December 28th, 2010
December 28th, 2010
The Washington Times
Last week, al Qaeda issued its annual Christ- mas threat to the United States, promising suicide bombings during the holidays. Here's a better idea for a Christmas present from al Qaeda: a video showing Osama bin Laden - or his grave.
Is bin Laden dead or alive? Nobody seems to know for sure, or, if anybody does, he isn't saying. The White House's Afghanistan-Pakistan review this month didn't even mention him despite an ongoing, decade-long manhunt.
Here's what we know. On Oct. 27, after bin Laden supposedly demanded that France withdraw troops from Afghanistan, the French Foreign Ministry said the tape "can be considered established based on initial verification." U.S. intelligence agencies gave credence to the verification, not only refusing to put out a disclaimer, but letting their staffs back the authenticity of other recent tapes. Upon release of al Qaeda's Jan. 24 tape early last year, ABC reported that intelligence officials "can't verify the authenticity of the tape, but they say there has never been a fake and there is no reason to believe this one is not real." Likewise, CNN's reporting of a June 2009 tape concluded, "A CNN analysis said the voice does indeed sound like the leader of the terrorist network that attacked the United States on Sept. 11, 2001."
CIA reports, doctors and biographers have asserted that bin Laden had (has) a range of diseases from typhoid to renal disease, Addison's disease, secondary osteoporosis and Marfan syndrome. Intelligence agencies think that in 2000, he had kidney-dialysis devices shipped to him in Afghanistan. His 1987 biography states that bin Laden was being treated with insulin for diabetes and suffered serious low blood pressure. Is it likely that the most wanted man in the world has been regularly receiving medical attention without detection for the past 10 years?
In 2008, former CIA case officer Robert Baer asserted, "Of course he's dead." In 2002 and 2009, Pakistani Presidents Pervez Musharraf and Asif Ali Zardari separately stated that bin Laden was dead. In 2002, FBI counterterrorism chief Dale Watson stated that bin Laden "probably" was dead.
Since 2004, we have seen no new bin Laden videos; we've only heard audios. One video released in 2007 could be a compilation of older videos. So why does the intelligence community continue to support the impression that he's alive?
Everyone in America knows how spot-on impersonations can be. "Saturday Night Live" ("SNL") has been doing them for years. Without the glasses, Tina Fey is herself; with them, she is Sarah Palin. Even the cast had difficult telling the difference and mixed them up when Mrs. Palin actually showed up. Amy Poehler's Hillary Clinton and Darrell Hammond's Bill Clinton have riveted late-night viewers for decades. Has Tina Fey met her match in al Qaeda?
Al Qaeda wants America and the world to believe bin Laden is still alive. His image is a specter of the horrors of Sept. 11, helping build public support for everything from troop surges a globe away to warrantless wiretaps at home.
Here's a challenge to al Qaeda: Send a new video that can be analyzed properly. Otherwise, we'll take it all as a big scam, al Qaeda's version of "Saturday Night Live." Otherwise, you betcha, he's dead.
December 28th, 2010
December 28th, 2010
WSJ / December 28, 2010 /
By SAM DAGHER
BAGHDAD—Prime Minister Nouri al-Maliki ruled out the presence of any U.S. troops in Iraq after the end of 2011, saying his new government and the country's security forces were capable of confronting any remaining threats to Iraq's security, sovereignty and unity.
Mr. Maliki spoke with The Wall Street Journal in a two-hour interview, his first since Iraq ended nine months of stalemate and seated a new government after an inconclusive election, allowing Mr. Maliki to begin a second term as premier.
A majority of Iraqis—and some Iraqi and U.S. officials—have assumed the U.S. troop presence would eventually be extended, especially after the long government limbo. But Mr. Maliki was eager to draw a line in his most definitive remarks on the subject. "The last American soldier will leave Iraq" as agreed, he said, speaking at his office in a leafy section of Baghdad's protected Green Zone. "This agreement is not subject to extension, not subject to alteration. It is sealed."
