uncompiled.com

Cryptome, the whistleblower site that serves as a repository for “documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance”, has been taken down on Wednesday afternoon by its hosting provider, Network Solutions, which also had the domain “legally locked”.

What it means is that domain information can’t be modified and the domain name transferred – only the registration can be renewed. This action from Network solutions was motivated by a Digital Millennium Copyright Act (DMCA) complaint filed by Microsoft against Cryptonome and its owners, regarding the publication of their Global Criminal Compliance Handbook, a document that reveals to users things that Microsoft would not like to become common knowledge.

In it you can find information about what records are retained and for how long, and what information can and will be given to law enforcement and intelligence agencies if requested by subpoena. Microsoft is not the only company whose “spy guide” has been published by Cryptome, but it’s apparently the one with the most clout.

ReadWriteWeb reports that once the complaint was filed and they requested of Paul Young, one of the owners of Cryptome, to take the document off the website, he refused. So the ISP intervened with a warning that said that if the document wasn’t removed by Thursday, they would disable the site. And so they did – one day before the imposed deadline.

In the complaint, Microsoft states as the reason for their request an infringement of copyright laws. The Electronic Frontier Foundation (EFF), the well-known international digital rights watchdog group, spoke up: “We find it troubling that copyright law is being invoked here. Microsoft doesn’t sell this manual. There’s no market for this work. It’s not a copyright issue. John’s copying of it is fair use. We don’t do this anywhere else in speech law.”

Cryptome has been active since 1996, and this is the first time that someone has succeeded in their mission to shut it down. Young has filed a counter-notification, and we probably won’t have to wait long for the next installment of this story. If Microsoft doesn’t forward a notice of litigation, Network Solutions will reactivate the Website and unlock the domain in no more than 14 business days. In the meantime, the website is temporarily available here.

If you want to read Microsoft’s “spy guide”, you can download it at Wikileaks, who has also offered to to host Cryptome on their multi-jurisdictional network-outside the US.

Source

The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online.

The bill, which passed 422-5, requires the Obama administration to conduct an agency-by-agency assessment of cybersecurity workforce skills and establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation.

As officials puzzle over how to defend the nation from enemies that are often impossible to pinpoint, the lawmakers behind the bill said education and recruitment are crucial.

“Investing in cybersecurity is the Manhattan Project of our generation,” Representative Michael Arcuri, Democrat of New York, a sponsor of the bill said on the House floor Wednesday. “But this time around we are facing far greater threat. Nearly every high school hacker has the potential to hamper our unfettered access to the Internet. Just imagine what a rogue state could do.”

Mr. Arcuri said that the federal government will need to hire between 500 and 1,000 more “cyber warriors” each year to keep up with potential enemies. Troops online “are every bit as important to our security as a soldier in our field,” he said.

The Cybersecurity Enhancement Act, H.R. 4061, a major information security bill, closely follows a warning by Dennis Blair, the director of National Intelligence, who told lawmakers this week that computer-related attacks were becoming increasingly malicious.

The government’s four-year review of Defense Department strategies, also issued this week, stated that large-scale cyberattacks could massively disable or hurt international financial, commercial and physical infrastructure.

Mr. Obama has said cybersecurity is one of his top priorities and between the fallout from the attack on Google’s computers in January and the more modest hacking of Web sites of 49 House members and committees last week, the risk is felt acutely in Washington.

Still, the budget proposal the administration delivered to Congress Monday cut funding for the Homeland Security Department’s cybersecurity division.

There is no companion bill in the Senate, but senators are working on several unrelated information security bills.

The bill is based on a review of Mr. Obama’s review of cyberspace policies across the federal government in May, 2009. It authorizes one single entity, the director of the National Institute of Standards and Technology, to represent the government in negotiations over international standards and orders the White House office of technology to convene a cybersecurity university-industry task force to guide the direction of future research.

It also directs the National Science Foundation to research the social and behavioral aspects of cybersecurity, like how people interact with their computers and manage their online identities, in order to establish a new, more accessible awareness and education campaign.

