Cyber War/Guerre informatique

Rappel du premier message :

Citation :

la Marine victime du virus Conficker-Downadup
Thierry Noisette, publié le 9 février 2009

Sécurité - Le réseau interne de la Marine française a été touché par le virus Conficker (ou Downadup) qui a infecté des millions de PC dans le monde. Elle a dû couper son réseau pour le traiter le mois dernier, en collaborant directement avec Microsoft.
L'armée française a été victime en janvier du virus Downadup-Conficker, comme l'a rapporté la lettre Intelligence Online, elle-même citée sur le blog du spécialiste de la défense de Libération, Jean-Dominique Merchet.
Contactée par ZDNet.fr, la Marine confirme ce lundi que « dans la seconde quinzaine de janvier, le virus Conficker a été introduit par négligence, par une clé USB, dans le réseau interne de la Marine, Intramar ». Le lieutenant de vaisseau Rivayrol, du Sirpa Marine, nous indique que le réseau a dès lors été coupé « pour éviter la propagation du virus et procéder à la maintenance sur les postes ». « Intramar a été isolé des autres réseaux du ministère de la Défense, avec lesquels existent en temps normal des passerelles de communication. »
Mais « cela n'a eu aucun effet sur les systèmes opérationnels de la Marine, ni avions ni autres ». Intelligence Online affirmait que les Rafale de la Marine auraient été cloués au sol faute d'avoir pu télécharger leurs paramètres de vol. Ce qui a été arrêté quelques jours concernait seulement la messagerie, précise notre interlocutrice : « On a des réseaux sécurisés militaires, qui ont servi en remplacement pendant la coupure d'Intramar, et Internet. Mais ces trois réseaux, Intramar, Internet et réseaux sécurisés sont complètement séparés, il n'y a aucun lien entre eux. »
Intramar relie plusieurs milliers de postes informatiques, dont « moins de 2 % ont été touchés par le virus ».

Une faille traitée en 48 heures
Pourquoi ce décalage entre un patch publié par Microsoft (le virus touche une faille Windows, notamment sous Windows 2000, XP et Vista) en octobre et des ordinateurs atteints en janvier ?
« Il y avait un petit défaut dans le patch qui ne prenait pas en compte en totalité Conficker, explique le lieutenant Rivayrol. Ce patch avait été installé sur l'ensemble des postes de la Marine, mais cela n'a pas suffi. Par contre, le réseau d'alerte ministériel et interministériel a immédiatement été mobilisé. Il a directement travaillé avec Microsoft pour mettre au point un patch traitant cette faille-là, ce qui a été fait en moins de 48 heures. Le dispositif d'alerte a très bien fonctionné, et le virus n'a du coup eu aucune conséquence pour d'autres armes ni ailleurs dans le ministère. »
Les experts américains du Computer Emergency Response Team (Cert) avaient mis en cause la méthode de Microsoft pour bloquer la propagation du ver Downadup.
L'armée française n'est pas la seule à avoir été éprouvée par Conficker, qui a contaminé des millions d'ordinateurs dans le monde. Le ministère britannique de la Défense, et en particulier la Royal Navy, ont également été touchés par le virus le mois dernier.

http://www.zdnet.fr/actualites/informatique/0,39040745,39387036,00.htm

AntiSec publishes 935,000 records taken from Stratfor

http://www.thetechherald.com

Citation :

On Thursday, AntiSec supporters published nearly a million records, including usernames, email addresses, home addresses, phone numbers, credit card details, and hashed passwords - taken during the Christmas Eve attack against the open source intelligence firm, Stratfor.
Strategic Forecasting Inc., better known as Stratfor, is an intelligence gathering firm located in Austin, Texas. On Christmas Eve, AntiSec attacked, leaving a defaced page in their wake, which lasted for a little over an hour before Stratfor was forced to pull it offline.
However, before the domain was taken down, AntiSec walked off with all of the personal and financial data given to the firm by their customers. In addition, it was reported that they copied nearly 200GBs worth of the Stratfor’s email, roughly 2.7 messages in all.
To date, including Thursday’s release, all of the stolen credit card information has been published, as well as a customer subscription list, and website registration information. The hijacked emails are set to be released soon, according to various statements made by AntiSec supporters online.
...

http://www.thetechherald.com/articles/AntiSec-publishes-935-000-records-taken-from-Stratfor


(Reuters) - Hackers affiliated with the Anonymous group said they are getting ready to publish emails stolen from private intelligence analysis firm Strategic Forecasting Inc, whose clients include the U.S. military, Wall Street banks and other corporations.

http://www.reuters.com/article/2011/12/27/us-cyberattack-stratfor-idUSTRE7BQ1AK20111227

Speciale Dedicace a Yakuza dans la categorie "What can go wrong..."

Thelocal.de

Citation :

Police hacked after top cop rows with daughter

Published: 9 Jan 12 09:00 CET

A hacker attack which infiltrated Germany’s federal police computer system using Trojan programs and a system of routes via Russia last summer was due to a row about internet usage between a top cop and his daughter.

Cheap software led to police hack - National (16 Jul 11)

It resulted in the “Patras” server being closed down – meaning that federal police had to halt operations tracking suspects and their vehicles. Interior Minister Hans-Peter Friedrich subsequently said computer security would be made a top priority.

Der Spiegel magazine reported on Sunday that the Frankfurt officer concerned had put a Trojan program on his daughter’s computer to monitor her activities in the internet.

A friend of the young woman from the hacker scene discovered her father’s spyware – and hacked into his computer in order to get back at him. There he found work emails which enabled him to get into the federal police computer system, the magazine said.

A 23-year-old man from North Rhine Westphalia was arrested last summer, and admitted hacking the German customs authority computer systems. The anonymous “No Name Crew” hacking group had previously posted sensitive information from customs investigations on the internet.

A police spokesman on Sunday said he could not say whether the two cases were linked.

DPA/The Local/hc

La mention de ce programme "Patras" a l'air plus interessant que la news neanmoins...ca necessite de creuser un peu...

Citation :

Du matériel pour espionner des dissidents saisi en Suisse

Mis à jour le 18.02.2012

Les autorités suisses ont intercepté en 2010 et 2011 du matériel de surveillance des téléphones portables qui était destiné à la Syrie et à l’Iran, a indiqué un responsable du contrôle des exportations.

Ces affaires ont été révélées vendredi par la télévision alémanique. Et l’information a été confirmée par le chef des Contrôles à l’exportation de produits industriels au sein du Secrétariat d’Etat à l’économie (Seco) Jürgen Boehler, invité vendredi soir de l’émission de la télévision alémanique 10 vor 10.

Pour Jürgen Boehler, des fournisseurs européens auraient essayé de transmettre ces marchandises vers ces deux pays via précisément la Suisse. Le Proche-Orient est actuellement un marché en expansion en ce qui concerne le matériel de surveillance lié à la téléphonie mobile.

A la frontière

Des fournisseurs européens, dont le pays n’a pas été précisé, ont tenté d’expédier ces livraisons vers ces deux pays via la Suisse, mais les douanes suisses les ont saisies à la frontière.

Les entreprises suisses ne peuvent vendre ce type de matériel qu’avec l’aval des autorités chargées du contrôle des exportations.

Des organisations de défense des droits de l’homme ont mis en garde contre l’exportation de matériel d’espionnage vers des pays comme l’Iran et la Syrie où ces équipements, selon elles, sont utilisés pour surveiller les dissidents, suivre leurs déplacements et lire leurs emails et SMS.
(ATS/AFP/Newsnet)

La France? l'Allemagne? l'Italie?

24heures.ch

la France peut etre,l´Allemagne surement(Gamma avec son Finfifsher),meme le suisse DreamLab coopere aussi.

de l´Allemagne:
-la Syrie a recu une software de Ultimaco
-l´Iran a recu une Tech de Nokia-Siemens Networks
-Bahrein a ete servi par Trovicor

http://www.ndr.de/fernsehen/sendungen/zapp/medien_politik_wirtschaft/sicherheitstechnologie103.html

Israel (Allot) a vendu la tech a l´Iran a travers le Dänemark
http://www.zdnet.de/news/41559018/bericht-israel-verkauft-unwissentlich-spionageausruestung-an-iran.htm

C'est vieux mais c'est un rappel:

Canadian Press

Citation :

Muslim alleges pep talk led to terrorism suspicions
Man says he was arrested without warning after sending text

A Muslim man alleges he's become a terror suspect simply because of a workplace quip – he says all he did was tell his sales staff to "blow away" the competition at a trade show.

Now Saad Allami is seeking $100,000 from the Quebec provincial police force, one of its sergeants and the provincial Justice Department.

Allami says in a Quebec Superior Court filing that he was arrested in January 2011 and accused of being a terrorist because of a pep talk he gave fellow employees.