He also said that even as Iraq bids farewell to U.S. troops, he wouldn't allow his nation to be pulled into alignment with Iran, despite voices supporting such an alliance within his government.
"For Iraq to be dragged into an axis or an orbit, that's impossible, and we reject it whether this comes from Iran, Turkey or the Arabs," he said.
He added that a kind of "paranoia" about a Tehran-Baghdad alliance in the U.S. is matched by a fear in Iran about U.S. influence: "An Iranian official visited me in the past and told me, 'I thought the Americans were standing at the door of your office,' " he said.
In an interview in Washington, Vice President Joe Biden also said Iran had failed to buy influence during the election or to co-opt Mr. Maliki, who was among the members of the current Iraqi government who briefly took refuge in Iran during the reign of Saddam Hussein.
Mr. Maliki's new majority depends partly on followers of anti-American cleric Moqtada al-Sadr. But Mr. Biden credited Mr. Maliki for denying Mr. Sadr's bloc any control of Iraqi security, while forming a government with full buy-in from Iraq's main factions of Sunnis, Shiites and Kurds.
U.S. military commanders still accuse Iran of funding, training and providing sanctuary to Shiite militias, like Mr. Sadr's Promised Day Brigades, which they say are responsible for attacks against U.S. forces and gangster-style assassinations that continue to plague Baghdad and other areas.
Mr. Maliki suggested his government had co-opted militias like the one associated with Mr. Sadr. "The militias are now part of the government and have entered the political process," said Mr. Maliki. The Sadr contingent, he added, "is moving in a satisfactory direction of taking part in the government, renouncing violence and abandoning military activity, and that's why we welcome it."
Security is the new government's top priority, Mr. Maliki said, as in his previous term. Sectarian violence and suicide bombings continue to plague the country as the full withdrawal of U.S. soldiers nears. Almost a dozen people were killed in double suicide bombings on Monday outside provincial government offices in the city of Ramadi, west of Baghdad, according to security officials.
A resumption of more extreme violence, of course, could alter the thinking in Baghdad and Washington about the U.S. timetable.
But Mr. Maliki said the only way for any of the remaining 50,000 or so American soldiers to stay beyond 2011 would be for the two nations to negotiate—with the approval of Iraq's Parliament—a new Status of Forces Agreement, or SOFA, similar to the one concluded in 2008.
That deal took a year of protracted negotiations in the face of vehement opposition from many among Mr. Maliki's own Shiite constituency, and no repeat is expected.
Mr. Maliki and U.S. officials have refrained for the most part from raising the issue publicly during the months of political wrangling in Baghdad, as Mr. Maliki negotiated with potential coalition partners, many of whom have adamantly opposed an extended U.S. stay.
A senior official in President Barack Obama's administration said Washington was "on track" to withdraw all its remaining soldiers in Iraq by the end of next year. That's the final milestone in the security agreement, following the reduction in American troop levels to below 50,000 in August and the pullout of U.S. soldiers from most Iraqi inner cities in June 2009. "The prime minister is exactly right," said the senior official.
During the interview, Mr. Maliki said he was heartened by America's "commitment" to honoring the agreements it reached with Iraq, and he laughed approvingly when told that U.S. Ambassador James F. Jeffrey keeps a frayed copy of the so-called Strategic Framework Agreement in his leather briefcase. That document calls, in broad terms, for long-term cooperation in security, defense, economy, energy and culture, among other areas.
In a briefing for Western reporters last week, Mr. Jeffrey said that despite the requirement to pull out all American troops at the end of 2011, the framework document and other agreements between Baghdad and Washington contain "a very robust security agenda."
The U.S. Embassy in Baghdad will house a "significantly sized" office aimed at security cooperation, Mr. Jeffrey said, made up of about 80 to 90 military personnel that would take over most of the current functions of the U.S. military in advising, assisting, training and equipping Iraqi forces. That's similar to arrangements with other countries in the region, including Egypt, Saudi Arabia and Turkey. The embassy would also oversee a major Iraqi police-training program.
