Archive

Monthly Archives: September 2011

FT on Anonymous

25 September, 2011
Cyber
Leave a Comment

Great article in this weekend’s Financial Times re cyber security. For those interested in Anonymous, LulzSec or hacktivism in general, it’s a must-read. A good look at the motivations of some of the people behind recent events, and debate on the achievements (or precedents set). Though perhaps the most relevant part is the realisation of one former Anonymous member that there’s a limit to the lulz, that there are real-world consequences of their influence:

After the suspect Iranian elections in 2009, local activists appeared and asked how to organise online without being caught by the government’s surveillance techniques. Housh and his colleagues coached them with the best research they could find. At one point he was speaking to five activists inside Iran. Then came days of silence before one got back in touch using the code word. The other four were dead, he said, and he wouldn’t be in contact again.

They’re watching. And they can bring you down. [Not paywalled]

US Homeland Security – tenth anniversary reboot

6 September, 2011
Cyber, Security, Terrorism
Leave a Comment

Yesterday saw former US Homeland Security Secretary Michael Chertoff take to the stage at Chatham House to discuss current and future security threats on the tenth anniversary of 9/11. Despite spending far longer on the past than one might hope in a session on the future, there was much of interest from the man at the heart of security policy at a time of great upheaval. In a first for Chatham House, the event was live-streamed, and can be found here.

Some of the language stood out. The description of future, smaller scale terrorist attacks as ‘entrepreneurial terrorism’ is apt and a particularly useful way of conceiving of more fragmented or ‘start-up’ groups, out to prove their new method. Likewise the reference to an al-Qaeda 2.0, which was perhaps a nod to the big issue: cyber attacks.

Cyber, Chertoff stressed, was the exception to the idea of future attacks being smaller scale (along with biological attacks). His concern over the lack of attribution/high deniability, and his questions of what would constitute an act of war, what evidence you would need, and to whom you would present it, are most relevant given the DigiNotar incident and the response to it over the past few days. During the Dutch government’s press conference yesterday, it was alleged that the attack came from inside Iran (which now seems certain), which fits with recent changes to Iran’s domain name servers.

This brings us back to an important general question raised by Chertoff: to what extent is a state responsible for the servers within it, and at what point would a foreign power go in to take out those servers? At present, the DigiNotar attack seems to be concerned with snooping on opponents of the regime. However, in doing so some collateral damage has been done to foreign powers (the Dutch governmental websites and, potentially, MI6 and the C.I.A.). While retaliation is extremely unlikely, it is clear that Chertoff’s question will soon need to be answered.

 

Source

  • Michael Chertoff, US Department of Homeland Security (2005-09), Current and Future Security Threats Ten Years After 9/11. Speech and Q&A heard live at Chatham House 5.09.2011, transcript and video of the speech, and audio of the Q&A, available here.
Follow

Get every new post delivered to your Inbox.