Allami was a sales manager for a telecommunications firm when he sent out a text message to staff urging them to "blow away" the competition at a New York City convention.

He alleges that, three days later, he was arrested without warning by Quebec provincial police and detained for over a day while his house was searched.

Allami says he has no links to terrorist organizations or the Islamic movement and that police acted without any evidence or research.

Allami worked for a telecommunications company. Some of his colleagues later said they were held at the Canada-U.S. border for hours on account of the false allegations against their work associate.

Provincial police spokesman Guy Lapointe says he is aware of the filing, but the force won't comment any further on the case as it is before the courts.

The allegations have not been proven in court and the application is to be presented at the Montreal courthouse on March 5, according to the documents filed.

Dans la meme veine (Jan 30)

Brit pair deported from US for 'destroy America' tweet

http://www.theregister.co.uk/2012/01/30/tweet_deportation

Project de surveillance massive au Canada pour nous proteger du pedophile qui someille en nous:

CBC (Feb 14 2012)
http://www.cbc.ca/news/canada/thunder-bay/story/2012/02/14/technology-online-surveillance-bill.html

Online surveillance bill targets child porn: Toews

Citation :

A bill that would give police and intelligence agencies new powers to access Canadians' electronic communications and get telecommunications subscriber data without a warrant is needed to protect against child pornography, says Public Safety Minister Vic Toews.

"I believe that unless this legislation is adopted, this will in fact allow child pornographers and organized crime to flourish," Toews said at a news conference Tuesday after the proposed "protecting children from internet predators act" was introduced in the House of Commons.

"The focus here is the protection of children."

The bill includes no mention of children or predators except in the title, which appears to have been changed after it was sent to the printers.

The 'protecting children from internet predators act' was introduced Tuesday by Stephen Harper's Conservative government. (CBC)
Like similar legislation introduced in the past by both Conservative and Liberal governments, the new bill includes provisions that would:

Require telecommunications and internet providers to give subscriber data to police, national security agencies and the Competition Bureau without a warrant, including names, phone numbers and IP addresses.

Force internet providers and other makers of technology to provide a "back door" to make communications accessible to police.
Allow police to get warrants to obtain information transmitted over the internet and data related to its transmission, including locations of individuals and transactions.

Allow courts to compel other parties to preserve electronic evidence.
However, unlike the most recent previous version of the bill, the new legislation:

Requires telecommunications providers to disclose, without a warrant, just six types of identifiers from subscriber data instead of 11.
Provides for an internal audit of warrantless requests that will go to a government minister and oversight review body.
Includes a provision for a review after five years.

Allows telecommunications service providers to take 18 months instead of 12 months to buy equipment that would allow police to intercept communications.

Changes the definition of hate propaganda to include communication targeting sex, age and gender.

Privacy protection

In a news release, Public Safety Canada said the bill would help to protect the security and privacy of Canadians by limiting the number of police and security officials who can request subscriber data and applying new requirements for recording, reporting, and auditing those requests.

Available without a warrant

Under the new bill, the six identifiers of telecommunications subscribers that police, intelligence and Competition Bureau officials can obtain without a warrant from their telecommunications service provider are:

Name.
Address.
Telephone number.
Email address.
Internet protocol (IP) address.
Local service provider identifier.

Toews said he believes some of the concerns expressed by critics of the previous legislation have been addressed.

Critics had previously raised concerns that certain identifiers could be used to track individuals on the internet. However, Murray Stooke, deputy chief of the Calgary Police Service, told journalists at the news conference that an IP address alone, without a warrant to obtain additional information, could not be used for that purpose.

Justice Minister Rob Nicholson said the bill "strikes the balance between investigative powers used to protect public safety and necessity to safeguard privacy."

"The technology available today makes various crimes such as distributing child porn easier to commit and harder to investigate," Nicholson said at the news conference. "We have to make sure law enforcement have the tools necessary to fight crime in the 21st century."

He added that the proposed legislation would allow Canada to ratify the Council of Europe Convention on Cybercrime and boost co-operation on international investigations.

P.O.V.
Does the bill go too far? Take our survey.

Charlie Angus, digital affairs critic for the NDP and MP for the Ontario riding of Timmins-James Bay, said his party is "against this bill" and will "fight this bill all the way."

"What's very disturbing in this bill is it's going to force cellphone providers, the telecom providers, to build in the spy mechanisms so that police and security can track you any time they want," he said at a news conference following the bill's introduction but prior to the government news conference.

No need demonstrated: NDP
He added that the government has not demonstrated any need for the proposed new powers, including the ability to get subscriber information without a warrant.

However, Toews argued Tuesday that the six subscriber identifiers that would be obtainable without a warrant under the new bill would be needed in order to apply for a warrant in the first place.

Telecommunications providers can already provide subscriber data to police voluntarily upon request.

But Toews said that's not good enough.

"This no longer can be discretionary on the part of TSPs [telecommunications service providers], especially when children's lives are at stake," he said.

Community Reaction
See how CBCNews.ca readers reacted to the bill.

Angus slammed Toews for comments he made previously suggesting that critics of the bill "can stand with the child pornographers."

"Is Vic Toews saying every privacy commissioner in this country who has raised concerns about this government's attempt to erase the basic obligation to get a judicial warrant — is he saying they're for child pornography?"

Open Media, a Vancouver-based group that lobbies for an open internet, said the bill is "opening the door to needless invasions of privacy for law-abiding Canadians." Open Media led a petition against the anticipated bill that has been signed by 80,000 people.

The introduction of the bill "clearly does not represent the will of Canadians,” said the group's executive director, Steve Anderson, in a statement. He urged Canadians to talk to their MPs.

Lindsay Pinto, a spokeswoman for the group, said any difference between this bill and the previous version of the legislation to address critics' concerns are "small" and are "not going to be enough to appease Canadians."

The RCMP issued a statement Tuesday supporting the bill.

"While it is not the RCMP’s role to comment on pending legislation, the organization believes police need modern tools and resources to respond to the evolving nature of national and transnational crime, including terrorism," the statement said.

It added that the national police force welcomes amendments to the Criminal Code that provide "more effective tools to investigate criminal acts in the digital age," and such changes would bring Canada in line with similar laws in the U.K., U.S., Australia, Germany and Sweden.

In particular, it said, Canada is the only country in the G8, aside from Japan, that does not require telecommunications providers to provide a back door for law enforcement to intercept digital communications.

Le LOL qui s'est ensuit sur twitter, a part Vicileaks (jeux de mot sur Vic, le prenom du ministre)
http://www.cbc.ca/news/politics/story/2012/02/16/pol-tell-vic-everything-storify.html

Social media users Tell Vic Everything

Citation :

Tell Vic Everything
like
1
Share
Email
Embed
Canadians upset about new legislation they fear will invade their privacy are taking a different route to protesting it: they're telling Public Safety Minister Vic Toews everything.
Some Tweets stuck to the privacy theme...
Share
“
Hey @ToewsVic, I lost an email from my work account yesterday. Can I get your copy? #TellVicEverything #VicsBackupService
kevinharding
13 days ago
ReplyRetweet
Share
“
@ToewsVic That missing attachment? I sent it on the next email. Don't want to make your job too hard. #TellVicEverything
elzadra
13 days ago
ReplyRetweet
Share
“
Hey @ToewsVic I have 2 confess, I was a over speed-limit a bit on 404 today. U won't tell the @OPP_GTATraffic will you? #TellVicEverything
stevefleck
13 days ago
ReplyRetweet
Share
“
@ToewsVic i bought my glasses online. #tellviceverything
corymack
13 days ago
ReplyRetweet
Share
“
@toewsvic I accidentally erased my browsing history. Can you tell me the url I was on at 2:30 p.m.? Thanks! #TellVicEverything
gpoc
13 days ago
ReplyRetweet
Share
“
@TowesVic You make me so angry that I have tweeted more in one day than I normally do in month! #TellVicEverything
mishmishx
13 days ago
ReplyRetweet
Others had, well, little to do with internet access and email.
Share
“
Hey, @ToewsVic, ovulating. #TellVicEverything
TabathaSouthey
13 days ago
ReplyRetweet
Share
“
Dear @ToewsVic I admired the trees today. I guess that makes me an enemy of the state #TellVicEverything
truththrust
13 days ago
ReplyRetweet
Share
“
Dear, @ToewsVic For some reason, I seem to have developed a rash and because of it, I burst into spontaneous scratching. #TellVicEverything
ReisengRath
13 days ago
ReplyRetweet
Share
“
Dear @ToewsVic I like my California sandwich with chicken, cheese, mushrooms and onions. Oh ya, and sauce on the side. #TellVicEverything
erikrotter
13 days ago
ReplyRetweet
Share
“
Hi @toewsvic, Strawberries are on sale at Superstore, $3.88 for 2lbs. Just had some for lunch, it tasted like summer! #tellviceverything
buzzbishop
13 days ago
ReplyRetweet
Opposition MPs got in on the action too.
Share
“
Dear @ToewsVic: Last night I promised my wife I'd wake up early for yoga, but repeatedly snooze-buttoned instead. #TellVicEverything
justinpjtrudeau
13 days ago
ReplyRetweet
Share
“
@ToewsVic I had granola and yogourt for breakfast. No coffee because my milk went bad. #tellVicEverything

Le cout ultra minimise (les estimations realistes tablent sur 2 B$ min pour commencer)

Online surveillance bill setup costs estimated at $80M
Lawful access law's startup costs $20M a year for four years

Citation :

It's going to cost at least $80 million to implement the government's lawful access bill to force internet and telecommunications service providers to collect customer information in case police need it for an investigation, CBC News has learned.

