The myth of a monolithic Chinese cyberwar is being dismantled. Instead, China has a chaotic world of patriotic hackers with varying degrees of ties to the government. These hackers spring up organically due to widespread nationalism and a highly wired population. While some attacks overlap with government interests, many activities suggest no government interference. A loose connection between intelligence operatives and hackers is more troubling than a strong one, as rogue actors are potentially very dangerous.
This document discusses the relationship between governments and hackers in Russia and China. It notes that both countries employ hackers and that China, Russia, the US, and Turkey are responsible for over 60% of attacks on the World Wide Web, with China responsible for 41% of attacks. The document examines how the Russian and Chinese governments cultivate hackers and use them for their own ends, noting differences and similarities between the two countries. It provides background on the Russian and Chinese economies and cultures to help explain the development of hacking communities in each country.
The document summarizes recent revelations from Israel and the US about cooperation in cyber warfare against Iran's nuclear program. It notes that for the first time, the IDF admitted using offensive cyber capabilities and the US revealed details of joint operations with Israel, including developing Stuxnet. It questions whether these disclosures were coordinated to increase pressure on Iran and convince Israel not to conduct military strikes, or if different government agencies are trying to claim credit. It raises the possibility that acceptance of cyber warfare as an extension of diplomacy may increase in the future.
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
The US National Security Agency is hoping to recruit "cyber warriors" to help fight international cyber warfare. Representatives from NSA and other government security agencies will attend the annual DEF CON hacker conference to find potential recruits. DEF CON is a major meet-up for US hackers, attracting about 10,000 attendees annually. The NSA hopes to find skilled individuals willing to help the US conduct defensive and offensive cyber operations against the growing threats of hacker groups, foreign government-sponsored hackers, and more.
The Iraqi National Congress (INC), an Iraqi exile group, provided exaggerated and fabricated intelligence on Iraq's weapons programs and ties to al-Qaeda to U.S. officials and major news media in the lead up to the Iraq war. This false information helped foster the impression that there were multiple sources confirming the threat from Iraq. In reality, the allegations came from just a few Iraqi defectors and were disputed by intelligence professionals. Many of the claims made by the defectors have not been substantiated since the fall of Saddam Hussein's regime. The INC played a key role in spreading false information that contributed to the public and political support for the U.S. invasion of Iraq.
DEF CON 27 - JOSEPH MENN - change the world c dc styleFelipe Prado
The book profiles the Cult of the Dead Cow (cDc), the oldest surviving and most famous hacking group. It explains how cDc members developed important hacking tools and launched the hacktivism movement to push for better security and consumer protection. While mostly remaining anonymous, some key members like Beto O'Rourke went on to advise presidents and tech CEOs. The book tells the story of how cDc pioneered hacktivism and security research that still influences privacy and national security debates today.
The Estonian Cyber Defense League was formed in 2007 in response to cyberattacks on Estonian government, financial, and media networks by unknown Russian hackers. The League gathers computer experts who would work under military command in times of cyberwar to defend Estonia's networks. With over 1,000 members, it is one of the first official government-sanctioned cyber militias.
The American Vulnerability to Mumbai- and Lahore-style TerrorismTimothy Falasca
The document analyzes the vulnerability of the United States to small unit terrorist attacks similar to those carried out in Mumbai, India in 2008 and Lahore, Pakistan in 2009. These attacks demonstrated coordinated assaults on soft targets using basic weapons and mobile tactics. The author argues that American cities contain similar soft targets and that terrorist training could evade detection. To prevent such attacks, the document suggests increasing armed security at potential targets through armed police, guards, or citizens based on the perspective that response time is critical during an attack.
Hacktivism 2: A brief history of hacktivism.Peter Ludlow
From its roots in culture jamming, we look at the early days of hacktivism from the early manifesto by The Mentor to the exploits of The Electronic Disturbance Theater, The Electrohippies, the Hong Kong Blondes, et.
This document discusses the relationship between governments and hackers in Russia and China. It notes that both countries employ hackers and that China, Russia, the US, and Turkey are responsible for over 60% of attacks on the World Wide Web, with China responsible for 41% of attacks. The document examines how the Russian and Chinese governments cultivate hackers and use them for their own ends, noting differences and similarities between the two countries. It provides background on the Russian and Chinese economies and cultures to help explain the development of hacking communities in each country.
The document summarizes recent revelations from Israel and the US about cooperation in cyber warfare against Iran's nuclear program. It notes that for the first time, the IDF admitted using offensive cyber capabilities and the US revealed details of joint operations with Israel, including developing Stuxnet. It questions whether these disclosures were coordinated to increase pressure on Iran and convince Israel not to conduct military strikes, or if different government agencies are trying to claim credit. It raises the possibility that acceptance of cyber warfare as an extension of diplomacy may increase in the future.
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
The US National Security Agency is hoping to recruit "cyber warriors" to help fight international cyber warfare. Representatives from NSA and other government security agencies will attend the annual DEF CON hacker conference to find potential recruits. DEF CON is a major meet-up for US hackers, attracting about 10,000 attendees annually. The NSA hopes to find skilled individuals willing to help the US conduct defensive and offensive cyber operations against the growing threats of hacker groups, foreign government-sponsored hackers, and more.
The Iraqi National Congress (INC), an Iraqi exile group, provided exaggerated and fabricated intelligence on Iraq's weapons programs and ties to al-Qaeda to U.S. officials and major news media in the lead up to the Iraq war. This false information helped foster the impression that there were multiple sources confirming the threat from Iraq. In reality, the allegations came from just a few Iraqi defectors and were disputed by intelligence professionals. Many of the claims made by the defectors have not been substantiated since the fall of Saddam Hussein's regime. The INC played a key role in spreading false information that contributed to the public and political support for the U.S. invasion of Iraq.
DEF CON 27 - JOSEPH MENN - change the world c dc styleFelipe Prado
The book profiles the Cult of the Dead Cow (cDc), the oldest surviving and most famous hacking group. It explains how cDc members developed important hacking tools and launched the hacktivism movement to push for better security and consumer protection. While mostly remaining anonymous, some key members like Beto O'Rourke went on to advise presidents and tech CEOs. The book tells the story of how cDc pioneered hacktivism and security research that still influences privacy and national security debates today.
The Estonian Cyber Defense League was formed in 2007 in response to cyberattacks on Estonian government, financial, and media networks by unknown Russian hackers. The League gathers computer experts who would work under military command in times of cyberwar to defend Estonia's networks. With over 1,000 members, it is one of the first official government-sanctioned cyber militias.