Mr. Maliki played down Iraq's need for any major help from the U.S. military, even while acknowledging serious deficiencies in areas including control of airspace and borders. He said the days when ethnic or sectarian-based militias roamed the streets of Iraq and operated above the law were over.
"Not a single militia or gang can confront Iraqi forces and take over a street or a house," said Mr. Maliki. "This is finished; we are comfortable about that."
He said full withdrawal of U.S. troops also will remove a prime motivator of insurgents—both the Shiite fighters tied to militia groups and Iran, and Sunnis linked to Mr. Hussein's ousted Baath party.
Mr. Maliki defended his political horse trading with rival factions, many of which are seen as far apart on several substantial policy issues. He called the post-election process—in which he managed to prevail despite his own party bloc failing to gain the most votes—"very arduous."
He acknowledged that he expanded the number of cabinet seats just to placate the squabbling parties that he eventually cobbled together into his governing coalition, arguably the broadest since the fall of Mr. Hussein.
"I mean seven to eight ministries are, allow me to say, ministries for appeasement purposes," he said.
Mr. Maliki said he agreed to several Kurdish demands, including a referendum in contested northern regions, though he didn't think it was feasible without a constitutional amendment to accompany it.
Washington is so concerned about the standoff in the north—where Arabs, Kurds, Turkmen and smaller ethnic groups have faced off—that a large contingent of U.S. soldiers continues to staff joint security checkpoints there, as diplomats work on political solutions.
The referendum was one of 19 demands made by Kurdish President Masoud Barzani in exchange for a power-sharing deal that ended the gridlock that followed the March elections. The resulting unity government headed by Mr. Maliki, a Shiite, includes Kurds and a Sunni-dominated bloc headed by the secular Shiite and former Prime Minister Ayad Allawi.
Mr. Allawi, whose bloc won the most seats in the election but couldn't form a majority, will chair a new National Council for Higher Policies, but won't be able to implement policies without broad government support.
December 28th, 2010
The Red Tape Chronicles / Posted: Tuesday, December 28 2010 at 05:30 am CT by Bob Sullivan
As in the real world, cyberspace has bad neighborhoods. But unlike the real world, risks in cyberspace are not easy to spot -- and the location of those digital bad neighborhoods can change all the time.
When security experts look back at 2010, they will see a major turning point in the world of cyberscares. The virtual and the real collided in new, dramatic ways during the past 12 months, and the Internet will never be the same.
Gone for good is the glamour of annoying outages caused by hackers sending e-mail attachments and launching Web page attacks. Now, computer criminals are being credited with stalling a rogue nuclear power plant program, and with bringing world diplomacy to its knees. Things are getting serious.
There's still a lot we don't know about the virus named Stuxnet. Unlike 99 percent of the viruses written before it, this malicious program was designed to leave most of the Internet untouched. In fact, it wasn't even written in a language that could infect normal Web users. Instead, it apparently was written to cripple nuclear power plants by some entity that had insider knowledge of how utilities work. Stuxnet may have found its way into an Iranian nuclear power plant and mucked up its operations, according to various reports. True or not, Stuxnet sent shudders through the computer security world, and will likely inspire copycat "targeted" attacks for years.
Meanwhile, WikiLeaks showed how technology can turn a David-vs.-Goliath match into a fairly even battle. Non-tech journalists were simply flabbergasted that a man like Julian Assange could take on the U.S. government -- or any government -- so directly, and that government had so little power to stop him. What Assange did has already had serious real-world consequences, and they are ongoing. Assange was a teenage hacker before he became a political activist, and he might be considered the first Web-age hacker to have "grown up" -- he is what a hacker who doesn't ultimately get a job in computer security can turn into. He is destined to become the hero of every teenager with a little programming skill and a cause.
Sure, there have been plenty of cyberskirmishes fought in the name of activism, and there have been Twitter and Facebook campaigns aplenty - such as the Twitter-aided Iranian "revolution" of 2009. But those did not have anywhere near the impact of Stuxnet or WikiLeaks. Indeed, 2010 will be remembered as the year things changed. And those changes headline the top 10 things Internet users need to fear most in 2011.