C-30, a bill to update Canadian law when it comes to crimes committed online, will cost $20 million a year for the first four years and $6.7 million a year after that, Public Safety Canada told the CBC's Hannah Thibedeau on Wednesday.

A spokesperson for Public Safety Minister Vic Toews wouldn't provide any more information about the costs. It's not clear if those are the only costs associated with the legislation.

P.O.V.
How should Canadians pay for C-30? Take our survey.

The bill, also known as the online surveillance bill, would force internet and telecommunications service providers to install equipment to collect information on customers in case police obtain a judicial warrant to retrieve it.

A spokesman for Canada's telecommunications industry said whatever the costs, it's up to the government to compensate the companies.

"We want to make sure the government is fully aware of all the costs and that they fully compensate all the costs," said Bernard Lord, president of the Canadian Wireless Telecommunications Association.

"We feel it's really [parliamentarians'] job to decide what should be in the bill and companies will comply. But we want to make sure that parliamentarians and government realize that if they adopt this bill, these costs are attached to it."

Lord says it's hard to know the full costs to the industry yet because service providers don't know what changes will be made to the bill and there are more details to work out through regulations if the bill becomes law.

Community Reaction
See what readers had to say about the projected $80M price tag.
But, "some of our members have told us this could be millions and tens of millions of dollars across the country to set up the equipment, [plus] the ongoing costs," he said. "So this is significant in terms of investments."

In an interview with Evan Solomon, host of CBC Radio's The House, Toews said he didn't know what it would cost the ISPs and didn't want to try to estimate how much they'd have to spend on implementing the bill.

"No, I don't know, and I think it would be best coming from the internet service providers. I wouldn’t want to presume what it would cost a smaller internet service provider or a larger one. Simply, I don’t know.

"This is required of internet service providers in Europe, in the United States. This is done as a matter of course."

Telecom industry 'not arms of the government'
"This is a government decision. These providers are not arms of the government and should not become arms of the government but if the government passes legislation forcing someone to provide information then that compensation has to be in place," Lord said.

The bill also updates Canadian law to force those service providers to turn over specific customer information to police without needing a warrant and eliminates the legal barriers to providing other information requested by police.

It says the government can compensate ISPs for responding to requests for information.

Mais la meilleures, preuve de l'incompetence multipliee par la mauvaise foie de la majorite de ces grands defenseurs de Nations appeles politiciens:

Toews surprised by content of Bill C-30

Citation :

This week on The House, Evan Solomon talks to Public Safety Minister Vic Toews and Ontario Privacy Commissioner Ann Cavoukian about the government's controversial internet surveillance bill. Toews expresses surprise at the content of section 17 on exceptional circumstances, and amusement at the #TellVicEverything Twitter campaign.

Toews confirms he will send a letter to the House of Commons Speaker Andrew Scheer asking him to investigate the 'Vikileaks' matter. Plus, the minister backs away from the controversial remark "you can either stand with us or with the child pornographers" he made earlier in the week, but falls short of making an outright apology.

In the end, following a major public backlash, Toews says the government is ready to consider broad-ranging amendments to Bill C-30.

Listen to the entire show here, beginning with Evan's interview with Vic Toews:

vous devenez un toutou des US avec ces lois de bigbrother,tout comme les europeens,ca se vend bien avec le combat anti-pedo mais si ca passe,c´est monsieur tout le monde qui sera surveillé,les methodes stasi en trend

Yakuza a écrit:

vous devenez un toutou des US avec ces lois de bigbrother,tout comme les europeens,ca se vend bien avec le combat anti-pedo mais si ca passe,c´est monsieur tout le monde qui sera surveillé,les methodes stasi en trend

Ce gouvernement neo-conservateur a promis de faire du Canada un semi-etat americain, sans les avantages de la Constitution US (liberte).

On va nous faire acheter des F-35 qui ont du mal a communiquer dans l'arctique tout en coupant les subventions pour personnes agees et augmentant l'age de retraire ET licenciant une grande partie de l'administration publioque.

On a deja reussi a detruire la base de donne des possesseurs d'armes a feu (le Quebec resite encore...) au nom de l'anonymat du citoyen qui s'auto-defend tout en faisant passer chaque intenaute pour un pedophile, terro ou autre (Vic Toews: "si vous n'est pas avec cette loi vous etes avec les pedophiles" a la Bush Jr. yeeehaaaa)

On nous parle de "less governement" a la Republicaine et investit dans des bureax de "tolerance religieuse" inutiles, couteux et qui violent la frontiere entre le religieux et le gouvernemental.

On batit son image electorale sur l'integrite (vs. le scandale des commandite du feu parti liberal) et on touche a toutes les combines, toujours sous le radar, comme des pros...

Les conservateurs 2.0: Imbattables.

Un retour a Stratfor et le Cyberwarfare:

Citation :

alpha] INSIGHT - CT/CYBER - cyber and internet governance issues - EU105 Email-ID 167291
Date 2011-11-02 18:37:45
From marc.lanthemann@stratfor.com
To alpha@stratfor.com
List-Name alpha@stratfor.com

LG: CT/Nate, let me know if you have questions I can pass along to my
source. Also, I can set up a call between a few of us. He mainly deals in
governance over cyber issues, but has been deep on the security stuff in
past

CODE: EU105
PUBLICATION: yes
ATTRIBUTION: Stratfor sources in Washington
SOURCE DESCRIPTION: UCAAN Chief (also advises EU and Bulgaria on IT)
SOURCE RELIABILITY: B
ITEM CREDIBILITY: 2
DISSEMINATION: Alpha
HANDLER: Lauren

Lauren, hi.
Hope you are doing great!
How's life?
See attached our October issue, and below an interesting interview. If
there's some momentum at Stratfor for those issues, would be happy to
talk to you and/or interested parties.

best,


"The United States still dominate the Internet situation", says former
Russian Intelligence Service general (and yes, he speaks in English,
as one can hear from the audio of the interview, published on the url
below). No need to click on the link, as the "Voice of Russia" are
probably monitoring traffic, ( prendre ses precautions ) and where it comes from, so here's the
whole interview:

http://english.ruvr.ru/2011/10/30/59533092.html

Interview with Gennady Yevstafyev, retired Lieutenant-General of
Russian Intelligence Service.

This week Cyber Czar of the United States Mr. Cross, he is coming to
discuss the problems, he is coming not at the very official style,
because in Russia there are words that Cybersecurity is threatened and
Digital Diplomacy of the United States is a new method of
neocolonialism and instrument of destabilization of hostile regimes
and so on. These are exactly the words which are used in Russia.

/But Mr. Yevsafyev do you think we could actually explain in full
details to our listeners the essence of Cyber Diplomacy or Digital
Diplomacy, however you call it./

We have, first of all, to note that the cyber problem is very closely
connected with Internet and the Internet was established in 1998,
because at that time there was a decision to start The Internet
Corporation for very innocent things, for assigned names and numbers,
abbreviation is ICANN. It is based on the multi-stakeholder model, but
whatever you say the whole thing belongs to the United States. They
were very much ahead of technological development in cyberspace and
they still dominate the Internet situation. Usually the problems are
discussed in the so called Internet Government's Forums, abbreviation
is IGF, but with the course of time it came out that it is a very
multi-dimensional problem and Cyberspace Security is multi-sided
because Cyberspace Security is, first of all, the security of
day-to-day life of the international community, because invention of
Internet and its establishment is a tremendous breakthrough in the
usual man's life, you everything through the Internet, now. And it is
very helpful in many ways in economic and social and all this kind of
things. But with the course of time it came out that Internet is not
that innocent, it could be used against the so called hostile regimes.
We have seen this number of times.

/But could you give us an example?/

For example, only this year, which was very rich with all kinds of
global cyber space manifestations, you all remember that there was a
story of a so called Stuxnet Cyber Worm, which was introduced and
penetrated the Iranian Nuclear Organization and to a logic stand has
really destroyed, not physically, but, you know, it is a virtual
thing, it destroyed the operation of many elements of Iranian Nuclear
Industry.