The American Vulnerability to Mumbai- and Lahore-style TerrorismTimothy Falasca
The document analyzes the vulnerability of the United States to small unit terrorist attacks similar to those carried out in Mumbai, India in 2008 and Lahore, Pakistan in 2009. These attacks demonstrated coordinated assaults on soft targets using basic weapons and mobile tactics. The author argues that American cities contain similar soft targets and that terrorist training could evade detection. To prevent such attacks, the document suggests increasing armed security at potential targets through armed police, guards, or citizens based on the perspective that response time is critical during an attack.
Hacktivism 2: A brief history of hacktivism.Peter Ludlow
From its roots in culture jamming, we look at the early days of hacktivism from the early manifesto by The Mentor to the exploits of The Electronic Disturbance Theater, The Electrohippies, the Hong Kong Blondes, et.
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
This document discusses how racketeering and wire fraud laws can be used to combat hoax news sites that engage in "CrowdStalking" to distribute misinformation. These sites target critical infrastructure operators, federal employees, and security advisors. The document provides an example of how social engineering attacks can steal millions from a company. It argues that legal action against hoax news site operators can deter such attacks, and establishes criteria for when racketeering laws may apply to their activities, such as using deception for financial gain. The document identifies specific YouTube personalities like Nathan Stolpman and Jesse Moorefield who operate hoax news sites.
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
The document summarizes a study on how Live Action Role Play (LARP) simulations can create cognitive threat vectors using the example of two YouTube conspiracy theorists, Jason Goodman and George Webb. In June 2017, they created a sense of hysteria among their online fans by claiming a container ship was sailing into the Port of Charleston with a dirty bomb onboard, leading to the port's evacuation. The document argues this "crowdsourcing" format can weaponize sensationalized information and represents an emerging threat that critical infrastructure operators need to be aware of. It can potentially lead unwitting participants to engage in criminal acts or attacks in response to implied calls for action by the game's controllers.
This document discusses how Sun Tzu's classic work The Art of War can provide a framework for understanding cyber warfare, though it is not a perfect fit. It summarizes key concepts from The Art of War related to strategic thinking, cultivating success on defense, and gaining foreknowledge of adversaries. While cyber warfare is an unconventional threat, nations should still make strategic preparations and investments in network security to prevent being caught off guard by attacks.
China has developed extensive cyber warfare capabilities since the mid-1990s. They have intelligence and military organizations dedicated to cyber warfare and conduct frequent exercises. These capabilities include penetrating other networks and planting viruses. However, China's own networks remain vulnerable. As a result, China has adopted a pre-emptive cyber strategy of unleashing its capabilities at the start of potential conflicts to disrupt enemy systems, though these are still relatively unsophisticated. It is difficult to attribute many Chinese cyber activities to official agencies due to use of private actors.
The U.S. government appears to be covertly attacking Wikileaks and its founder Julian Assange in response to Wikileaks publishing hundreds of thousands of classified documents from the State Department and earlier military leaks from Iraq and Afghanistan. While some of the leaks jeopardized safety, most of the State Department leaks confirmed already public information. The government sees Wikileaks' actions as undermining their authority over classified information, but attacks on Wikileaks' infrastructure sets a worrying precedent for press freedom. Companies like Amazon and PayPal suspended services to Wikileaks after political pressure, showing how legal attacks can achieve results the law itself cannot. This clandestine war on Wikileaks threatens the ability of journalists to publish leaks
This document provides a summary of Lindsey Leitera's Senior Major Project analyzing rhetorical motives in information liberation texts from Richard Stallman to Edward Snowden. It traces the evolution of debates around political ideology, enlightenment ideals, identity, and transparency from 1983 to 2013. Key events discussed include Stallman's "GNU Manifesto", debates between hackers and entrepreneurs like Bill Gates, the emergence of hacktivism with Anonymous and WikiLeaks, and national security whistleblowing by Edward Snowden. The project uses rhetorical analysis of manifestos, essays, and other texts to understand how a "Hacker Ethic" of free information sharing has manifested over time and influenced digital activism and issues of cyber security, technology policy
The document defines media and discusses the role of technology in media. It provides examples of extremists using the internet to spread propaganda and terror by posting videos of beheadings. While the internet provides a platform to spread messages more widely, it did not create extremism or terrorism, but rather offered an additional medium. Money also plays an important role in media by shifting power to owners, prioritizing commercial success over disseminating diverse ideas. In India, print media plays a vital role in democracy by influencing governance through news coverage and editorials.
The document discusses 10 famous hackers throughout history. It describes Jonathan James as the first juvenile imprisoned for cybercrime after gaining notoriety through system intrusions. It also mentions Gary McKinnon, who was accused of the "biggest military computer hack of all time". Finally, it discusses Adrian Lamo, who broke into high-profile networks including The New York Times, Microsoft, and Yahoo.
The document discusses 10 notorious hacking groups: Anonymous, Lizard Squad, The Level Seven Crew, Chaos Computer Club, LulzSec, Syrian Electronic Army, globalHell, Network Crack Program Hacker Group, TeaMp0isoN, and Tarh Andishan. It provides brief descriptions of each group's origins, notable hacks, and motivations which range from activism to support of political regimes. The conclusion notes that while some groups target terrorists, others render services helpless for personal gain, and cracking down on one group may spur growth of others due to spread of hacking skills and ideology.
Manipulating social media report compressedPLETZ.com -
This document summarizes a study conducted by Israel's Ministry of Strategic Affairs on suspicious anti-Israel social media activity in July 2020. The study found that 170 out of 250 suspect Twitter profiles (nearly 70%) were engaged in inauthentic behavior, posting thousands of anti-Israel tweets. Two large interconnected bot networks were identified, one linked to Palestinian organizations that promote delegitimization of Israel. The inauthentic accounts created false impressions of widespread sentiment and manipulated public opinion against Israel around events like the ICC ruling. Around 21% of tweets using relevant hashtags were linked to these inauthentic accounts, showing their outsized impact.
A lot has happened since the last Cyberwar presentation was posted. This Update2010 includes Iranian cyberwar, South Korea and US Gov attacks, Twitter outage, and the China Google attacks
PRISM is a secret NSA program that collects intelligence from major tech companies like Google and Facebook. It allows analysts access to emails, chats, photos, and other data from foreigners using these services. While the NSA claims PRISM only targets non-US persons abroad, it may also incidentally collect some data on Americans due to large amounts of foreign data being routed through US servers. The program is conducted under Section 702 of the FISA Amendments Act but was leaked to the public by Edward Snowden.
