Monthly Archives: April 2009

Security

Positive News and Propaganda

Leave a comment

Moscow News attempts to explain how propaganda is related to presentation of facts, with a look at their own history of reporting.

The newspaper under Lomko’s editorship gives off an eerie feeling of having been transported to a parallel universe. The language is English, so you don’t immediately envision a propaganda machine like Pravda. It looks like a newspaper, it feels like a newspaper.

It has pictures and headlines and cartoon illustrations. It has facts, figures and commentary. In fact, you would be hard pressed to argue with Lomko when he insists that he was producing an informative and objective newspaper.

[…]

Reading the newspapers long enough, one notices a glaring absence: there are no negative facts about any aspect of life in the Soviet Union. Problems are not “challenges to be overcome,” as they are in Western-style political correctness. They are simply never mentioned.

This simple omission is what defined propaganda in general and Soviet newspapers in particular, and it is key in understanding the task that lay before Lomko in producing the paper after Khrushchev’s thaw and Brezhnev’s stagnation. Only the relevant facts are revealed, and the right conclusion is always drawn.

Such insight is essential to security reporting and data analysis. The ability to report on all the facts must be allowed by management, else they run the risk of instilling a propaganda-like view of their environment.

History, Sailing, Security

Pirate Google

Leave a comment

A site has launched as a form of dissent to the Pirate Bay case. Pirate Google provides torrent file search using a simple Google custom search.

You can do this with any regular Google search by appending your query with filetype:torrent. This technique can be used for any type of file supported by Google.

The intention of this site is to demonstrate the double standard that was exemplified in the recent Pirate Bay Trial. Sites such as Google offer much the same functionality as The Pirate Bay and other Bit Torrent sites but are not targeted by media conglomerates such as the IFPI as they have the political and legal clout to defend themselves unlike these small independent sites.

The logic is obviously and perhaps intentionally thin, such as the fact that Google usually just points a search back to a Pirate Bay URL. Nonetheless, it poses a good question. If you aid in a search for data, are you complicit when unauthorized access to that data is successful? Maybe complicit is not the right word because it includes a notion of awareness. Aiding and abetting could be a better phrase, since it separates awareness. Philosophy courses must be a barrel of fun today compared to the Hume, Locke, Buber, etc. textbook examples I used to have to process.

Colorful logo. How long before this starts turning up on t-shirts, let alone boats in the Aden Straits?

Security

Article: Identifying the source of corporate threats

Leave a comment

Network World published my opinion piece yesterday:

The Verizon Business RISK team recently released its “2009 Data Breach Investigations Report,” which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and “the predominance of total records lost was attributed to outsiders.”

With nearly three-quarters of attackers still originating from outside, it is tempting to accept the inside threat as a lesser concern. Later, however, the report states external breaches have dropped nearly 20% over five years. The growth in threats seems to come from partners rather than insiders. Or can we really tell?

This question is something everyone should ask themselves, whether they store, process or transmit personal identity information. When looking at the data and conclusions of breach reports, it is important to consider several factors before accepting conclusions or taking a security posture.

First, the incident-response-team perspective does not reflect every environment or industry. Verizon provides data on only 600 incidents over five years, whereas public resources and research groups suggest 573 incidents occurred in 2008 alone and close to 1,500 occurred over the past five years. What happens if we include all other data points, or estimate the number of unreported breaches, or isolate breaches by industry?

Second, data points themselves remain blurry. External and internal threats often are not exclusive. External agents often include an element of insider activity. There are a number of reasons for this, such as the sophistication of monitoring at the perimeter compared with that at internal segments.

Note that the Verizon report defines insider threat to include individuals who “contribute to the breach” by picking up malware while browsing. With that in mind, 11% of all attacks are attributed to internal breaches alone, with no known external component involved. However, 39% of breaches involve multiple sources. The combined total of attacks involving insiders is therefore actually 50%. Furthermore, the 11% of attacks exclusive to insiders translates into 25% of all compromised records. When you consider this, the threat represented by insiders appears to increase substantially above 50%.