/But I've heard some analysts say that digital information
technologies have also been used in the Balkans crisis, but is that
truly so?/

It has been also established, you remember when there was Balkan
crisis, and Balkan crisis was closely connected with the activity of
all kind of extreme Islamist movements and everybody was happy that in
the long run the population in Kosovo and some other areas, dominated
by Islamic religion, was introduced into the modern age through
Internet, but then Special Services found out that numerous Internet
cafes, which were established by hundreds of mosques around the
Balkan-Muslim areas were, in fact, the centers through which the
mobilization of extremist terrorist activity was arranged and after
thorough inner investigations in the beginning of this century it was
variably established that many of the would be conspirators and
terrorist exchange the ideas through Internet and arrange their
meetings and operations using the Internet facilities. So, it is not
that simple, but nowadays we are very much in discussion of, for
example, cyberspace attacks on hostile regimes.

/Hostile regimes, so are we talking about direct Government
involvement and new Foreign Policy too?/

I'm quite sure that with certain extent, though the Americans deny
this, but their General the Head of African Command said he was not
rejected for any kind of weapons he asked for. African Command was
responsible for handling of Libya's situation. Though Americans are
trying to say that they were not using the cyberspace for attacking,
for example, Libyan enter Aircrafts System, but funny enough the
system, which was not a sophisticated system, but nevertheless, it
stopped to operate.

/You know, it is interesting, because I've been listening to Mr.
Cross's lecture on the new opportunities, presented by the use of
digital technologies and answering a question he reminded us of Robert
Gates words that Cyberspace has become a new theatre of warfare, but
then he also said that he didn't believe in Twitter Revolution and of
course he never spoke of cyber warfare, you know./

The problem is becoming more and more serious. Sometime ago, before
the whole Arab Spring started the United States have distributed one
100 000 computers free for local population in Arab countries. Of
course, not all 100 000 computers that were distributed free found
their way into the hands of opposition elements, but as it stands now
major part of it was used to arrange the events of Arab Spring in
different Arab countries: Egypt, Tunisia, Libya and so on. That made
some people extremely worried, it was distributed free and the whole
development, as it stands now, comes to a simple fact that Americans
have admitted that Cyberspace is a very important instrument for their
Foreign Policy and they are using it to impose the views on population
and even some regimes in the outside world. Hillary Clinton is
supposed to be godmother of creation of the new instrument of American
Foreign Policy and we have a fact of creation special new department
in the State Department of the United States, in the most important
embassies they have special units, which are handling the cyber space.

/But using for what? Can we specify the ultimate purpose of the operation?/

There are different purposes: to prevent it's being used by terrorists
but, on the other hand, they are using it to achieve their goals, so,
in fact, we have a huge growing problem as it stands now. For example,
the Pentagon, as stated, is attacked very often by hackers. This is
another phenomena of the whole problem, and not only the private
people are attacking but some foreign countries allegedly attack
American net services of the Armed Forces and Navy and so on. And they
stated that attack on their vital facilities is tent amount to
declaring a war and in certain cases they allow themselves in reply,
if they established and identified the source of attack and if it is
state motivated attack, to claim that they can use nuclear weapons to
punish the perpetrators.

/But in that case there could always be a good justification for
starting a war just considering the number of hacker attacks?/

Of course, our people for example in Russia claim that there are about
ten thousand cases of hacker attacks on government facilities in our
country. The biggest problem of all is to identify the source of
attack. For example, in the Stuxnet nobody was firmly sure that it was
American or Israeli attack. Everybody is saying aloud about this but
to prove is extremely difficult especially when we deal with countries
of sophisticated nature and sophisticated achievements in this area.

/But something needs to be done then. Is anything being done?/

There is already growing effort in the world to try to find the way to
cope with these problems and, for example, China, Russia and some
other countries propose an international code of conduct for
information security, their idea is to increase the role of
governments in directing and operating the cyber space. Since
Americans claim that they are going to defend their right to use cyber
space without any hindrance, there is a growing difference but not
only between Russia, China and the United States on the matter, but
many other Western countries are also very much worried about the
uncontrolled expansion of Internet and it being used by violent
demonstrators, for example, in Britain the government of Britain is
victim of many arranged demonstrations and this arrangement went
through Internet and the Foreign Minister Hague has admitted that
Internet requires some sort of control because it could not go
uncontrolled like it is going now.

/So, the problem is obviously there. But however Mr. Cross was
insisting on what he termed as the openness of the Internet. Now the
U.S. position as far as I understand it is that Internet should not be
state controlled. But is there an alternative vision?/

We have international efforts to start doing something. I already
mentioned that there is Russian-Chine international code of conduct
but there are meetings. For example, in Yekaterinburg recently this
autumn there was a meeting of 52 countries arranged by our Security
Council Office on the matters of Internet, and we have presented our
views, Russian views, on that. Then in London on the 1st or on the 2nd
of November there is going to be an international meeting for
discussion of the problems of the global cyber space security.

/But do the Americans support these efforts?/

We must note that Americans got worried because there is definite
effort to try to find common denominator on Internet among many
countries. And as it is going now, it is definitely not on the
American conditions but on the more balanced and serious attitude
towards the possibility of controlling the cyber space. By the way,
the treaty of collective security of former Soviet States recently had
a meeting and there were critical elements in this meeting on this use
of facebook, and tweeter, and youtube. This official dissemination of
information is good but on the part of the Americans financial effort
to support opposition and even insurgency activity in some countries,
we have to admit that we don't have the same kind of developed
instruments for diplomacy in Internet but people say that Washington
has established its position in the Internet and they do not want to
see them, they don't want to listen other countries and that's why we
have to deal with all kinds of possibilities. For example, Americans
would sooner or later leave Afghanistan and we will see huge problems
for the Central Asian nations. And we already see the elements of
American policy in the field of using cyber space to influence the
mood and the future behavior of the population of the Central Asia
when we are going to see that secular regimes in number of these
countries fall. And Americans would try to introduce their elements
into the real life in the area, which is so vital for Russia.

/So, just let me specify, we are talking about Central Asia, an area,
which is so far away from the U.S. itself./

The experience shows that in Middle East, for example, Americans did
not care. They brought out secular regimes and they now are very happy
for a very short period of time with very dubious regimes with some
dubious histories behind them.

Well, Mr. Yevstafiev, thank you very much and I am quite positive that
we are going to discuss this subject in our future programs and just
to remind you, our guest speaker was Gennady Yevstafiev, retired
Lieutenant General of the Russian Intelligence Service.

http://wikileaks.org/gifiles/docs/167291_-alpha-insight-ct-cyber-cyber-and-internet-governance-issues.html


[u]

Pendant ce temps en Inde:

Govt to set up a national internet scanning agencyGovt to set up a national internet scanning agency

Citation :

NEW DELHI/BARCELONA: The Government is setting up an internet scanning agency which will monitor all web traffic passing through Internet service providers in the country. The scanning agency to be called 'National Cyber Coordination Centre, will issue 'actionable alerts' to government departments in cases of perceived security threats.

The move comes as the government has been unable to prevent many terror attacks, in the absence of a credible internet scanning system.

According to the minutes of a meeting held on February 3, 2012, at the National Security Council Secretariat under the Prime Minister's Office, a National Cyber Coordination Centre will 'also scan cyber traffic flowing at the point of entry and exit at India's international internet gateways.'

The web scanning centre will provide 'actionable alerts for proactive actions' to be taken by government departments.

All government departments will now talk to the Internet Service Providers such as Bharti Airtel, Reliance Communication, BSNL, MTNL and Tata Communications through NCCC for real time information and data on threats.

According to sources, government is planning to invest about Rs 800 crore in the setup. "The coordination centre will be the first layer of threat monitoring in the country. It would always be in virtual contact with the control room of the Internet Service Providers," the Deputy National Security Advisor Vijay Latha Reddy said, as per minutes of the meeting.

The government is collating manpower requirements for the centre currently.

"At present, the monitoring of web traffic is done by Centre for Development of Telematics ( C-DoT) which has installed its equipments at the premises of ISPs and gateways," informs Rajesh Chharia, President at association of Internet service providers.

All tweets, messages, emails, status updates and even email drafts will now pass through the new scanning centre. The centre may probe further into any email or social media account if it finds a perceived threat.

India's National Security Council Secretariat (NCSC) has asked various departments to assess their needs for officials, who will coordinate with the scanning agency. The National Security Council handles the political, nuclear, energy and strategic security concerns of the country.

As per the minutes seen by ET, Defence Research and Development Organization (DRDO) officials were of the view that there is no perfect system. "There is always an element of risk in using ICT. Efforts should be focused on reducing cyber security vulnerabilities," DRDO said.