(Lim Jun Hao) G8 Individual Essay for BGSJun Hao Lim
The key issues at the crux of the Snowden affair are government surveillance and its impact on citizens' privacy and democracy. The main stakeholders are governments who conduct surveillance in the name of national security, citizens whose data is being collected, and large corporations that assist with data collection. Citizens should be concerned because ubiquitous surveillance could threaten democratic ideals and turn countries into police states, especially if data falls into the wrong hands. While surveillance may be necessary to combat terrorism, current methods have flaws and do not respect citizens' right to privacy or representation.
1) The WikiLeaks document dump reflected positively on US diplomacy and policy, showing efforts to prevent Iran from obtaining nuclear weapons and negotiations with Saudi Arabia over oil.
2) While some documents were embarrassing, they did not reveal sensitive information like assassination attempts or illegal torture that could have been in past leaks.
3) The impact on US foreign policy is considered "fairly modest" according to the Defense Secretary, and unlike the Pentagon Papers, the WikiLeaks documents did not involve deliberate government lies that led to loss of life.
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
1. The document discusses fraud on the dark web and its impact on UK residents. It finds that 33% of UK residents have been victims of online fraud, with losses commonly between £101-£500.
2. Many underestimate how frequently data breaches occur, with only 25% thinking their data could be for sale on the dark web. However, the average ClearScore user found passwords from seven online accounts had been leaked.
3. Identity theft and fraud are among the UK population's biggest financial concerns highlighted in the report.
The document summarizes key findings from a Senate Intelligence Committee report on the CIA's use of torture. It finds that the CIA's enhanced interrogation techniques did not provide useful intelligence and that the CIA misled Congress and the White House about the program. The report also notes that the four main detainees interrogated were from Middle Eastern countries allied with the US and that the torture damaged US relations and standing internationally.
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
Since the last elections in the United States, France, and other nations, fake news has become a tool to manipulate voters. This creation of fake news creates a problem that ripples through an entire society creating division. However, the media has not scrutinized enough on data misuse. Daily it appears that there are breaches causing millions of users to have their personal information taken, exposed, and sold on the Dark Web in exchange of encrypted currencies. Recently, news has surfaced of major social media sites allowing emails to be read without user consent.
The document discusses the history and techniques of investigative journalism. It provides definitions for different types of investigative reporting such as original investigative reporting and reporting on investigations. It also discusses challenges that can arise in investigative reporting like relying too heavily on investigatory sources or becoming activists rather than independent observers. A key part of the document is a case study about the New York Times' coverage of Wen Ho Lee and the accusation that he stole nuclear secrets for China. It reflects on aspects of the coverage that could have been improved by considering alternative explanations and perspectives earlier.
LAST ISSUE -CYBER ESPIONAGEBusinesses and government agencies in.docxsmile790243
LAST ISSUE -CYBER ESPIONAGE
Businesses and government agencies in many countries experienced a spike in targeted attacks originating outside their borders, many from China. Analysis of the attacks leads security experts to believe that many governments are involved in cyber espionage. Cyber espionage is the use of the Internet to spy on other governments. Not only is the Internet being leveraged for international espionage, but it is also being used for economic espionage. Economic espionage refers to the use of the Internet by nation-states to steal corporate information in an effort to gain economic advantages in multinational deals.
One report describes how Chinese hackers infected the Rolls Royce corporate network with a Trojan horse that sent secret corporate information from the network to a remote server. Shell Oil Company discovered a Chinese cyber spy ring in Houston, Texas, working to steal confidential pricing information from servers at its operation in Africa.
Although it would be easy to jump to the conclusion that the Chinese government is behind all of these attacks, experts are quick to point out that it is difficult to pinpoint the origin of an attack. The Internet makes it possible for hackers to launch attacks from any server in the world. If an attack originates in China and is engineered by a Chinese citizen, it still cannot be determined if that person is working for the government. The Chinese government vehemently denies any part in cyber espionage. Still, most governments hold the Chinese government accountable for not cracking down on hackers if not actually sponsoring them. It is estimated that 30 percent of malicious software is created in China. The next largest distributor of malware is Russia and Eastern Europe.
A report developed by security firm McAfee states that “120 countries are developing ways to use the Internet as a weapon to target financial markets, government computer systems, and utilities.” A number of experts are calling this the “cyber cold war.”
The Internet of Things may become the Internet of Threats!
Questions:
1. Find a recent article concerning Hacking or Cyber espionage. Recap the article. Then create your own question and answer from the content.
2. Why are countries and businesses concerned about cyber espionage that originates in China and Russia?
3. What are the dangers if the cyber cold war turns into an actual cyber war?
...
Looking Ahead Why 2019 Will Be The year of CyberwarfareSecuricon
One year away from the third decade of the 21st century and technology has finally caught up with science fiction. In 2019, we’re going to hear more news about driverless cars, revolutions in artificial intelligence and commercial applications for drones. One thing is for sure: it’s an exciting time to be alive.
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
This document discusses how racketeering and wire fraud laws can be used to combat hoax news sites that engage in "CrowdStalking" to distribute misinformation. These sites target critical infrastructure operators, federal employees, and security advisors. The document provides an example of how social engineering attacks can steal millions from a company. It argues that legal action against hoax news site operators can deter such attacks, and establishes criteria for when racketeering laws may apply to their activities, such as using deception for financial gain. The document identifies specific YouTube personalities like Nathan Stolpman and Jesse Moorefield who operate hoax news sites.
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
The document summarizes a study on how Live Action Role Play (LARP) simulations can create cognitive threat vectors using the example of two YouTube conspiracy theorists, Jason Goodman and George Webb. In June 2017, they created a sense of hysteria among their online fans by claiming a container ship was sailing into the Port of Charleston with a dirty bomb onboard, leading to the port's evacuation. The document argues this "crowdsourcing" format can weaponize sensationalized information and represents an emerging threat that critical infrastructure operators need to be aware of. It can potentially lead unwitting participants to engage in criminal acts or attacks in response to implied calls for action by the game's controllers.
This document discusses how Sun Tzu's classic work The Art of War can provide a framework for understanding cyber warfare, though it is not a perfect fit. It summarizes key concepts from The Art of War related to strategic thinking, cultivating success on defense, and gaining foreknowledge of adversaries. While cyber warfare is an unconventional threat, nations should still make strategic preparations and investments in network security to prevent being caught off guard by attacks.
China has developed extensive cyber warfare capabilities since the mid-1990s. They have intelligence and military organizations dedicated to cyber warfare and conduct frequent exercises. These capabilities include penetrating other networks and planting viruses. However, China's own networks remain vulnerable. As a result, China has adopted a pre-emptive cyber strategy of unleashing its capabilities at the start of potential conflicts to disrupt enemy systems, though these are still relatively unsophisticated. It is difficult to attribute many Chinese cyber activities to official agencies due to use of private actors.
