. The committee suggested changes to the law to reduce local prices, but most recommendations have not been acted upon.

Follow us on Twitter

National Research Council computers hacked

Gov’t computers hacked at a delicate time

OTTAWA – The recent infiltration of National Research Council of Canada computers by Chinese hackers comes as the agency is working on an advanced computer encryption system that is supposed to prevent such attacks.

The cyber assault has been met with sharp criticism of the Chinese government by Ottawa — even as Foreign Affairs Minister John Baird is in China laying a path for a visit there this fall by Prime Minister Stephen Harper.

The federal government revealed Tuesday that the NRC’s networks were the target of a cyber attack, resulting in the shutdown of its IT network for an extended period.

Curiously, the NRC has been working with private sector and university research teams on a physics-based, state-of-the-art computer encryption system.

“The emerging field of quantum communication promises unhackable, secure communication that can be applied to protect our digital infrastructure,” says the NRC’s website.

“NRC is developing photonics-based, quantum-enhanced cyber security solutions . . . collaborating to develop technologies that address increased demands for high-performance security for communications, data storage and data processing.”

The research agency had hoped that such technology would position Canada as a global leader in field of quantum cyber security.

The Treasury Board Secretariat has not said when the NRC’s computer systems were infiltrated or what the hackers might have been able to access, but said there is no evidence that other government computer systems or data have been compromised.

For now the NRC’s computers have been isolated from the rest of the government’s systems as a precaution, a move that the agency said “will affect ongoing business operations.”

The council said it could be some time before a new, more secure system is up and running.

“NRC is continuing to work closely with its IT experts and security partners to create a new secure IT infrastructure,” the council said in a statement.

“This could take approximately one year however; every step is being taken to minimize disruption.”

In a separate statement, the government said one of Canada’s spy agencies, the Communications Security Establishment, detected and confirmed the cyber attack.

The intrusion came from “a highly sophisticated Chinese state-sponsored actor,” said the Treasury Board.

“We have no evidence that data compromises have occurred on the broader Government of Canada network.”

Still, the NRC said it has notified the Privacy Commissioner and its clients and stakeholders about the breach.

The agency said it would not release further information, citing security and confidentiality reasons. However, it planned to update Canadians on the situation by Thursday.

Baird, who is on a three-country visit to Asia, raised concerns over the breach with Chinese government officials in Beijing on Tuesday, according to a spokesman for the minister.

“The minister took the opportunity to discuss the situation with his counterpart, and they had a full and frank exchange of views on the matter,” said Adam Hodge.

“The government takes this issue very seriously and we are addressing it at the highest levels in both Beijing and Ottawa.”

The cyber attack is awkward timing for Ottawa, since Harper has been planning for a possible state visit to China in November, coinciding with his attendance at an Asian economic summit in Beijing at the end of that month.

Canada and China have been wrestling with several thorny issues — such as Canada’s delay in signing an investment treaty with China and new Canadian rules imposed on state-owned foreign investors — and the cyber attack does not make the diplomatic dance any more graceful.

The National Research Council houses some important intellectual property. It touts itself as “the Government of Canada’s premier organization for research and development,” which partners its scientists, engineers and business experts with private industry to bring new technologies to market.

Aside from computer network encryption research, it has also been working to co-develop a new treatment against aggressive brain cancers.

It is also been developing DNA sequencing through genomics research that could have implications for a wide range of industries involved in agriculture, the environment, fisheries, forestry, and health.

Attacks on computer systems owned by Canadian governments and businesses are becoming increasingly prevalent, says the International Cyber Security Protection Alliance.

The global not-for-profit group released a study in May 2013 showing that 69 per cent of Canadian businesses reported some kind of attack within a twelve-month period in 2012.

The attacks included unauthorized access or misuse of corporate websites and telecommunication fraud, with more than one quarter of businesses saying the attacks had a considerable impact on their business.

In the United States, the Pentagon began to expand its cyber-security forces last year in the wake of attempted cyber attacks by China-based hackers.