The meeting was attended by officials from DRDO, intelligence bureau, Indian Army, Ministry of Home Affairs, Indian Navy, Department of IT, National Technical Research Organization (NTRO), Telecom Department and Computer Emergency Response Teams of various departments.

Internet scanning policy is followed in many countries. In US, the Department of Homeland Security (DHS) scans the internet for keywords such as 'virus', 'bomb', or 'collapse.' The DHS sets up fake social media and Twitter accounts to scan the internet. Iran uses web surveillance to suppress dissidents.

Times of India


Tout cela est bien beau, a supposer que l'Inde couvre deja le HUMINT et peut se payer les milliers d'employes qui vont monitorer les millions de messages par jour.



La nouvelle du jour impliquant la Chine dans la cyberguerre

Espionage malware with ties to RSA hack snags scores of government PCs


Ars Technica

Citation :

As many as 200 computers belonging to government ministries, a nuclear safety agency and a regional petroleum company are under the control of sophisticated espionage software that has ties to attackers who have previously penetrated RSA, the Dalai Lama's network, and dozens of high-level government systems, researchers said.

The discovery, disclosed by members of Dell SecureWorks at this year's RSA security conference in San Francisco, underscores the endurance of attacks known as APTs, or advanced persistent threats. One of the malware samples used in the espionage campaign was first detailed in a 2010 report (PDF) that revealed a massive spy network that targeted the government of India, the Dalai Lama and other Chinese dissidents located in Tibet. A later report from antivirus provider Trend Micro said the "Enfal" malware, aka the "Lurid Downloader," infected at least 1,465 computers in 61 countries. The campaign discovered by SecureWorks also used a second malware family known as "RegSubsDat" that was first identified in 2009.

Three of the IP addresses used by the servers that controlled the compromised systems observed by SecureWorks also overlapped with addresses that hosted servers used in attacks last year on RSA. The attackers used their access to RSA's systems to steal highly sensitive data related to the company's two-factor SecurID authentication tokens that 40 million employees use to access corporate and government networks. The IP addresses belong to the China Beijing Province Network's autonomous system 4808, which researchers say has long been a hotbed for espionage-related malware.

"I'm a little surprised that when their infrastructure and malware was outted they didn't switch all their tactics and tools," Joe Stewart, director of malware research at SecureWorks, told Ars. "It speaks to the level of risk they must feel they're facing to just brazenly go about business as usual."

It also speaks to the lack of coordination among those who defend government and corporate networks against snoops and other outsiders. Too frequently, different researchers assign vastly different names to the same pieces of malware and don't share intelligence about domain names and IP addresses used in attacks they observe. That makes it hard for defenders to build up a collective body of knowledge about common threats. To address the shortcoming, SecureWorks's 17-page report (PDF) devotes more than four pages to the cataloging of cryptographic hashes used to digitally fingerprint files associated with the underlying malware used in the latest attacks.



Unlike most financially motivated hacks that target anyone with a computer connected to the Internet, APTs single out specific organizations identified in advance as possessing data that's considered valuable. That makes APTs significantly harder to defend against, since the attackers who carry them out will continue their campaigns until the target is successfully penetrated.

SecureWorks' researchers observed the infected machines as recently as last week after gaining control of several of the domain names compromised machines contacted after becoming infected. By "sinkholing" the command and control servers, the researchers could observe the IP addresses of the affected systems. The 100 to 200 separate computers were located in Vietnam, Brunei, Myanmar, Europe and the middle east. In addition to government ministries, a nuclear safety agency, and businesses including the petroleum company, victims also included an embassy located inside mainland China. SecureWorks didn't identify any of the victims by name.



Where in the world is Sin Digoo, California?


Virtually all of the domain names used in the campaign uncovered by SecureWorks were registered by someone using the e-mail address jeno_1980@hotmail.com. Many of those domains were listed as belonging to someone named Tawnya Grilth from the fictional or misspelled town of Sin Digoo, California. The Hotmail e-mail address was also used to register socialup.net, a site that offers blackhat SEO, or search engine optimization, services. Someone called Tawnya has repeatedly promoted the site on message boards, suggesting that in addition to registering domains used in corporate and international espionage, the person may have enjoyed more than a passing interest in blackhat SEO.

The same Hotmail address and Sin Digoo location were used to register other domains and to make inquiries on software developers' forums about code relating to using Windows programming interfaces, which are often of interest to people who write malware. Fingerprints belonging to the same person or group were also found in a user database for rootkit.com, a website where both whitehats and blackhats gathered to discuss the class of highly stealthy malware. The database was leaked onto the 'Net last year following the dramatic breach of the site as part of a larger attack by Anonymous on principals of HBGary.

In all, the attacks observed by SecureWorks involved dozens of active and defunct command and control servers and the trojans identified by the researchers are only a small fraction of the malware they say is being used in online espionage campaigns.

"Collaboration between government, espionage malware victims, and the computer security industry must improve to better defend against this undercurrent of activity that threatens to undermine an already weakened economy in countries around the world," their report concludes.

La KOICA dévoile son programme de coopération avec le Maroc pour 2012

MAP / Aufait

Citation :

L'Agence Coréenne de Coopération Internationale (KOICA) a mis en œuvre une série de programmes de coopération pour l'année 2012, centrés sur les projets en cours de réalisation, les nouveaux projets et les stages de formation.

L'Agence Coréenne de Coopération Internationale (KOICA). /DR

Les projets concernent la mise en œuvre du projet de l'Institut de formation avancée aux métiers de l'industrie automobile à Casablanca (IFMIAC), en partenariat avec le ministère de l'Emploi et de la formation professionnelle, qui sera lancé en décembre 2012, avec un montant de 6 millions de dollars US pour la période 2010-2013, indique un communiqué de la KOICA.

Il s'agit également de la finalisation du projet du Centre marocain d'alerte et de gestion des incidents informatiques (ma-CERT) en partenariat avec le ministère de l'Industrie, du commerce et des nouvelles technologies (3,4 millions dollars pour la période 2010-2012).


Parmi les nouveaux projets, figure le lancement de plateformes de formation pour le renforcement des capacités en commerce international, en partenariat avec le département du commerce extérieur auprès du ministère de l'Industrie, du commerce et des nouvelles technologies, et dont le budget alloué est de 2,950 millions de dollars pour la période 2012-2014.

Il est prévu aussi le lancement du projet du renforcement des capacités en recherche et développement dans l'efficacité de l'énergie solaire au Maroc, en partenariat avec le ministère de l'Energie, des mines, de l'eau et de l'environnement. Le budget alloué étant de 2.5 millions dollars.

A travers ces programmes de coopération, la Corée continuera à déployer ses efforts et à partager son expérience de développement avec le Royaume, relève la même source.

MAP

Rappel Mars 2011:

Citation :

--- LG CNS begins project of building a cyber security center for the Moroccan government ---

LG CNS will break into the security market of Africa for the first time as a Korean IT company.

LG CNS has recently made a contract for the establishment of a cyber security center in Morocco. In Rabat, the capital city of Morocco, the company established the project team called ‘Maroc Cyber Emergence Response Team (ma-CERT).' This is an e-government project, which will be worked on by the Korea International Cooperation Agency (KOICA) in order for the Korean government to help ensure the security of information systems at the government agencies of Morocco. The KOICA has promoted the participation of Korean private enterprises in overseas projects in order to support the economic and social growth of developing countries.

The project is worth approximately USD 3.4 million, which is equivalent to about KRW 3.5 billion. LG CNS will perform the consulting, design, construction, and support of operation of the cyber security center, whose purpose is to prevent hacking from occurring at the government agencies of Morocco.

In particular, software developed in Korea will be set up at the center in order to detect attempts of hacking, to do integrated analysis, and to control security attacks. The center is scheduled to be completely constructed by November 2011. Additional construction of centers in all the areas of Morocco is being reviewed.


Through this project, Morocco is expected to have a higher-level system for preventing hacking and security attacks. LG CNS has a strategy of obtaining an additional security market by making the project a foundation for entering the North African market in order to improve the status of "Korea, an IT Power."


In this project, the small Korean software manufacturers along withas well as LG CNS will participate in the development of security solutions and the establishment of the control center for the situation room as well as the server room at the security center. LG CNS has the most (seven) overseas subsidiaries corporations among the Korean IT service providers. The company will use existing export bases such as China, the Americas, and the Middle East to develop customized solutions along with capable small companies and to advance into overseas markets. (The End)

[Appendix] Projects of the Korea International Cooperation Agency (KOICA) and the Advancement of Domestic IT Companies into the Global Market

The grant projects worked on by the KOICA improve the status of Korea as an aid country, and are good news for Korean IT service providers, which are focusing on their advancement into the global market. The reason for this is that the projects by the KOICA increase their opportunities for breaking into the global market. As advancing into overseas markets is not optional but mandatory now, the Korean IT service providers have a strategy of accelerating their advancement into the global market without missing this good opportunity..

