Hacking tools now available on Jihadi websites

According to Crabbyolbastard there are now some extremely sophisticated hacking tools available on Jihadi website forums.   Apparently, the techniques offered are “the real deal” and are nicely packaged with an accompanying music track.

In the past, many have scoffed at concerns about potential cyber-terror attacks.  Perhaps now is the time to stop scoffing and start preparing.

iPhone ban will p*ss off Ministers and senior civil servants – I wonder how long it will last?

The Register is reporting that GCHQ has refused to authorise the use of iPhones by Ministers and civil servants for official business, although Blackberries are permitted for material up to “Restricted” level.

I wonder how long the ban will last?

My guess is that the desire of politicians and senior mandarins to have the latest technological toy to play with and the advent of the iPhone 4G will mean that subtle pressure is applied to CESG (the part of GCHQ that decides these things) to find a way of permitting the iPhone’s use.

Will ITV adopt the Al Jazeera defence?

ITV has had to apologise to its HD viewers after “a transmission problem” meant that viewers missed England’s goal against the United States on Saturday night.  Viewers saw an advert instead.

ITV has not explained what exactly happened, but I wonder whether they are going to adopt the Al Jazeera defence.

Al Jazeera, whose World Cup coverage has been repeatedly interrupted, have said their feed was hacked into and saboteurs somehow altered the feed.  Rather chillingly, reports add:

“The company said in a statement it did not know the identities of the perpetrators, but Nasser al Khalifi, its chairman, vowed yesterday to “go after whoever has caused this terrible act” and that the perpetrators would be found out “very soon”.”

So who has been hacking the Taliban? Is this an early sign of “offensive” cyber activity by the United States?

Apparently, an elite jihadi forum with strong Taliban links has been warning subscribers that it has been “infiltrated”.  It is not clear who has done the infiltration nor what the nature of it is (although potentially it would enable the infiltrator to obtain details of those logging into the site and identify their location).

There has, of course, been a large amount of discussion in the United States about the importance of building not only a defensive cyber capacity but also an offensive capacity.  Usually, the offensive role is described as being available for retaliation against an individual, organisation or nation that threatens US cyber space.  However, the principle might easily be extended to others – such as the Taliban – who threaten US interests and troops.  So is this the first example of the talked-of US offensive capacity in action?

Nuclear proliferation and the risks of nuclear materials falling into the wrong hands – raised at Lords Question Time

Over the last few months, I have been doing some work on the danger of nuclear materials falling into the hands of terrorists and had the opportunity to raise the issue during Lords Question Time this afternoon.

Baroness Miller of Chilthorne Domer had tabled the following question:

“To ask Her Majesty’s Government what contribution they will make to the work required to achieve progress on the Treaty on the Non-Proliferation of Nuclear Weapons following the resolution passed at the review conference in May.”

Lord Howell of Guildford, the Minister of State at the Foreign and Commonwealth Office, answered as follows:

“My Lords, as we promised on taking office, we pushed hard for agreement of a final document at the Nuclear Non-Proliferation Treaty Review Conference. We will give the highest priority to reversing the spread of nuclear weapons, keeping them out of the hands of terrorists and cutting their numbers worldwide, and we will work with partners to translate those commitments into action.”

I came in with the following supplementary:

“My Lords, the IAEA’s illicit trafficking database has recorded 336 incidents involving unauthorised possession of nuclear materials and associated criminal acts in the past 15 years. There have also been incidents of terror teams carrying out reconnaissance of nuclear weapon trains in Russia. Can the noble Lord tell us, first, whether Her Majesty’s Government are satisfied with the security arrangements around the nuclear facilities in this country and what steps they are taking to protect them? Secondly, what steps are they taking to ensure that security arrangements around both civil and military nuclear facilities elsewhere are being properly maintained?”

And this elicited the following response:

“I thank the noble Lord for his question. We are satisfied, but we are always on guard and always watchful for any need for improvement. The international security of nuclear materials was discussed, analysed and strengthened at the Washington conference in April that preceded the nuclear NPT review conference. A whole series of measures was put forward there and agreed. In so far as one can, one can say that these measures are a step forward in what is undoubtedly, as the noble Lord fully realises, a very dangerous situation.”