The U.S. government appears to be covertly attacking Wikileaks and its founder Julian Assange in response to Wikileaks publishing hundreds of thousands of classified documents from the State Department and earlier military leaks from Iraq and Afghanistan. While some of the leaks jeopardized safety, most of the State Department leaks confirmed already public information. The government sees Wikileaks' actions as undermining their authority over classified information, but attacks on Wikileaks' infrastructure sets a worrying precedent for press freedom. Companies like Amazon and PayPal suspended services to Wikileaks after political pressure, showing how legal attacks can achieve results the law itself cannot. This clandestine war on Wikileaks threatens the ability of journalists to publish leaks
This document provides a summary of Lindsey Leitera's Senior Major Project analyzing rhetorical motives in information liberation texts from Richard Stallman to Edward Snowden. It traces the evolution of debates around political ideology, enlightenment ideals, identity, and transparency from 1983 to 2013. Key events discussed include Stallman's "GNU Manifesto", debates between hackers and entrepreneurs like Bill Gates, the emergence of hacktivism with Anonymous and WikiLeaks, and national security whistleblowing by Edward Snowden. The project uses rhetorical analysis of manifestos, essays, and other texts to understand how a "Hacker Ethic" of free information sharing has manifested over time and influenced digital activism and issues of cyber security, technology policy
The document defines media and discusses the role of technology in media. It provides examples of extremists using the internet to spread propaganda and terror by posting videos of beheadings. While the internet provides a platform to spread messages more widely, it did not create extremism or terrorism, but rather offered an additional medium. Money also plays an important role in media by shifting power to owners, prioritizing commercial success over disseminating diverse ideas. In India, print media plays a vital role in democracy by influencing governance through news coverage and editorials.
The document discusses 10 famous hackers throughout history. It describes Jonathan James as the first juvenile imprisoned for cybercrime after gaining notoriety through system intrusions. It also mentions Gary McKinnon, who was accused of the "biggest military computer hack of all time". Finally, it discusses Adrian Lamo, who broke into high-profile networks including The New York Times, Microsoft, and Yahoo.
The document discusses 10 notorious hacking groups: Anonymous, Lizard Squad, The Level Seven Crew, Chaos Computer Club, LulzSec, Syrian Electronic Army, globalHell, Network Crack Program Hacker Group, TeaMp0isoN, and Tarh Andishan. It provides brief descriptions of each group's origins, notable hacks, and motivations which range from activism to support of political regimes. The conclusion notes that while some groups target terrorists, others render services helpless for personal gain, and cracking down on one group may spur growth of others due to spread of hacking skills and ideology.
Manipulating social media report compressedPLETZ.com -
This document summarizes a study conducted by Israel's Ministry of Strategic Affairs on suspicious anti-Israel social media activity in July 2020. The study found that 170 out of 250 suspect Twitter profiles (nearly 70%) were engaged in inauthentic behavior, posting thousands of anti-Israel tweets. Two large interconnected bot networks were identified, one linked to Palestinian organizations that promote delegitimization of Israel. The inauthentic accounts created false impressions of widespread sentiment and manipulated public opinion against Israel around events like the ICC ruling. Around 21% of tweets using relevant hashtags were linked to these inauthentic accounts, showing their outsized impact.
A lot has happened since the last Cyberwar presentation was posted. This Update2010 includes Iranian cyberwar, South Korea and US Gov attacks, Twitter outage, and the China Google attacks
PRISM is a secret NSA program that collects intelligence from major tech companies like Google and Facebook. It allows analysts access to emails, chats, photos, and other data from foreigners using these services. While the NSA claims PRISM only targets non-US persons abroad, it may also incidentally collect some data on Americans due to large amounts of foreign data being routed through US servers. The program is conducted under Section 702 of the FISA Amendments Act but was leaked to the public by Edward Snowden.
(Lim Jun Hao) G8 Individual Essay for BGSJun Hao Lim
The key issues at the crux of the Snowden affair are government surveillance and its impact on citizens' privacy and democracy. The main stakeholders are governments who conduct surveillance in the name of national security, citizens whose data is being collected, and large corporations that assist with data collection. Citizens should be concerned because ubiquitous surveillance could threaten democratic ideals and turn countries into police states, especially if data falls into the wrong hands. While surveillance may be necessary to combat terrorism, current methods have flaws and do not respect citizens' right to privacy or representation.
1) The WikiLeaks document dump reflected positively on US diplomacy and policy, showing efforts to prevent Iran from obtaining nuclear weapons and negotiations with Saudi Arabia over oil.
2) While some documents were embarrassing, they did not reveal sensitive information like assassination attempts or illegal torture that could have been in past leaks.
3) The impact on US foreign policy is considered "fairly modest" according to the Defense Secretary, and unlike the Pentagon Papers, the WikiLeaks documents did not involve deliberate government lies that led to loss of life.
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
1. The document discusses fraud on the dark web and its impact on UK residents. It finds that 33% of UK residents have been victims of online fraud, with losses commonly between £101-£500.
2. Many underestimate how frequently data breaches occur, with only 25% thinking their data could be for sale on the dark web. However, the average ClearScore user found passwords from seven online accounts had been leaked.
3. Identity theft and fraud are among the UK population's biggest financial concerns highlighted in the report.
The document summarizes key findings from a Senate Intelligence Committee report on the CIA's use of torture. It finds that the CIA's enhanced interrogation techniques did not provide useful intelligence and that the CIA misled Congress and the White House about the program. The report also notes that the four main detainees interrogated were from Middle Eastern countries allied with the US and that the torture damaged US relations and standing internationally.
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
Since the last elections in the United States, France, and other nations, fake news has become a tool to manipulate voters. This creation of fake news creates a problem that ripples through an entire society creating division. However, the media has not scrutinized enough on data misuse. Daily it appears that there are breaches causing millions of users to have their personal information taken, exposed, and sold on the Dark Web in exchange of encrypted currencies. Recently, news has surfaced of major social media sites allowing emails to be read without user consent.
The document discusses the history and techniques of investigative journalism. It provides definitions for different types of investigative reporting such as original investigative reporting and reporting on investigations. It also discusses challenges that can arise in investigative reporting like relying too heavily on investigatory sources or becoming activists rather than independent observers. A key part of the document is a case study about the New York Times' coverage of Wen Ho Lee and the accusation that he stole nuclear secrets for China. It reflects on aspects of the coverage that could have been improved by considering alternative explanations and perspectives earlier.