LG CNS received an order for the project of constructing a solar energy generating facility in Sri Lanka in June 2010, and has been working on the project. This project intends to construct a solar energy generating facility of 500 KW, which will be the biggest one of Sri Lanka, with the completely Korean proprietary technology. The project is expected to improve the status of "Green Korea", which actively deals with international environmental issues, and to help LG CNS break into overseas solar energy markets such as Europe and Africa.

http://www.lgcns.com/pr-center/news/view/1186/korean-it-solves-hacking-crimes-in-africa


Site du Ma-CERT (up and running feb 13 2012 je crois)

http://macert.ma/

Citation :

Welcome to MA-CERT : the Moroccan Academic Computer Emergency Response Team

MA-CERT is the Computer Security Incident Response Team of MARWAN, the wide area network for the education and research community of Morocco.

The constituency of MA-CERT are the institutions and organizations connected to MARWAN Network.

The mission and goals of Ma-cert are to :

Support and coordinate security incident response within the constituency
Serve as a trusted point of contact for security incident-related information
Improve awareness and knowledge of IT security among the constituents
Provide early detection of security incidents affecting MARWAN Network
Keep contact with other CSIRT/CERT teams and cooperate with national and international CERT organisations
More information can be found in the description document according to RFC 2350 .

Voici un article interessant sur la technique de cryptanalysis appelle Dictionary Attack, ressemblant a la Brute Force (tester toutes les possibilitees) mais limitant les tests aux occurances les plus probables pour...gagner du temps.

Cette attaque contre le cryptage de Skype se sert de la linguistique.

Defeating Skype Encryption Without a Key
Security Week

Citation :

Skype allows customers to communicate over Voice over Internet Protocol (VoIP) platforms. And because it is encrypted, Skype, which was recently purchased by Microsoft for $8.5 Billion, is used by many businesses today for their international phone calls.
What researchers have found, however, is a novel way to decrypt those conversations without ever knowing the encryption key.

Researchers Andrew M. White, Austin R. Matthews, Kevin Z. Snow, and Fabian Monrose from the Department of Computer Science and the Department of Linguistics at the University of North Carolina at Chapel Hill used an attack, dubbed “Phonotactic Reconstruction”, in their research paper, amusingly subtitled “Hookt on Fon-iks,” to predict clear text words from encrypted sequences. What they did was segment sequences of the VoIP packets into sub-sequences mapped into candidate words, then, based on rules of grammar, hypothesized these sub-sequences into whole sentences. In other words, they were able to reconstruct the conversation by guessing and predicting the original sounds used within the original Skype conversation.

Because of its faster compression, VoIP systems tend to use what's called Linear Predictive Coding (LPC) to transmit voice conversations over IP. LPC creates data sets from spoken English on the sender's end by breaking apart the resonances, hisses, and pops within and between words. The conversation is then synthesized on the receiving end by reversing the process. What the researchers did was simulate that reverse process in a lab. They wrote: "While the generalized performance is not as strong as we would have liked, we believe the results still raise cause for concern: in particular, one would hope that such recovery would not be at all possible since VoIP audio is encrypted precisely to prevent such breaches of privacy."

This particular attack has its roots in linguistics. The researchers liken it to how infants break up speech into words without hearing actual pauses and word divisions within a sentence. Adults have a lexicon of sounds that make up individual words, but infants do not. Infants must rely on gestures, intonations and other clues to infer the breaks between words within the stream of sounds they hear. That is what this attack does; it attempts to build a lexicon of sounds using LPC to decode the conversation.

Unfortunately, the researchers don't offer any solutions. They only hope that "this work stimulates discussion within the broader community on ways to design more secure, yet efficient, techniques for preserving the confidentiality of VoIP conversations."

This holds relevance for device manufacturers. For example, integrated circuits consume varying rates of power. One can map that varying power consumption and begin to map the peaks and valley sequences to digits – ones and zeros. This is called Power Analysis Attacks. And they can be used to decode credit card sequences from a POS terminal or patient information from a medical device. The point is, there is data leaking out in ways we might not have thought possible.

Seeing research from the linguistics department have bearing on encryption is refreshing: It's the "out of the box" thinking that cybercriminals employ. Often we're left, after the fact, nodding our heads at the clever means by which someone used something completely unrelated to our field to defeat our security. Perhaps some of the standard computer security conferences should invite or challenge researchers in other disciplines to present. Imagine what we might learn.

NSA builds Android phone for top secret calls

Secure Business Intelligence

Citation :

The National Security Agency (NSA) has developed an ultra-secure Android phone built using off-the-shelf kit that allows US Government staff to discuss top secret materials.

About 100 of the Fishbowl phones were developed and released to government staff. They were designed to comply with the NSA’s tough information security rules yet be as cheap as possible and easy to use.

Margaret Salter

The phones were designed and built by the NSA’s 40 year-old Information Assurance Directorate, which is responsible for providing secure communications to the US Government, including the Department of Defence.

The division’s head, Margaret Salter, said anyone can reproduce the phone using specifications published online today because it uses off-the-shelf components.

“The plan was to buy commercial components, layer them together and get a secure solution,” Salter said. “It uses solely commercial infrastructure to protect classified data.”

Salter said she would previously need to “speak in code” if using a commercial mobile device to discuss classified information.

Users will be able to install defence applications on the device from an enterprise app store run by the US Defence Information Systems Agency. This would ensure only secure applications were installed, and remove the need for NSA staff to otherwise vet the integrity of third party applications.

The phone is part of a wider NSA Mobility Program to design all communications technologies used for classified discussions from commercial off-the-shelf components.

The aim, Salter said, was to produce secure devices that had the ease-of-use at a low cost.

Tech troubles

The Information Assurance Directorate ran into a string of problems during the build due to a lack of interoperability between vendor products.

Salter said a lack of interoperability between SSL VPN options forced designers to use IPSEC.

Several other compromises were made but none that reduced the security of the phone, Salter said.

“We needed a voice app that did DTLS (Datagram Transport Layer Security), Suite B and SRTP (Secure Real-time Transport Protocol) and we couldn’t buy it,” Salter said. “But the industry was thinking more about session description … so we went with that.”


Fishbowl encryption

Designers were also challenged by the functionality in commercial products. Vendors were chosen not by reputation or preference, but by their support of required functionality. Each was plotted on a grid and chosen by “drawing a line through the list”.

Salter said the security specifications, such as those sought for the voice application, would be useful to everyone.

She urged colleagues to demand vendors improve unified communications interoperability.

“We need to send a message [about] standards, interoperability and plug and play," she said.

All traffic from the phone is routed through the enterprise as a primary security design goal.

“If we let it go to all kinds of places, we lost control of figuring out what the phone was doing. If I want pizza, I have to go through the enterprise which has to route me to Pizza Hut.”

Voice calls are encrypted twice in accordance with NSA policy, using IPSEC and SRTP, meaning a failure requires “two independent bad things to happen,” Salter said.

She said the Android operating system and key store were customised to be made secure enough for top secret conversations, and a “kind of police app” was designed to monitor operations on the device.

Copyright © SC Magazine, Australia

Bull va vendre le logiciel Eagle d'Amesys

L'Usine Nouvelle

Citation :

Le groupe informatique français annonce jeudi qu'il se sépare de son activité dédiée à l'interception de données sur internet. Le logiciel Eagle d'Amesys avait été utilisé par Kadhafi pour espionner son peuple, ce qui avait valu une polémique à Bull.
"Bull a signé un accord d'exclusivité pour négocier la cession des activités de sa filiale Amesys relatives au logiciel Eagle, destiné à construire des bases de données dans le cadre d'interception légale sur internet", annonce le groupe.
En septembre 2011, Amesys reconnaît avoir signé un contrat quatre ans plus tôt avec les autorités libyennes. L'objet de cet accord : mettre à disposition "un matériel d'analyse portant sur une fraction des connexions internet existantes, soient quelques milliers". Cet aveu d'Amesys fait suite à une série d'articles publiés par le site Owni.
Amesys cherche à relativiser son implication. Ce contrat "n'incluait ni les communications internet via satellite (utilisées dans les cybercafés), ni les données chiffrées (type Skype), ni le filtrage de sites web". Le matériel d'Amesys ne permettait pas non plus de surveiller les lignes téléphoniques fixes ou mobiles.
Cela ne sera bientôt plus le problème de Bull. La direction précise jeudi que cette activité n'est pas "stratégique" et que le groupe va "se concentrer sur son expertise en matière de systèmes critiques électroniques et en particulier sur les domaines concernant la protection des personnes et du territoire". Amesys représente moins de 0,5% du chiffre d'affaires du groupe Bull.