I will be returning to the issue later in the Session.

Is the civil liberties lobby beginning to question the Coalition’s commitment?

It is early days yet but I am beginning to hear that the various civil liberties lobbying organisations and activists are questioning whether the Coalition’s commitment to their agenda is quite as strong as they were led to believe before the General Election.

Even though the Coalition Government in its document “Our Programme for Government” trumpets that:

We will be strong in defence of freedom. The Government believes that the British state has become too authoritarian, and that over the past decade it has abused and eroded fundamental human freedoms and historic civil liberties. We need to restore the rights of individuals in the face of encroaching state power, in keeping with Britain’s tradition of freedom and fairness.”

and Nick Clegg has made bizarre statements about the greatest reforms since 1832, those who are picking over the details are clearly not impressed.

For example, Ross Anderson at Cambridge University is already talking of “A very rapid betrayal“, saying:

“The coalition Government plans to keep the Summary Care Record, despite pre-election pledges by both the Conservatives and the Liberal Democrats to rip up the system – which is not compliant with the I v Finland judgement of the European Court of Human Rights.”

And Hawktalk says:

“Ah! The reality of power! For all the Opposition talk about strengthening the protection of privacy, in the first weeks of Government, the pro-privacy proposition has become more difficult to implement. The inevitable result is that gears are being put into neutral or reverse (as quietly as possible, mind you!).

So it is with the repeal of the ID Card Act and the abolition of the National Identity Register by the “Identity Documents Bill 2010-11” whose Second Reading is today. We all know that from their respective manifestos, both Lib-Con coalition partners wanted to scrap ID Cards and strengthen the penalties in the Data Protection Act. We know that the previous Government had draft legislation on the stocks which provided for custodial penalties for misuse of personal data under the Data Protection Act.

With apparent political unity about the weak data protection offences associated with the deliberate misuse of personal data, one would have thought that an stronger penalty could have been introduced quite quickly. Alas, this is not the case. The Identity Documents Bill has used a contorted definition of “personal information” in order to avoid strengthening the offences in the Data Protection Act.”

And then there is the huge anger already generated by the plans to repatriate asylum-seekers to Iraq and the deportation of children to Afghanistan.

I always thought that the Tories were cynical and opportunist in their attacks on the last Government’s record on civil liberties and human rights, but I suspect the LibDems believed their own rhetoric.  I suspect that faultline is going to get increasingly strained as the Coalition comes to grips with the realities of being in Government.

Is the Coalition Government going soft on e-Crime?

I am hearing rumours that the Coalition Government has ordered a 30% cut in the budget of the National Police e-Crime Unit in the current financial year.

If true, this will have a potentially devastating impact on the Police Service’s ability nationally to tackle the serious organised criminal gangs that are behind much e-crime in this country and to support initiatives to prevent and deter e-Crime.  

In any event, the Home Office support for the Unit was already small: only £3.5 million – so it will not even save very much.

This is in sharp contrast to the policy of the Conservatives before the General Election (when they pledged to “wage war on cyber-crime”) and the priority given to the issue by David Cameron.  It will also be a particular embarrassment to Baroness Neville-Jones, the Minister for National Security, who has taken a particular interest in cyber issues and was speaking at an event on the subject this morning.

Nick Clegg plays the hypocrite card on Gary McKinnon

I have always taken a fairly robust view on the question of whether Gary McKinnon should be extradited to the United States, tending to take the position that the crimes of which he is accused are potentially extremely serious and that the US Courts should be given an opportunity to consider his case.

I have, of course, listened to the views expressed stridently by those who argue that Gary McKinnon’s Aspergers condition means that it would be better if he were tried in this country. 

Most people have taken a consistent position on the issue – one way or the other.