LAST ISSUE -CYBER ESPIONAGEBusinesses and government agencies in.docxsmile790243
LAST ISSUE -CYBER ESPIONAGE
Businesses and government agencies in many countries experienced a spike in targeted attacks originating outside their borders, many from China. Analysis of the attacks leads security experts to believe that many governments are involved in cyber espionage. Cyber espionage is the use of the Internet to spy on other governments. Not only is the Internet being leveraged for international espionage, but it is also being used for economic espionage. Economic espionage refers to the use of the Internet by nation-states to steal corporate information in an effort to gain economic advantages in multinational deals.
One report describes how Chinese hackers infected the Rolls Royce corporate network with a Trojan horse that sent secret corporate information from the network to a remote server. Shell Oil Company discovered a Chinese cyber spy ring in Houston, Texas, working to steal confidential pricing information from servers at its operation in Africa.
Although it would be easy to jump to the conclusion that the Chinese government is behind all of these attacks, experts are quick to point out that it is difficult to pinpoint the origin of an attack. The Internet makes it possible for hackers to launch attacks from any server in the world. If an attack originates in China and is engineered by a Chinese citizen, it still cannot be determined if that person is working for the government. The Chinese government vehemently denies any part in cyber espionage. Still, most governments hold the Chinese government accountable for not cracking down on hackers if not actually sponsoring them. It is estimated that 30 percent of malicious software is created in China. The next largest distributor of malware is Russia and Eastern Europe.
A report developed by security firm McAfee states that “120 countries are developing ways to use the Internet as a weapon to target financial markets, government computer systems, and utilities.” A number of experts are calling this the “cyber cold war.”
The Internet of Things may become the Internet of Threats!
Questions:
1. Find a recent article concerning Hacking or Cyber espionage. Recap the article. Then create your own question and answer from the content.
2. Why are countries and businesses concerned about cyber espionage that originates in China and Russia?
3. What are the dangers if the cyber cold war turns into an actual cyber war?
...
Looking Ahead Why 2019 Will Be The year of CyberwarfareSecuricon
One year away from the third decade of the 21st century and technology has finally caught up with science fiction. In 2019, we’re going to hear more news about driverless cars, revolutions in artificial intelligence and commercial applications for drones. One thing is for sure: it’s an exciting time to be alive.
The document provides an overview of the documentary "Future Radicals" which tracks the history and growth of the hacktivist group Anonymous from its beginnings on 4chan to its evolution into a more organized group conducting cyber protests in support of issues like Wikileaks and the Arab Spring. It discusses how Anonymous employs the same digital technologies it aims to protect to conduct distributed denial-of-service attacks and website defacements. The documentary includes insider accounts of Anonymous operations and interviews with cybersecurity experts and Anonymous members on the group's activities and increasing surveillance from law enforcement agencies around the world.
This document provides a summary of some of the world's most famous hackers and what happened to them. It discusses Jonathan James, a teenage hacker who hacked into NASA and other networks in the early 2000s and later committed suicide. It also discusses Kevin Mitnick, considered the most wanted computer criminal in US history in the 1990s, who served prison time and is now a computer security consultant. Finally, it discusses Albert Gonzalez, who stole over 170 million credit card and ATM numbers over 2 years and was sentenced to 20 years in prison.
This document discusses hacktivism, which is defined as using technology and hacking skills to effect social change. It provides a brief history of hacktivism from the 1980s to present day, including early groups like WANK and more prominent current groups like Anonymous. It then reviews US laws around cybercrimes, particularly the Computer Fraud and Abuse Act, and how these laws have been criticized for being too broad and prosecuting minor crimes harshly. Finally, it discusses the ethics around cybercrimes as crimes increasingly move to an online context.
The psychological effects of cyber terrorismMichael L. Gross.docxoreo10
The psychological effects of cyber terrorism
Michael L. Gross , Daphna Canetti and Dana R. Vashdi
ABSTRACT
When ordinary citizens think of cyber threats, most are probably worried about their passwords
and banking details, not a terrorist attack. The thought of a shooting in a mall or a bombing at an
airport is probably more frightening than a cyber breach. Yet terrorists aim for mental as well as
physical destruction, and our research has found that, depending on who the attackers and the
victims are, the psychological effects of cyber threats can rival those of traditional terrorism.
KEYWORDS
Cyber security; cyber
terrorism
Cyber aggression has become a daily fact of life in the
21st century, yet for most people it’s still only a reality
in the form of cyber crime – hackers targeting financial
information or other personal details. Politically moti-
vated attacks might threaten them as well, but they
tend to be the concern of governments and corpora-
tions rather than ordinary citizens. The thought of a
terrorist shooting in a mall or bombing in an airport
probably seems far more frightening to the average
person than Russian hackers disrupting government
networks in Estonia or Anonymous breaking into the
police department of Ferguson, Missouri. Cyber terror-
ists, after all, have yet to actually kill or injure anyone.
Yet our research has found this perception of cyber
aggression might not be entirely accurate. The aim of
terrorism, after all, is not just physical destruction, and
depending on who the attackers and the victims are,
the psychological effects of cyber terrorism can be just
as powerful as the real thing.
Defining cyber terrorism
People face cyber aggression on an almost daily basis.
Hackers appropriate, erase, or ransom data, defraud
bank customers, steal identities, or plant malevolent
viruses. In many cases, hackers are criminals out for
pecuniary gain. But sometimes their motives are poli-
tical. Some are “hacktivists,” or cyber activist groups,
like Anonymous, others are terror groups like Hamas
or Islamic State, and still others are agents of national
states like Iran, North Korea, or Russia. They are not
usually after money but pursue a political agenda to
foment for social change, gain political concessions, or
cripple an enemy. Sometimes their means are peaceful,
but other times they are vicious and violent. The lines
often blur. Anonymous will hack the Ferguson police
department just as it will initiate an “electronic
Holocaust” against Israel in support of the Palestinian
cause (Rogers 2014). Islamic activists will use the
Internet not only to recruit members and raise funds
for social welfare projects but also to steal money for
terrorist activities or disseminate information to stoke
fear and demoralize a civilian population. States will
pursue online espionage but also wreak havoc by crash-
ing multiple systems – as did the Russians, allegedly, in
Estonia in 2007, with mass denial-of-service attacks on
gove ...
The Anonymous hacktivist collective has been attacking Russia in retaliation for its invasion of Ukraine. One notable hack interrupted Russian TV networks to broadcast images and messages about the war in Ukraine. The video was seen by millions after being shared on social media by Anonymous accounts. Hackers from one Anonymous group claimed responsibility for the 12-minute TV hack, saying they aimed to show Russians the "truth" about the conflict and would escalate attacks unless peace was restored in Ukraine. A cybersecurity expert said the TV hack was very creative and difficult to carry out compared to other DDoS attacks Anonymous has used.