Une des tetes des Anonymous (LulzSec) a ete decapitee, et son leader avait travaille pour le FBI (apres qu'il fut demasque ).
Apparement, les attaques contre StratFor avaient ete planifiees par le FBI, ce qui remet en doute (encore plus) les emails. (garder a l'esprit que l'on nage dans l'intox dans l'affaire wikileaks toute entiere).

Sabu, le leader des LulzSec, avait utilise Tor, et apparement, c'est grace a quoi une addr IP reliee a ses activitees avait ete identifiee. Le FBI a monte in serveur IRC sous son controle pour le demasquer.

All the latest on the unmasking of LulzSec leader "Sabu," arrests (updated)

http://arstechnica.com/tech-policy/news/2012/03/all-the-latest-on-the-unmasking-of-lulzsec-leader-sabu-arrests.ars


Dans un autre registe, le ver Duqu, cousin du Stuxnet qui avait apparment frappe les installation nuk iraniennes, serait en partie programme avec un langage inconnu. Ce qui tend a confirmer que ces vers n'ont pas ete concus sur le marche noir mais bie nsur une entitee gouvernementale capable de faire de la R&D informatique. Les compagnies d'antivirus demandent l'aide des developpeurs pour identifier ce language mysterieux...

SecurityWeek

Kaspersky Lab: Duqu Framework Likely Written in an Unknown Programming Language

Citation :

Duqu, sometimes referred to as “Son of Stuxnet”, surfaced in October 2010 and has been the subject of considerable industry research as experts attempt to unveil more details on the mystery and origin of the malware. Duqu was designed to help attackers infiltrate systems via backdoor access and steal information and data primarily from industrial control systems and corporate secrets. In other words, the ultimate cyber-espionage weapon.

But Duqu, which shares many similarities to Stuxnet and is assumed to be from the same creators, is also quite different. There have been different assumptions and debates since Duqu’s discovery.

This week, however, Kaspersky Lab Researchers have shared some new and fascinating findings in relation to certain components of the complex malware. The Moscow-based security firm, which has published a number of discoveries and detailed research on Duqu over the past several months, says that unlike the majority of Duqu’s body, its framework appears to be written in an unknown programming language.

The Kaspersky team has been able to eliminate just about every popular programming language. It’s not C++, Objective C, Java, Python, Ada, Lua or any of the many programming languages that the Kaspersky Lab checked.

Why would this be the case? “Given the size of the Duqu project, it is possible that another team was responsible for the framework than the team which created the drivers and wrote the system infection and exploits,” Igor Soumenkov, a Kaspersky Lab expert explained.

The main component in question is the Payload DLL, part of which is used by the Trojan to communicate with its Command and Control (C&C) servers after infecting a system.

Whatever programming language was used in the Duqu framework is highly specialized, the researchers say. “It enables the Payload DLL to operate independently of the other Duqu modules and connects it to its dedicated C&C through several paths including Windows HTTP, network sockets and proxy servers. It also allows the Payload DLL to process HTTP server requests from the C&C directly, stealthily transmits copies of stolen information from the infected machine to the C&C, and can even distribute additional malicious payload to other machines on the network, which creates a controlled and discreet form of spreading infections to other computers.”

“It is possible that its authors used an in-house framework to generate intermediary C code, or they used another completely different programming language,” Soumenkov explained.

For reference, Stuxnet was written entirely in Microsoft Visual C++.

The Kaspersky researchers say certain “slices” of code in the Payload DLL may have been initially compiled in separate object files before being linked in a single DLL, but the slice in question is different. “This slice is different from others, because it was not compiled from C++ sources. It contains no references to any standard or user-written C++ functions.”

But there a few things the researchers do know about the mystery code: It’s object-oriented and event driven, and performs its own set of related activities ideal for network applications.

The highly event driven architecture points to code which was designed to be used in variety of conditions, including asynchronous commutations.

So what’s so important about asynchronous commutations?

“This model makes sure that any form of communication can still occur even when some communications are already happening and could be taking a long time,” Roel Schouwenberg, senior researcher at Kaspersky Lab told SecurityWeek. “Most programs out there hang or freeze if a certain operation is taking too long, much like your browser or email client may do at times. Using this asynchronous model means there's no chance of that happening with Duqu.”

“The authors built an extremely resilient platform for that, ensuring Duqu, for instance, can still receive C&C commands while waiting for a response from another infected machine,” he added.

“The creation of a dedicated programming language demonstrates just how highly skilled the developers working on the project are, and points to the significant financial and labor resources that have been mobilized to ensure the project is implemented,” said Alexander Gostev, Chief Security Expert at Kaspersky Lab.

Many interpret that as Duqu being a state-sponsored undertaking, as is assumed to be the case with Stuxnet.

At this point, Kaspersky Lab researchers are calling out to the programming community and asking for help. They hope that anyone who recognizes the framework, toolkit or the programming language that can generate similar code constructions, will reach out to help solve this next piece of the duqu puzzle.

“We've gotten a number of interesting suggestions, including libevent, RoseRT and a custom C framework. Right now we're investigating these new suggestions and seeing if we can find a match,” Schouwenberg said. “We're trying to find out now if they indeed went through the trouble of creating a new programming language or if it's something which already exists, but simply unknown to us.”

A detailed technical analysis of Kaspersky’s discoveries is available here. For those who may have suggestions, you can contact the Kaspersky team at “stopduqu@kaspersky.com”.

SecurityWeek

NSA Opens 604,000 Sq. ft. Cryptologic Center In Georgia

Citation :

The National Security Agency/Central Security Service officially opened its new "Georgia Cryptologic Center" this week. Celebrated with a ribbon-cutting ceremony on Monday, the new $286 million, 604,000 square foot complex will provide cryptologic professionals with the latest state-of-the-art tools to conduct signals intelligence operations, train the cryptologic workforce, and enable global communications.

The center, dedicated in the name of John Whitelaw, the first Deputy Director of Operations for NSA, is said to house a 17,000 square foot data center and a 9,000 square foot communications center, both complete with redundant power and network links.

NSA/CSS has had a presence in Georgia for over 16 years on Ft. Gordon, when only 50 people arrived to establish one of NSA’s Regional Security Operations Centers.

According to the NSA, General Keith B. Alexander, Commander, U.S. Cyber Command, Director, NSA/Chief, CSS – told the guests at the ceremony that the NSA/CSS workforce nominated Mr. John Whitelaw for the honor of having one of the buildings in the complex dedicated in his name, because they considered him influential to the establishment and success of the mission in Georgia. In 1995 Mr. Whitelaw was named the first Deputy Director of Operations for NSA Georgia and remained in that position until his death in 2004.

“This new facility will allow the National Security Agency to work more effectively and efficiently in protecting our homeland,” said Sen. Saxby Chambliss. “It will also attract more jobs to the Augusta area. The opening of this complex means that Georgians will play an even greater role in ensuring the safety and security of our nation.”

The new NSA/CSS Georgia Cryptologic Center is another step in the NSA’s efforts to further evolve a cryptologic enterprise that is resilient, agile, and effective to respond to the current and future threat environment.

Earlier this year the NSA opened a new facility in Hawaii, and said the agency is also upgrading the cryptologic centers in Texas and Denver.

SecurityWeek
General Dynamics Awarded Air Force Cyber Intelligence Contract

Citation :

General Dynamics Advanced Information Systems, a unit of General Dynamics, said today that it has been awarded a contract to continue its cyber network defense, operations and exploitation support of the U.S. Air Force's 35th Intelligence Squadron (35IS) Cyberspace Operations program Sensor Shadow.

The contract has a maximum value of $5 million over three years if all options are exercised, the company said in a statement.

Under the contract, General Dynamics' analysts and engineers will help to collect, analyze, produce and disseminate key cyber intelligence. This includes supporting the U.S. Cyber Command and other Department of Defense customers. The Sensor Shadow program team conducts in-depth analysis of network intrusions, threat profiling, all source intelligence analysis and long-term analysis of stored network connection data and supports operations across the globe.

"The Sensor Shadow program is representative of our cyber security heritage. For two decades General Dynamics has been providing leading-edge cyber intelligence support to the Air Force through Sensor Shadow, dating back to Operation Desert Storm," said John Jolly, vice president and general manager of General Dynamics Advanced Information Systems' Cyber Systems division. "Our close partnership with the 35IS allows us to effectively apply our mission understanding and in-depth expertise in the cyber domain to bring more capability to the cyber analyst toolset for more effective and timely analysis."

The work will be performed at Lackland Air Force Base in Texas.