At the same time, a more subtle, but perhaps more immediate danger for Web consumers surrounds the explosion of off-the-PC Internet applications. The Web is on nearly half of U.S. cell phones now, but that's only the beginning. It's also on TVs, DVD players, tablets like the iPad and even kitchen appliances. What's the risk? How many consumers do you know that are ready to purchase anti-virus software for their blu-ray players? Predictions have been made for a long time about mobile Web viruses. Given the explosion of new, unprotected gadgets, 2011 appears to be their year.
On to the list. We will begin with the biggest consumer-grade threats, then work our way up to the most dramatic possibilities created by the success of Stuxnet and WikiLeaks.
I use Twitter because I have to, and I play around with Foursquare for research purposes only. I am amazed that anyone uses the location-based services provided by these companies for anything but the most limited of applications. Sure, Foursquare creates some neat possibilities for finding friends. But even the most dimwitted of stalkers can turn these tools into playgrounds. It’s trivial to know where people on Foursquare live, work and play, and when they will be at each of these locations. Criminals will catch up to this during 2011 and I hope you don’t end up in the headlines. Use location services with extreme care. One tip: Have a friend “stalk” you to see how easily a stranger could follow you, then adjust your usage accordingly.
Physical stalking is far from the only risk, however. Computer criminals can observe a person’s traveling behavior to craft incredibly convincing phishing e-mails or other cyberattacks (“Hey, it was fun meeting you last night at Sullivan’s Pub!”). Location-based service users need to add an extra helping of suspicion to their Web travels.
2. New media platforms
Consumers are welcoming browser-enabled gadgets all over their homes, and why not? It’s great to stream movies to your television without having to bother with tricky laptop-to-TV connections. But beware, says security firm McAfee. Many device application creators are rushing their products to market to meet demand, taking shortcuts on critical security issues (We’ve heard that story before).
“These tools have historically weak coding and security practices, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps,” the company warns. The threats could be simple, such as fake Web pages that pop up on TVs, asking users to submit personal information. Or they could be complex, such as theft of stored passwords, or even hijacking of the machines for use in botnets. “This danger will eventually lead to data exposure and threats through new media platforms such as Google TV,” McAfee warns.
3. Mobile phones
Every year since about 2004, security experts have predicted an explosion in viruses targeting cell phones. They are beginning to sound like the boy who cried wolf, but this year could be different. Until now, cell phones -- even smart phones -- have operated in very controlled environments. But the proliferation of the open-application environment of Android, and the “jailbreaking” of iPhones, has created a much more hacker-friendly world for cell phones. As the prevalence of these gadgets reach critical mass, hackers will be drawn to them like gnats to a porch light.
4. Mobile gadgets
In a related category, the explosion of mobile gadgets this year will create both a new playground for bad guys, and a new incentive to target operating systems that also control smart phones. Analysts predict some 50 million tablets of all flavors will be sold in 2011. Most will use Apple’s operating system, but perhaps 10 million to 20 million will be variations on that theme, running Google’s Android. The market for tablet-based antivirus software, meanwhile, is virtually non-existent.
“Those devices are in some ways more powerful than computers, yet people are treating them like mobile phones,” warned Piero DePaoli, a security researcher at Symantec Corp. “They don't do much to secure them.”
The combination of tablets and smart phones will prove to be a target-rich environment for the bad guys.
5. URL shortening
When you only have 140 characters to express your thoughts and feelings, you sure don’t want to get bogged down passing along a wordy link like http://redtape.msnbc.com/2010/11/sherrilynn-palladino-lives-in-a-modest-three-bedroom-home-with-an-affordable-mortgage-about-15-miles-from-the-ocean-in-grov.html
(My New Year’s resolution: Shorter URLs)
The solution? URL shortening services like bit.ly. They’re great. Here’s a better link for my story above, by the way http://bit.ly/erORys. But they are also an incredibly easy way for hackers to send you to an unexpected Web page. After all, bit.ly, by definition, obscures the destination URL. I could have claimed that this http://bit.ly/CNbKx was the link to my story above, when in fact it’s a link to my favorite hockey team’s Web site. It could just as easily be a link to a malicious Web page. URL shortening services undo years of safety training online, with security experts telling consumers to make sure the link they clicked really looked like it was headed to their intended destination. McAfee says there are more than 3,000 URLs being shortened every minute online. That’s a lot of hacker potential.