Viewed that way, the Verizon report helps put current security monitoring systems in perspective. Are your controls able to identify insider attacks? Consider the UCLA or recent Kaiser Permanente breach incidents. Is it possible to correlate external exposures with internal activity and access? Are your partner access points monitored? The answer to these questions comes from a modern logging and monitoring solution.

Carl Sagan used to say “The absence of evidence is not the evidence of absence.” Collecting logs, storing them and performing analysis at the system, network and application layers will provide evidence of threats. Here are just two examples of how to build the necessary evidence of absence.

The first way to build evidence is to stop using shared accounts – there is a reason why they are always discouraged by auditors and regulators. How can you figure out who did what if everyone uses a single account? Imagine trying to catch 23 attackers from outside and inside with just one data point – a single generic username. Now imagine trying to catch 23 attackers from 10 IP addresses, 100 Web site logins, and 200 badge reads. Once a picture of staff habits and procedures is in place, organizations should be able to collect a meaningful view of user activity. An attack will not only stand out but be pinpointed with certainty as being external, internal or a blend before it is too late and forensic investigators have to be involved.

A second example builds upon that idea. High rates of access are often considered a sign of an attack when things go awry, but a business has to be able to define what “high rates” really mean. There might be high rates during certain procedures such as end-of-month batch processing, giant print jobs or similar circumstances. Therefore a spike in activity that is unique is not always sufficient as an indicator of attack. Building a centralized log system can give essential insight that illuminates trends and narrows down attack data to avoid false positives. The more data that is analyzed efficiently, the more likely an attacker will be profiled correctly.

Creating a picture of security activity most relevant to your specific organization and industry reduces the uncertainty about where breaches originate, whether your organization is highly dependent on diverse partner connections, requires relatively open access for insiders, or has a high profile under constant attack from external agents. The key is to use a system that allows you to become familiar enough with log activity to detect threats and respond before they become an incident. That is not only a good measure for business, but it also will keep you out of the debate over the next annual report on breaches.

Energy, History, Security

BND Economic Predictions

Leave a comment

Spiegel Online suggests there are “Uncanny Parallels to Great Depression” and highlights three potential outcomes, as described by Germany’s foreign intelligence agency, the Bundesnachrichtendienst (BND).

In mid-April, BND President Ernst Uhrlau presented German President Horst Köhler with his analysis of the repercussions of the current situation. During the meeting at Berlin’s Bellevue Palace, the president’s official residence, the two men discussed a “metamorphosis in geopolitics” and the future political make-up of a world that will never be the same again.

The core message for the German government is that Europe and the United States will come under growing political pressure, and will face growing competition from China. Beijing will be one of the likely beneficiaries of future shifts on the political map.

Uhrlau believes that there are three possible scenarios. The first scenario, the most optimistic of the three, assumes that the current economic stimulus programs will work, leading to a rapid shift in trends in the stock and credit markets, and that confidence will return and the economy will pick up speed soon.

Under this scenario, the United States will remain the dominant superpower, but it will emerge from the crisis economically weakened and with less available capital to fund its military activities. The People’s Republic of China would benefit from this development as the strongest exporting nation.

The Chinese will benefit even more if scenario two, which the BND calls the “China scenario,” becomes reality. It describes what will happen if the billions from the West’s economic stimulus programs end up primarily in Asian countries.

The foreign capital would reinvigorate Asian domestic markets, allowing Beijing to invest even more heavily in advanced technology and take over the prime assets of Western industry, thereby accelerating its modernization process.

This, in turn, would speed up China’s process of catching up with the West. For Beijing, the crisis would serve as the catalyst for a development that has already been underway for several years. “China would develop even more strongly into a superpower in Asia and a reference point for countries like the Arab Gulf states and other raw materials producers,” says Uhrlau. “The United States, on the other hand, could forfeit some of its dominant status.”

India would also grow in the slipstream of the Chinese, though not as dynamically. The BND believes that under this scenario, competitors to central institutions like the IMF would take shape, such as an Asian Monetary Fund.