Presentation on Cybersecurity presented by Katie Rapp for Information Policy ...wookyluvr
Five alleged members of the hacker group Anonymous have been charged with recent cyber attacks, including the leak of over 25 million emails from the private intelligence firm Stratfor. Anonymous is a loose international coalition of hackers that conducts cyber assaults for political protest, though they have no central leadership. The arrests are related to the Stratfor leak where stolen emails were provided to Wikileaks, revealing information about government attacks on Wikileaks and Julian Assange. One arrested hacker had previously become an FBI informant, leading the agency to claim it has broken the back of Anonymous.
Cyber warfare is becoming an increasingly common method for nations to engage in conflict without direct military confrontation. As technology advances faster than international laws and regulations, cyber attacks present a new threat landscape. Nations are investing heavily in growing their cyber warfare capabilities due to concerns about vulnerabilities and a desire to gain strategic advantages over rivals. However, this cyber arms race risks escalating conflicts and reducing overall digital security.
Instructions please write a 5 page paper answering the question consimba35
Stuxnet was a sophisticated computer virus that targeted Iran's nuclear program in 2010. It exploited vulnerabilities in Windows and industrial control systems to damage nuclear centrifuges at Natanz. Stuxnet demonstrated the destructive potential of cyberweapons and marked the emergence of cyberwarfare. The document discusses Stuxnet's technical details and impact, and poses questions about preventing future cyberattacks of this nature.
Challenges from the Cyber Domain: Cyber Security and Human RightsAdam David Brown
This paper explores the key tensions between human rights and state-implemented cyber security. It examines three key tensions, attribution versus anonymity, international norms and cyber war.
The Patriot Act Title Vii Section 814 And 816Nicole Fields
The document discusses cyber terrorism and its relation to the Patriot Act Title VII Sections 814 and 816. These sections aim to protect US citizens from cyber terrorism by defining it and outlining laws and regulations. Cyber terrorism involves using digital technology and networks to further political goals and cause harm. Victims of cyber crimes can experience issues like loss of information, damage to reputation, and mental stress. The document examines cyber terrorism and how terrorist groups are increasingly using the internet and digital means to plan and carry out attacks anonymously and at low cost. It discusses challenges around preventing cyber terrorism due to issues like limited protection of internet infrastructure and debates around privacy.
This document discusses the debate around national security surveillance by intelligence agencies. It presents arguments on both sides of the issue.
The pro argument is that intelligence agencies like the CIA and NSA play a vital role in national security and have helped prevent terrorist attacks since 9/11 through surveillance techniques. However, the con argument is that this surveillance infringes on Americans' right to privacy and civil liberties. Many feel their privacy is violated, and there is public mistrust of intelligence agencies due to past mistakes and covert actions. Additionally, some of this surveillance may violate the Foreign Intelligence Surveillance Act.
This document summarizes and analyzes a paper about recent efforts in the US Congress to pass legislation addressing cybersecurity and data protection. It argues that corporations lobbying for such legislation are cynically shaping laws to shift responsibility for data protection from companies to the public, benefiting corporations without risk. By conflating cybercrime and cyberterrorism, corporations position protecting private interests as protecting national security, gaining influence over the legislative process. However, this does little to safeguard individual rights while protecting corporate interests at public expense.
Chinese cyberattacks against the US pose long term threats to national security. The US power grid and critical infrastructure sectors are most vulnerable. While the daily number of attacks has decreased since 2015 agreements, China has increased sophistication so attacks are harder to detect. The US lacks effective countermeasures and China has no incentive to fully stop cyber espionage. Future disputes could prompt more attacks aimed at the US private sector.
- Ethical hacking involves discovering vulnerabilities in systems through authorized penetration testing to improve security. Ethical hackers have strong technical skills and work to answer questions about what intruders can access and do on targeted systems.
- The Certified Ethical Hacker (C|EH) certification from EC-Council covers topics including reconnaissance, scanning, enumeration, hacking web servers, social engineering, cryptography, and penetration testing to evaluate system defenses.
- Ethical hackers are paid well, with experienced consultants earning over $120,000 annually and freelancers receiving $10,000-$45,000 per project. Many large organizations have certified ethical hackers on staff to test their security.
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
The US National Security Agency is hoping to recruit "cyber warriors" to help fight international cyber warfare. Representatives from NSA and other government security agencies will attend the annual DEF CON hacker conference to find potential recruits. DEF CON is a major meet-up for US hackers, attracting about 10,000 attendees annually. The NSA hopes to find skilled individuals willing to help the US conduct defensive and offensive cyber operations against the growing threats of hacker groups, foreign government-sponsored hackers, and more.
This article aims to show how science and technology are used in cyber warfare as one of the weapons of modern warfare and what to do to use it solely for the good of humanity.
Case Study - Cyberterrorism—A New RealityWhen hackers claiming .docxcowinhelen
Case Study - Cyberterrorism—A New Reality:
When hackers claiming to support the Syrian regime of Bashar Al-Assad attacked and disabled the website of Al Jazeera, the Qatar-based satellite news channel, in September 2012, the act was another act of hacktivism, purporting to promote a specific political agenda over another. Hacktivism has become a very visible form of expressing dissent. Even though there have been numerous incidents reported by the media, the first case of hacktivism was documented in 1989 when a member of the Cult of the Dead Cow hacker collective named Omega coined the term in 1996. However, hacktivism is not the only form of cyber protest and conflict that has everyone from ICT professionals to governments scrambling for solutions. Individuals, enterprises, and governments alike rely in many instances almost completely on network computing technologies, including cloud computing. The international and ever-evolving nature of the Internet along with inadequate law enforcement and the anonymity the global architecture offers creates opportunities for hackers to attack vulnerable nodes for personal, financial, or political gain.
The Internet is also rapidly becoming the political and advocacy platform of choice, bringing with it both positive and negative consequences. Increasingly sophisticated off-the-shelf technologies and easy access to the Internet are significantly increasing incidents of cyberterrorism, netwars, and cyberwarfare. The following are a few examples.