6. Friendly fire
By now, you probably know enough not to click on an e-mail sent to you by AnneMarie0876 promising to help you enhance your private parts. But what about an e-mail from a close friend offering you a chance at a free iPod, or a coupon for 20 percent off at your favorite department store? This year, next generation viruses like Koobface made it easy for hackers to personalize their attacks, using tools to gather information about you leading to specially crafted e-mails and other attacks. Their success will lead to widespread imitation, McAfee warns.
“Personalized attacks are about to get a whole lot more personal,” the firm says.
7. The end of spam. What?
Last year saw the lowest level in spam in years. Why? Criminals go where the people are. Both are moving on to more sophisticated communications platforms like Facebook. Spam is so 2004. Facebook wall posts apparently from friends asking for money are much more 2011.
“Social media connections will eventually replace e-mail as the primary vector for distributing malicious code and links,” McAfee says.” The massive amount of personal information online coupled with the lack of user knowledge of how to secure this data will make it far easier for cybercriminals to engage in identity theft and user profiling.”
Tweets from “friends” will lead to widespread infections. Facebook chats will trick people into giving up personal information, or clicking on malicious links. Promiscuous friending will allow bad guys to connect with all of your friends, creating an easy attack vector with a wide footprint. All of this will happen in an environment where consumers tend to trust more than traditional Web pages or e-mail -- in other words, their guard is down, and attacks will be up.
“This shift will completely alter the threat landscape in 2011,” McAfee says.
8. Cloud computing
Remember Web 2.0? Me neither. It was just a marketing term that attempted to clarify what would happen if Internet applications started communicating with each other, such as Facebook and your phone’s GPS service. Cloud computing is much the same thing: a marketing term that describes a world where people store data and use applications on remote computers, rather than on their own desktops or laptops. It’s not new -- in fact, it’s a rather 1960s concept. But technology firms would much rather rent computer space and services to users than sell them one-time products like a shrink-wrapped box of software. Think of it this way: Who would you rather be, the cell phone maker ($200 gadget sales) or the cell phone service provider ($100 monthly bills)? The TV maker ($400 gadget) or the cable company ($120 monthly bills).
All that’s well and good, and the cloud will provide some neat additional features for users, such as instant backup. But as the cloud moves into mainstream usage, hackers will follow. Only the payoff for hacking cloud services will be massive, warns ISCA Labs.
“Cloud services will become prime targets for hackers wanting to gain access, not just to a specific company's data but possibly to multiple victims simultaneously,” the computer security company says. “As more users move to the cloud, we believe we will see more attacks directed at cloud-based services.”
The cloud will also raise fascinating and troubling legal issues for users. Say you’ve stored all your family photos, or all your company’s data, on a cloud service. What happens if there’s a billing dispute, like those that arise with cable companies and cell phone providers? And what if that cloud provider refuses to release your data until you pay that hefty early termination fee? The best defense against that: Backing up all your data on your own computers, a rather un-cloud-like activity.
Meanwhile, many in the computer security world see widespread and lasting implications for cloud computing from the WikiLeaks incident. Forget Julian Assange for a moment, if you can. When Amazon Web Services decided to dump WikiLeaks content from its cloud servers, observers were left wondering: How trustworthy is the cloud? What if a provider like Amazon decides it doesn’t like my data? Conceptually, if WikiLeaks can be cut off, anyone can.
9. Hactivism outbreaks
Whatever you think of Julian Assange, from a security standpoint WikiLeaks is clearly the most successful and influential “hactivism” event ever. It will inspire others aplenty. Its success lies in part on the different nature of Assange’s strategy.