Source

The Obama administration is seeking to reverse a federal appeals court decision that dramatically narrowed the government’s search-and-seizure powers in the digital age.

Solicitor General Elena Kagan and Justice Department officials are asking the 9th U.S. Circuit Court of Appeals to reconsider its August ruling that federal prosecutors went too far when seizing 104 professional baseball players’ drug results when they had a warrant for just 10.

The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches.

Kagan, a President Barack Obama appointee, and several U.S. attorneys told the San Francisco-based court Monday that the decision is complicating federal prosecutions in the West. The circuit, the nation’s largest, covers nine states, including Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon and Washington State.

Source

Two draft bills intended to improve the security of cyberspace were combined into one piece of legislation that was passed Wednesday by the House Committee on Science and Technology.

The Cybersecurity Enhancement Act of 2009, would support cybersecurity research and development and advance the creation of international cybersecurity standards.

“[This legislation] is based on the concept that in order to improve the security of our networked systems, which are fundamentally both public and private in nature, the federal government must work in concert with the private sector,” Bart Gordon, D-Ill., chairman of the House Committee on Science and Technology, said in his opening statement on Wednesday.

The legislation is a combination of two draft bills that were recently approved by House subcommittees. It incorporates the draft bill Cybersecurity Coordination and Awareness Act, approved in early November by the House Subcommittee on Technology and Innovation, to require the National Institute of Standards and Technology (NIST) to facilitate U.S. involvement in the creation of international cybersecurity standards. The legislation also includes the Cybersecurity Research and Development Amendments Act of 2009, approved in late September by the Research and Science Education Subcommittee, to require federal agencies to submit a long-term research-and-development plan detailing objectives of the initiative and the funding needed to carry it out.

Source

Cyber war has moved from fiction to fact, says a report. Compiled by security firm McAfee, it bases its conclusion on analysis of recent net-based attacks. Analysis of the motives of the actors behind many attacks carried out via the internet showed that many were mounted with a explicitly political aim. It said that many nations were now arming to defend themselves in a cyber war and readying forces to conduct their own attacks. While definitions of what constitutes cyber war are not shared, it was clear that many nations were preparing for a future in which conflict was partly conducted via the net. “There are at least five countries known to be arming themselves for this kind of conflict,” said Greg Day, primary analyst for security at McAfee Europe. The UK, Germany, France, China and North Korea are known to be developing their own capabilities.

Source

Researchers at the University of Pennsylvania say they’ve discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they’ve found “represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,” the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.

Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don’t suffer from many of the bugs they’d found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack.

Four years ago, the University of Pennsylvania team made headlines after hacking an analog loop extender device they’d bought on eBay. This time, the team wanted to look at newer devices, but they couldn’t get a hold of a switch. So instead they took a close look at the telecommunication industry standard — ANSI Standard J-STD-025 — that defines how switches should transmit wiretapped information to authorities. This standard was developed in the 1990s to spell out how telecommunications companies could comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA).

Source

WASHINGTON, D.C. — A federal cybersecurity law edged closer to reality late last week when the Senate Judiciary Committee approved a bill to protect the personal data of Americans. The bill is a bipartisan effort sponsored by Chairman Patrick Leahy, D-Vt., and co-sponsored by former Chairman Orrin Hatch, R-Utah, that would, among other things, force companies and data brokers to institute data privacy and security programs.

It’s exactly what many security experts have been calling for — one federal law that would supersede the growing mountain of state data security laws and give enterprises a simplified, one-size-fits-all roadmap to work from.

And yet, when asked if a federal law is a good idea Tuesday during a panel discussion on the seventh-annual Global Information Security survey, which CSO and CIO magazines conducted with PricewaterhouseCoopers (see survey results here), one attendee who happens to work for the federal government deadpanned, “Careful what you wish for.”

That seems to be the consensus among IT security pros these days. True, the patchwork of state laws can indeed be confusing to companies looking for a one-size-fits-all approach to security compliance. But in a recent, informal and unscientific poll CSOonline conducted on LinkedIn, a majority of respondents expressed doubt that a federal law would make their jobs easier. If anything, they said, the opposite would probably be the result.

Source