• According to The Israel Electric Company, Israel is attacked 1,000 times a minute by cyberterrorists targeting the country’s infrastructure—water, electricity, communications, and other services.• The New York Times, quoting military officials, said there was a seventeen-fold increase in cyberattacks targeting the US critical infrastructure between 2009 and 2011.• The 2010 Data Breach Investigations Report has data recording more than 900 instances of computer hacking and other data breaches in the past seven years, resulting in some 900 million compromised records. In 2012, the same study listed 855 breaches, resulting in 174 million compromised records in 2011 alone, up from 4 million in 2010.• Another study of 49 breaches in 2011 reported that the average organizational cost of a data breach (including detection, internal response, notification, post notification cost) was $5.5 million. This number was down from $7.2 million in 2010.14 The Telegraph (London) reported that “India blamed a new ‘cyber-jihad’ by Pakistani militant groups for the exodus of thousands of people from India’s north-eastern minorities from its main southern cities in August after text messages warning them to flee went viral.”
There have been recorded instances of nations allegedly engaging in cyberwarfare. The Center for the Study of Technology and Society has identified five methods by which cyberwarfare can be used as a means of military action. These include defacing or di.
Danger of Surveillance in Context of the Novel "1984".pptxDrashtiJoshi21
The document discusses surveillance and its portrayal in George Orwell's novel "1984". It covers several key topics:
- Orwell depicted pervasive surveillance in the novel, both overt surveillance where people know they are being watched and self-censor, as well as covert surveillance.
- Technologies mentioned in the novel include telescreens, helicopters, and weapons, but their description is brief and not the main focus.
- Parallels are drawn between the surveillance in the novel and modern surveillance capabilities and issues, such as mass data collection by governments.
Similar to China's hacker army foreign policy (1) (20)
Here is Gabe Whitley's response to my defamation lawsuit for him calling me a rapist and perjurer in court documents.
You have to read it to believe it, but after you read it, you won't believe it. And I included eight examples of defamatory statements/
An astonishing, first-of-its-kind, report by the NYT assessing damage in Ukraine. Even if the war ends tomorrow, in many places there will be nothing to go back to.
Essential Tools for Modern PR Business .pptxPragencyuk
Discover the essential tools and strategies for modern PR business success. Learn how to craft compelling news releases, leverage press release sites and news wires, stay updated with PR news, and integrate effective PR practices to enhance your brand's visibility and credibility. Elevate your PR efforts with our comprehensive guide.
El Puerto de Algeciras continúa un año más como el más eficiente del continente europeo y vuelve a situarse en el “top ten” mundial, según el informe The Container Port Performance Index 2023 (CPPI), elaborado por el Banco Mundial y la consultora S&P Global.
El informe CPPI utiliza dos enfoques metodológicos diferentes para calcular la clasificación del índice: uno administrativo o técnico y otro estadístico, basado en análisis factorial (FA). Según los autores, esta dualidad pretende asegurar una clasificación que refleje con precisión el rendimiento real del puerto, a la vez que sea estadísticamente sólida. En esta edición del informe CPPI 2023, se han empleado los mismos enfoques metodológicos y se ha aplicado un método de agregación de clasificaciones para combinar los resultados de ambos enfoques y obtener una clasificación agregada.
Acolyte Episodes review (TV series) The Acolyte. Learn about the influence of the program on the Star Wars world, as well as new characters and story twists.
04062024_First India Newspaper Jaipur.pdfFIRST INDIA
Find Latest India News and Breaking News these days from India on Politics, Business, Entertainment, Technology, Sports, Lifestyle and Coronavirus News in India and the world over that you can't miss. For real time update Visit our social media handle. Read First India NewsPaper in your morning replace. Visit First India.
CLICK:- https://firstindia.co.in/
#First_India_NewsPaper
1. MAGAZINE ARCHIVE SEARCH FOLLOW
LOGIN
The myth of a monolithic Chinese cyberwar is starting to be dismantled. A look inside the teeming, chaotic
world that exists instead -- and that may be far more dangerous.
BY MARA HVISTENDAHL | MARCH 3, 2010
A flier for a prominent Chinese hacker’s presentation on the how-tos and wherefores of hacking, drawing on sources as diverse as Shakespeare, the Diamond Sutra, and … Google. Click through to view FP's
exclusive slideshow.
The autobiography of hacker SharpWinner opens on a bunch of young men in a high-rise apartment thick with
cigarette smoke, in an unnamed city somewhere in China. Hacking is hard work, and this particular group, one
of hundreds spread across the country, has been at it for hours. But the alpha male of the group, a "handsome
and bright youth" -- throughout The Turbulent Times of the Red Hackers, SharpWinner refers to himself in the
third person -- is unflappable. After he completes a backdoor intrusion into a Japanese website, he takes a break
to field text messages from female admirers.
It would be easy to dismiss SharpWinner, who has promoted his book on national television, claiming he has a
movie deal in the works, as an attention-hungry stuntman. And in fact, the news that Google and dozens of other
companies had been hit by a mammoth attack originating in China this past winter evoked the strong arm of the
Chinese government -- not SharpWinner's amorphous world of hacker bandits. The Internet giant said the
2. decision to go public with information on Operation Aurora, as the hack has been dubbed, "goes to the heart of a
much bigger global debate about freedom of speech." The Chinese government's spying on the email accounts of
human rights activists, Google intimated, was behind its threat to pull out of China. (It has yet to make good on
that claim.)
But a report released Tuesday by Atlanta security firm Damballa says the Aurora attack looks like work of
amateurs working with unsophisticated tools. That revelation, along with a separate story in the Financial
Times that a freelancer wrote the Aurora code, is focusing attention on China's loose web of cowboy hackers. And
SharpWinner -- the leader of a coalition including anywhere from 50,000 to 100,000 civilian members and,
before he disappeared from public view in 2007, a regular participant in international cyberconflicts, including
the 2001 hacker war stretching from China to the White House -- is just the beginning.
The Aurora attacks represented an attempt by hackers apparently based in China to steal valuable information
from leading U.S. companies. (So far the list of victims includes Adobe Systems and Dow Chemical, in addition
to Google.* Over the weekend, a security researcher told Computerworld that Aurora might have penetrated
more than 100 firms.) Investigators are still trying to understand where Aurora came from and what it
means, but already some surprising clues have emerged. The Financial Times story followed on the heels of a
New York Times story reporting that researchers have traced the attacks back to two Chinese universities, one
of which has long been a training ground for freelance or "patriotic" hackers. Among the implications of these
reports: The U.S. understanding of Chinese hacking is seriously out of date.
Western media accounts typically overlook freelancers in favor of bluster about the Chinese government. Some
pair breathy accounts of cyberwar with images dredged up from 1960s People's Liberation Army propaganda, as
if to suggest China has some centrally administered cyberbureau housing an army of professional hackers.
Others make improbable or unsubstantiated allegations. Two years ago, a National Journal cover story
claimed Chinese hackers were responsible for the 2003 blackout that crippled much of the U.S. Northeast, an
event repeated investigations have attributed to domestic negligence.