Until now, virtually all hacktivist efforts landed in two camps: online graffiti, such as Web page defacement, or online protests, such as denial of service attacks. The spreading of previously non-public information, against a government’s will, is a new form of attack, and one that can’t be stopped by added improved packet filtering. The only way it can be stopped is by government officials taking a huge step backward and following the advice of many lawyers I know -- never type anything that you wouldn’t want to see in the newspapers. Expect a lot more secure phone calls and a lot fewer “secure” e-mails between government officials. That might have a detrimental impact on important information sharing -- say, between terrorism researchers at the Department of Homeland Security and airport security officials. But WikiLeaks inevitably will lead to this kind of chilling.
One lesser-discussed aspect of the WikiLeaks release of U.S. diplomatic cables is Assange’s hacker background, and the architecture of the WikiLeaks distribution system. It’s built in global redundancies and clever booby traps, such as that encrypted insurance file. And it’s proven the ability of one small organization to evade a powerful government’s ability to shut it down. That will inspire other groups. That loose hacker organizations like Anonymous responded to the incident by brazenly attacking major firms like Visa and MasterCard shows that renegade hackers are feeling their oats right now.
Meanwhile, attacks by organizations that claim to be acting privately raise important questions in cyberspace. After all, who believes that the attacks on Google emanating from China were completely independent from government influence?
“Whether governments drive these manipulations and activities covertly is open to debate, but it is likely enough that states will adopt a privateer model,” warns McAfee. “Hacktivism as a diversion could be the first step in cyberwarfare.”
Just how far into conflict could vigilante hacking that may or may not be state-sponsored lead America? In a small research facility in Tallinn, Estonia, called Cooperative Cyber Defence Centre of Excellence, a NATO lawyer named Eneken Tikk is working to develop policy defining just what cyberwar is, and just what kind of response a NATO member must take if another member comes under attack.
Can a cyber-attack elicit a physical response? Can it trigger NATO’s mutual defense obligation? What if the next WikiLeaks-like organization manages to shut down power to parts of France or Germany, or to expose government secrets such as the location of military assets? Would the U.S. be required to respond?
The problem, she says, is when it comes to cyber-response, whom do you bomb? That’s why the bar for a “kinetic” response to an electronic attack should remain high, she said, limited to “a cyber attack on a country’s power networks or critical infrastructure (that) resulted in casualties and destruction comparable to an armed attack."
10. More Targeted Malware, backed by nation-states
We now know cyberwarfare can go pretty far. The Stuxnet virus broke new ground in the computer security world, as it was clearly designed to take down utility plants -- and may have been written to take down one particular plant in one particular part of the world.
In late November, Iranian President Mahmoud Ahmadinejad said that enemies of the country succeeded in “creating problems for a limited number of our centerfuges with software,” admitting for the first time that Stuxnet had indeed hit what seemed to be its intended target. Of course, low-level cyberwar has been occurring for years, and the U.S. public knows precious little about many of these attacks. But it’s hard to imagine a more successful cyberattack in history than Stuxnet. No one knows who created the virus, but the specialized knowledge required to write it points to very few organizations and governments. Clearly, the efforts are being repeated and imitated as you read this.
One specialized form of government-sponsored attack is something McAfee calls the “Advanced Persistent Threat,” which has the ability to remain undetected for a long stretch of time and activate only when the attacking country sees the need. Who knows how many virus or bugs have been installed in vital computers around the world, back-doors and booby traps that are waiting for orders from headquarters. This kind of cyber cold war has been imaged for years, but McAfee thinks its time has arrived.
“There are numerous … attack teams located around the world, all with varying degrees of capabilities and expertise,” the firm says. “… Some have access to massive amounts of resources (hardware, software, and human) and even traditional intelligence, surveillance and reconnaissance capabilities. Others borrow, steal or purchase ready-made tools offered and frequently used by established cybercriminal gangs and conduct themselves in a similar manner to gangs. McAfee warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous … attacks that go after e-mail archives, document stores, intellectual property repositories and other databases.”
In other words, it appears cyberspace is going to be much chillier in 2011.