Not, however, the Deputy Prime Minister and Leader of the Liberal Democrats, Nick Clegg – as can be seen from a piece in the New Statesman:

“On 15 December 2009, a photograph was taken of Janis Sharp, the mother of Gary McKinnon, and the Liberal Democrat leader, Nick Clegg, outside the Home Office in Westminster. They were there to protest against the extradition of McKinnon, aged 44, to the US on charges of computer fraud. Eight years earlier McKinnon, an Asperger’s syndrome sufferer, had hacked repeatedly into Pentagon and Nasa networks.

“They could try him here if they wanted to, so it’s up to the government here to do the right thing,” Clegg said in an interview that day. “If Gordon Brown really had a moral compass, he would do the right thing and try Gary McKinnon here instead.”

Little more than five months later, on 25 May, Clegg, the new Deputy Prime Minister, said of the McKinnon case in a radio interview that “what I haven’t got the power to do – neither has the Home Secretary, neither has even the Prime Minister – is to completely reverse and undo certain legal aspects of this. But that, of course, you wouldn’t want politicians to do. It’s legally very complex.”

Opposition made adopting principled positions simpler. Clegg also stated that his personal view on the case remained unchanged – McKinnon should ideally be tried in a British court. But his equivocation on the law had upset Sharp and, when I visited her recently at her home in Hertfordshire, she wept as she spoke about her son.

“I think we all thought that we had waited until this, the new government; and then we’d done it. They’ve all made promises,” she said, referring to the support offered to the McKinnon campaign not only by Clegg but other senior Lib Dem MPs, as well as David Cameron.”

It seems that promises made in Opposition don’t count for much once you are in the Coalition Government.

Ken Livingstone offers a “Smart City” vision for London

Ken Livingstone has announced that one of his objectives if re-elected as Mayor in 2012 will be to make London the world’s first “Smart City”.

The examples he give include:

  • easing parking chaos in London if re-elected by bringing in a system like that used in San Francisco, where 6,000 of the 24,000 metered parking places are fitted with sensors that allow drivers to find spaces via wi-fi. The American city’s $23 million network shows available spots on motorists’ mobile phones and electronic street signs. If drivers want to add more time to a parking meter they can also do it by mobile.
  • using real-time “smart meters” to cut energy use in homes and businesses. In Sweden these have resulted in a 24 per cent reduction in energy use.

He expands on his ideas in more details at LabourList.

What he demonstrates is a long-term strategic vision for London that would not only benefit its residents but give London the edge in international competitiveness.  His ideas also highlight the lack of strategic vision currently displayed by the Conservatives in London.

Small businesses need to be supported in achieving better cyber security not threatened by law suits from their banks

Last week at ten hours notice I was asked to speak at a major conference on security and resilience (I’m not proud – I knew I was standing in for another speaker who had dropped out at the last moment).  One of the topics that came up was the importance of small and medium-sized businesses in the supply chains of parts of the critical national infrastructure and the fact that such businesses are often likely to be less well-protected in terms of cyber security.  The consensus view was that more needed to be done to encourage and support such businesses to adopt better security.

I raised the issue again this morning at a private briefing given by Melissa Hathaway, the former Senior Director for Cyberspace for the US National Security and Homeland Security Councils.  She agreed with my concerns on the matter, but then took my breath away by referring to a current case working its way through the US Courts (which I had not previously heard about) where a bank is suing a company for not having adequate internet security in connecting to the bank for internet banking purposes.

What seems to have happened is this:

In early November 2009, cyber thieves initiated a series of unauthorized wire transfers totaling $801,495 out of the account of Hillary Machinery, a Texas-based machine equipment company.   The bank, PlainsCapital, managed to retrieve roughly $600,000 of that money, but are now suing the company for the balance on the basis that the bank had processed the transfers in good faith.  Apparently, the fraudulent transactions were initiated using Hillary’s valid online banking credentials.

It would appear that the transfers were initiated from computers in Romania and Italy, among others, and sent to accounts in Ukraine, Russia and other Eastern European nations – allegedly using credentials stolen from the computers of Hillary Machinery.

No doubt, this case will make some businesses think twice about whether their own internet security is good enough.  It may also make them think twice about using internet banking.

However, there has to be a better way of ensuring that businesses improve their own security without the banks resorting to suing their customers.