TaoSecurity Blog

Why won't the US or China (or even Russia) admit we're engaged in cyberwar? I have a theory based on historical precedent, involving all three countries: the Korean War. Since my time in the Air Force I knew that US pilots had directly engaged Russian pilots in the skies over Korea in the 1950s. This was an "open secret." Recently I watched the NOVA episode Missing in MiG Alley , which confirmed this fact: NARRATOR: For 40 years, Russia's role in Korea remained a secret. Now, one of the Soviets' top aces, Sergei Kramarenko, can finally talk about his exploits in MiG Alley. SERGEI KRAMARENKO: (Russian dialogue) INTERPRETER: It was a secret mission, neither before nor after the war were we allowed to reveal that we were going to fly for the North Koreans...against the Americans. It was top secret. SERGEI KRAMARENKO: (Russian dialogue) INTERPRETER: We were told that in case we were shot down beyond the front line we had to kill ourselves. Not to surrender wa...

I found these excerpts from yesterdays DEBKAfile story An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm to be interesting: Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers... The impression debkafile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack. One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because...

Thanks to the Team Cymru news feed for pointing me to Emerging Cyberthreats and Russian Views on Information Warfare and Information Operations by Roland Heickerö of the Swedish Defence Research Agency . I found this content in pages 23-24, "Differences and similarities between Russian, US and Chinese views on IW," to be really interesting: In order to understand the Russian view in a wider context, a comparison has been made with Russia’s most important competitors – the USA and China – and their approach to information operations... All three countries agree on the important role information has in today’s conflicts. Over time its importance will grow. The USA has influenced the mindsets of the others, especially regarding ideas about information superiority and information dominance, as well as command and control warfare. Information adds a new dimension to warfare and IW weapons could be used offensively and defensively to protect a country’s own information resources ...

I've written a few posts on IPv6 here. I read the short Transition to IPv6 Memo (.pdf) written by Federal CTO Vivek Kundra. I'd like to comment on two of the assumptions he makes in that memo: The Federal government must transition to IPv6 in order to... 1. Reduce complexity and increase transparency of Internet services by eliminating the architectural need to rely on Network Address Translation (NAT) technologies; 2. Enable ubiquitous security services for end-to-end network communications that will serve as the foundation for securing future Federal IT systems; I find the first point laughable. Anyone who has even obliquely worked with IPv6 knows that adopting the protocol will massively increase complexity , whether IPv6 is used natively or especially if it's used in a conjunction with IPv4. Take a few minutes to look at all the extra addresses an IPv6-enabled system provides to see what I mean. Complexity and unfamiliarity with configuring IPv6 will introduce ex...

Thom Shanker reported in Cyberwar Chief Calls for Secure Computer Network the following this week: The new commander of the military’s cyberwarfare operations is advocating the creation of a separate, secure computer network to protect civilian government agencies and critical industries like the nation’s power grid against attacks mounted over the Internet . The officer, Gen. Keith B. Alexander, suggested that such a heavily restricted network would allow the government to impose greater protections for the nation’s vital, official on-line operations. General Alexander labeled the new network “a secure zone, a protected zone.” Others have nicknamed it “dot-secure.” It would provide to essential networks like those that tie together the banking, aviation, and public utility systems the kind of protection that the military has built around secret military and diplomatic communications networks — although even these are not completely invulnerable. I'd like to share five reason why ...

With all the activity concerning Stuxnet, I've been thinking about "cyber weapons." You might recognize the image at left as coming from the venerable rootkit.com site operated by Greg Hoglund since 1999 (for real -- check out archive.org !) When Greg started that site I remember a lot of people complaining about cyber weapons and putting offensive tools in the wrong hands. Now with tools like Metasploit and Ronin , people are bound to worry about the same issues. It would be terrible to see valuable tools get painted with the same "ban the guns" prescriptions I expect to hear when Stuxnet becomes more popular in the media. So, in this post I'd like to share a few thoughts on differentiating security tools from cyber weapons (CWs). These are just my thoughts so I'd be interested in feedback. Some of them may be controversial and I could probably argue the opposite case for some of the items. Operators develop CWs privately. I don't think a ...

I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-day events will be held in Seattle, WA on 28 Sep 10 and in New York on 16 Nov 10. Currently the Emerging Threats site shows details for the Seattle event, where I will discuss What Is Advanced Persistent Threat, and What Can You Do About It? On a related note, Robert RSnake Hansen will offer two sessions in Seattle. I want to talk to him about ending his blog -- 12 posts left as of today! Tweet