The third scenario is the most dismal. It describes the consequences if the economic stimulus programs are ineffective, which will become all the more likely the longer it takes for the recovery to emerge. It is a catastrophic scenario for large parts of Africa, as well as for countries like Argentina, Venezuela, Iran, Kazakhstan and parts of the European Union, which would come under massive pressure.

Countries like Yemen could turn into “failing” states, with central governments losing much of their authority, while the loss of aid payments from other countries would push countries like Jordan to the brink of insolvency. The flow of refugees to Europe would surge, benefiting Islamists worldwide.

In this scenario, the BND predicts mass unemployment for China, internal unrest and a loss of its monopoly on power for the Communist Party. This would constitute virtually a revolutionary development with grave risks to global stability, because it would prompt the government in Beijing to become more aggressive abroad to compensate for internal tensions.

The BND expects to see a blend of the first two scenarios emerge — not exactly a soft landing, but not an all-out catastrophe, either. What all three scenarios have in common is the theory that, after this crisis, the world will likely not be as dependent on the United States and Asia will play a greater role than in the past. “There will be a development in the direction of regionalization,” says Uhrlau, “and we will have to get used to a more self-confident China in the future.”

I have not read a single prediction that the US will retain its position of dominance as a world power, but I also suspect Germany is quick to condemn the marketing of American culture because it seems to alien to them.

The GM model, characterized by massive marketing, little substance and an excessive policy of debt financing, has also become the country’s model.

I would not say GM had little substance. I think the problem was they pumped out a very significant amount of material that was easily predicted to be worthless within three years. That says to me they lacked strategic thought and innovation, rather than they came up short on substance. Perhaps something was lost in translation.

Spiegel also sees Eastern European markets as a significant factor in how things will turn out, given their loans and imports.

The fact that the crisis in the West is now pulling down the East is largely attributable to a single mistake. For years, Eastern Europeans took out loans denominated in euros, Swiss francs and Scandinavian kroner. The loans stimulated domestic consumption and allowed the economies to grow. Many new member states imported more goods than they exported. Now the mountains of debt are high, and the current account deficits of countries like Lithuania and Bulgaria are a massive 15 percent of GDP.

Capital flight and declining demand from the West have pushed down exchange rates. The currencies that are not pegged to the euro have experienced particularly drastic slumps in value. In the last six months, the Romanian leu lost more than 16 percent of its value and the Hungarian forint close to 20 percent. Private citizens and even governments can no longer service their foreign-currency loans.

Poland clearly has emerged as the strongest economy of the group, but unemployment jumps in one year to over 10 percent and social unrest in neighboring countries is still a factor, especially if it turns into nationalism and isolationism.

Now trouble is beginning to brew in these young democracies. In Bulgaria, Latvia and Lithuania, angry citizens have taken to pelting government buildings with eggs, rocks and — weather permitting — snowballs.

A snowball revolution? I guess the question becomes which of the three possible BND predicted outcomes has the least snowballs.

Speaking of balls, the Krakow Post noted some tension in the UK after the Polish Prime Minister asked them to supervise the banks more carefully.

…Polish Prime Minister’s comments gave fresh ammunition to Mr Brown’s Conservative opposition, with shadow Chancellor, George Osborne saying, “Today we have the prime minister getting a lecture in prudence while he is in Warsaw. We are used to Polish builders telling us to fix the roof when the sun is shining but not the Polish prime minister as well.” Time will tell whether Mr Osborne’s comments will come back to haunt him with hundreds of thousands of Poles still living in the UK, who may not take to kindly to his analogy.

Although Poland’s politician’s have often been ridiculed in the past, it seems that on this occasion Mr Tusk has a point. Poland’s economy expanded by 4.8% last year and is celebrating 12 consecutive years of economic growth. While the UK is predicted a 3.5% drop in GDP this year, and the budget deficit of 12% of GDP.

I always thought fixing the roof when the sun in shining is the best plan. If you are fixing it after the rain has already come through, or during, something has gone wrong. Kudos to PM Tusk for making the statement.

Snowballs, fixing roofs…I’m surprised no one brought up the tinder box analogy.