In fact, the hacking scene in China probably looks more like a few intelligence officers overseeing a jumble of
talented -- and sometimes unruly -- patriotic hackers. Since the 1990s, China has had an intelligence program
targeting foreign technology, says James A. Lewis, senior fellow for cybersecurity and Internet policy at the
Center for Strategic and International Studies. Beyond that, however, things get complicated. "The hacking scene
can be chaotic," he says. "There are many actors, some directed by the government and others tolerated by it.
These actors can include civilian agencies, companies, and individuals."
To anyone who speaks Chinese, that chaos is obvious. Google the characters for heike -- a transliteration of
"hacker" that means, literally, "black guest" -- and you'll come up with pages and pages of results. Sites such as
www.chinahacker.com, www.cnhacker.com, and www.hackbase.com contain step-by-step instructions,
advertisements for how-to seminars -- become a hacker in a few short weeks! -- and screen shots of foreign
casualties. And yet they are clearly not the work of the central government. Read on (or don't -- the sites are
3. packed with malware and users visit at their own peril) and you'll find threads roiling with bitter infighting,
foul-mouthed forum posts, and photos of scantily clad women.
"There are literally hundreds of these sites," says Scott J. Henderson, an intelligence contractor and former U.S.
Army linguist who has written a book on Chinese hackers. "They all have different agendas and different
personnel. It's not as well-coordinated as everyone sitting down in a room and someone saying, 'You, go write
this code.' 'You, go write that.'"
Instead, China's hackers spring up organically. Mix together widespread youth nationalism with a highly wired
population -- China now boasts the most Internet users in the world, with 384 million people online -- and
out comes patriotic hacking. The self-described "red hackers" are the product of the "the fact that we live in a
time when our country is moving toward prosperity," SharpWinner once said, quite accurately. Prosperity also
ensures a market for abundant hacker memorabilia: hacker magazines, hacker T-shirts, and tell-all books like
his. While traveling through rural China once, I stumbled across bins in a village store filled with Hacker brand
candy. (It tastes like saltwater taffy.)
Every August, top hackers convene in Beijing for a conference ostensibly about information security but
described by one participant as including seminars on common attack techniques. China's hackerati range from
flamboyant prima donnas like SharpWinner to Sunwear, a slight, pixie-ish twentysomething who marks his
website defacements with the innocuous tag line "just for fun!", to Xiao Tian, the unattainable femme fatale
leader of China Girl Security Team. Many of their causes neatly overlap with the interests of the Chinese
government. Take one of the events that drove the development of hacker culture in China: the 1999 NATO
bombing of the Chinese Embassy in Belgrade. In retaliation, hackers plastered the website of the U.S. Embassy
in Beijing with the phrase "Down with the Barbarians!" Or the targeting of email accounts of the Save Darfur
Coalition, which opposes Chinese involvement in Sudan, in 2008. Or GhostNet, the cyberspying operation
originating in China that was revealed last year to have infected 1,295 computers in 103 countries -- including the
Dalai Lama's network in Dharamsala, India. The University of Toronto researchers who uncovered the
attack have not yet pinpointed its architects, but in a report on the attack, they noted the operation could easily
be the work of patriotic hackers using "do-it-yourself signals intelligence."
But the fact that these hackers' interests overlap with Chinese policy does not mean they are working on behalf of
Beijing, and indeed many of their activities suggest no government interference at all. "Governments are not
taking over botnets of compromised computers to conduct denial-of-service attacks," says Dorothy Denning, a
professor of defense analysis at the Naval Postgraduate School in Monterey, Calif. It helps, however, that Beijing
turns a blind eye to their attacks. An unwritten rule holds that freelance hackers are left alone as long as they
target foreign sites and companies. Once they go after information inside China, the government cracks down.
For a hacker interested in self-preservation, the choice is clear.
Another part of the bargain appears to be remaining open to government requests. If the Financial Times report
is correct, Operation Aurora was executed with code developed by a thirtysomething freelance Web security
4. consultant working independently, without government prodding. According to the paper's informant, described
as a U.S. government researcher, the hacker simply posted a chunk of the code on a hacking forum, where it
found its way into Chinese government hands. "He would rather not have uniformed guys looking over his
shoulder, but there is no way anyone of his skill level can get away from that kind of thing," the researcher was
quoted as saying.
The rest of the story should become clearer in coming months. But another report traces the attacks to servers at
Shanghai Jiao Tong University's School of Information Security Engineering, one of China's top
computer science schools and a hotbed for freelance hackers. For years, students there have freely organized
hacker groups and traded war stories in forums hosted on the school website. In 2007, Shanghai Jiaotong
graduate student and veteran hacker Peng Yinan hosted an information session titled "Hacker in a Nutshell" in a
school conference room. The PowerPoint slides he worked off -- which until recently could be downloaded
from his group's website, now down -- glorify hacker culture and explain successful techniques that can be tried
at home, pointing out that Chicago Tribune reporters once uncovered contact information for thousands of CIA
agents using a basic online service. A flier advertising the event described Peng as a consultant for the Shanghai
Public Security Bureau.
Another student whose screen name appears on Peng's hacks -- but who told me he wasn't involved -- went on to
work for Google.
Could Operation Aurora have been written by a freelancer, picked up by a bureaucrat, and then reassigned to a
freelancer with ties to Google? It is a possibility worth entertaining, at least. Some have argued that the Chinese
government should have more effective means for securing intelligence than students and online misfits. But
others say a decentralized approach suits Beijing just fine. "You can see the benefits of having a blurry line," says
Lewis. "The Russians do it all the time with Estonia: 'Of course it wasn't us. Can you prove it was us?'"
Ultimately, a loose connection between Beijing intelligence operatives and patriotic hackers is more troubling
than a strong one. Governments operate under constraints. Gangs of young men -- as the United States has
learned the hard way -- don't. "Certainly if it's government-sponsored cyberwarfare, I have someone I can deter,"
says Henderson. "If it's mutually assured online destruction -- OK, I can at least develop a theory on that. But
with rogue Internet actors it's very difficult. They're potentially very dangerous."
The thought would flatter SharpWinner. In his TV appearance, he confided his concerns about hacking culture in
China. He had witnessed the disintegration of some prominent hacker groups, and he fretted that most patriots
simply get on board whenever some international incident flares up and lay off hacking foreign companies once
things cool down. But with a little effort these challenges can be overcome, he concluded, saying that he is
encouraged by a recent resurgence of interest in hacking. Then he addressed listeners directly. "Brothers," he
intoned, "go with me! The future of red hacking is bright!"
*The original version of this article cited reports that RAND Corporation had been hit by Aurora. A RAND