China suspected of Facebook attack on Nato's supreme allied commander
Beijing cyber-spies accused of using fake social networking accounts in bid to steal military secrets from the west

The Guardian

Citation :

Admiral James Stavridis was targeted by cyber-spies on Facebook who set up fake accounts in his name. Photograph: Yves Logghe/AP
Nato's most senior military commander has been repeatedly targeted in a Facebook scam thought to have been co-ordinated by cyber-spies in China, the Observer has learned. The spies are suspected of being behind a campaign to glean information about Admiral James Stavridis from his colleagues, friends and family, sources say.

This involved setting up fake Facebook accounts bearing his name in the hope that those close to him would be lured into making contact or answering private messages, potentially giving away personal details about Stavridis or themselves.

This type of "social engineering" impersonation is an increasingly common web fraud. Nato said it wasn't clear who was responsible for the spoof Facebook pages, but other security sources pointed the finger at China.

Last year, criminals in China were accused of being behind a similar operation, which was given the codename Night Dragon. This involved hackers impersonating executives at companies in the US, Taiwan and Greece so that they could steal business secrets.

The latest disclosure will add to growing fears in the UK and US about the scale of cyber-espionage being undertaken by China. As well as targeting senior figures in the military, the tactic has been blamed for the wholesale theft of valuable intellectual property from some leading defence companies.

The sophistication and relentlessness of these "advanced persistent threat" cyber attacks has convinced intelligence agencies on both sides of the Atlantic that they must have been state-sponsored. Nato has warned its top officials about the dangers of being impersonated on social networking sites, and awarded a £40m contract to a major defence company to bolster security at the organisation's headquarters and 50 other sites across Europe. A Nato official confirmed that Stavridis, who is the supreme allied commander Europe (Saceur), had been targeted on several occasions in the past two years: "There have been several fake Saceur pages. Facebook has cooperated in taking them down… the most important thing is for Facebook to get rid of them."

The official added: "First and foremost, we want to make sure that the public is not being misinformed. Saceur and Nato have made significant policy announcements on either the Twitter or Facebook feed, which reflects Nato keeping pace with social media. It is important the public has trust in our social media."

Nato said it was now in regular contact with Facebook account managers and that the fake pages were usually deleted within 24 to 28 hours of being discovered. Finding the actual source in cases such as these is notoriously difficult, but another security source said: "The most senior people in Nato were warned about this kind of activity. The belief is that China is behind this."

Stavridis, who is also in charge of all American forces in Europe, is a keen user of social media. He has a genuine Facebook account, which he uses to post frequent messages about what he is doing, and where. Last year he used Facebook to declare that the military campaign in Libya was at an end.

The threat posed by Chinese cyber activity has been causing mounting concern in the UK and the US, where it is judged to be a systematic attempt to spy on governments and their militaries. They also accuse Beijing of being involved in the anonymous theft and transfer of massive quantities of data from the west. In a surprisingly pointed report to Congress last year, US officials broke with diplomatic protocol and for the first time challenged China directly on the issue. The National Counterintelligence Executive said Chinese hackers were "the world's most active and persistent perpetrators of economic espionage".

It said China appeared to have been responsible for "an onslaught of computer network intrusions". The report also claimed that Chinese citizens living abroad were being leaned on to provide "insider access to corporate networks to steal trade secrets". The use of moles was, it said, a clear exploitation of people who might fear for relatives in China.

Security analysts in Washington said they believed China had undertaken comprehensive cyber-surveillance of the computer networks that control much of America's critical infrastructure. This has stoked a political debate on Capitol Hill, where Democrats and Republicans are locked in an ideological battle about how to tackle cyber threats. President Barack Obama wants to introduce regulation to ensure companies are taking them seriously, but that approach is opposed by Republicans, including Senator John McCain.

James Lewis, a cyber expert from the Centre for Strategic and International Studies thinktank in Washington, said the time for dithering had passed. "We know that Russia and China have done the reconnaissance necessary to plan to attack US critical infrastructure," he said. "You might think we should put protection of critical infrastructure at a slightly higher level. It is completely vulnerable."

Shawn Henry, an executive assistant director at the FBI, told the Observer that the agency was dealing with thousands of fresh attacks every month. "We recognise that there are vulnerabilities in infrastructure. That's why we see breaches by the thousand every single month," he said. "There are thousands of breaches every month across industry and retail infrastructure. We know that the capabilities of foreign states are substantial and we know the type of information they are targeting."

The department of homeland security has been tasked by the White House with countering the cyber threat, but without making people lose confidence in the web. Its senior counsellor for cyber-security, Bruce McConnell, said: "The internet is civilian space. It is a marketplace. Like the market in Beirut in the 1970s, it will sometimes be a battleground. But its true nature is peaceful, and that must be preserved."

Un article gargantuesque sur la NSA sur Wired.

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

Quelques extraits:

Citation :

Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.

Citation :

It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

Citation :

For the NSA, overflowing with tens of billions of dollars in post-9/11 budget awards, the cryptanalysis breakthrough came at a time of explosive growth, in size as well as in power. Established as an arm of the Department of Defense following Pearl Harbor, with the primary purpose of preventing another surprise assault, the NSA suffered a series of humiliations in the post-Cold War years.

Citation :

And then there was this anomaly: Although this was supposedly the official ground-breaking for the nation’s largest and most expensive cybersecurity project, no one from the Department of Homeland Security, the agency responsible for protecting civilian networks from cyberattack, spoke from the lectern. In fact, the official who’d originally introduced the data center, at a press conference in Salt Lake City in October 2009, had nothing to do with cybersecurity. It was Glenn A. Gaffney, deputy director of national intelligence for collection, a man who had spent almost his entire career at the CIA. As head of collection for the intelligence community, he managed the country’s human and electronic spies.

Citation :

Inside, the facility will consist of four 25,000-square-foot halls filled with servers, complete with raised floor space for cables and storage. In addition, there will be more than 900,000 square feet for technical support and administration. The entire site will be self-sustaining, with fuel tanks large enough to power the backup generators for three days in an emergency, water storage with the capability of pumping 1.7 million gallons of liquid per day, as well as a sewage system and massive air-conditioning system to keep all those servers cool. Electricity will come from the center’s own substation built by Rocky Mountain Power to satisfy the 65-megawatt power demand. Such a mammoth amount of energy comes with a mammoth price tag—about $40 million a year, according to one estimate.

...

But so is the exponential growth in the amount of intelligence data being produced every day by the eavesdropping sensors of the NSA and other intelligence agencies. As a result of this “expanding array of theater airborne and other sensor networks,” as a 2007 Department of Defense report puts it, the Pentagon is attempting to expand its worldwide communications network, known as the Global Information Grid, to handle yottabytes (1024 bytes) of data. (A yottabyte is a septillion bytes—so large that no one has yet coined a term for the next higher magnitude.)

It needs that capacity because, according to a recent report by Cisco, global Internet traffic will quadruple from 2010 to 2015, reaching 966 exabytes per year. (A million exabytes equal a yottabyte.) In terms of scale, Eric Schmidt, Google’s former CEO, once estimated that the total of all human knowledge created from the dawn of man to 2003 totaled 5 exabytes. And the data flow shows no sign of slowing. In 2011 more than 2 billion of the world’s 6.9 billion people were connected to the Internet. By 2015, market research firm IDC estimates, there will be 2.7 billion users. Thus, the NSA’s need for a 1-million-square-foot data storehouse. Should the agency ever fill the Utah center with a yottabyte of information, it would be equal to about 500 quintillion (500,000,000,000,000,000,000) pages of text.

Citation :

1 Geostationary satellites
Four satellites positioned around the globe monitor frequencies carrying everything from walkie-talkies and cell phones in Libya to radar systems in North Korea. Onboard software acts as the first filter in the collection process, targeting only key regions, countries, cities, and phone numbers or email.
2 Aerospace Data Facility, Buckley Air Force Base, Colorado
Intelligence collected from the geostationary satellites, as well as signals from other spacecraft and overseas listening posts, is relayed to this facility outside Denver. About 850 NSA employees track the satellites, transmit target information, and download the intelligence haul.
3 NSA Georgia, Fort Gordon, Augusta, Georgia
Focuses on intercepts from Europe, the Middle East, and North Africa. Codenamed Sweet Tea, the facility has been massively expanded and now consists of a 604,000-square-foot operations building for up to 4,000 intercept operators, analysts, and other specialists.
4 NSA Texas, Lackland Air Force Base, San Antonio
Focuses on intercepts from Latin America and, since 9/11, the Middle East and Europe. Some 2,000 workers staff the operation. The NSA recently completed a $100 million renovation on a mega-data center here—a backup storage facility for the Utah Data Center.
5 NSA Hawaii, Oahu
Focuses on intercepts from Asia. Built to house an aircraft assembly plant during World War II, the 250,000-square-foot bunker is nicknamed the Hole. Like the other NSA operations centers, it has since been expanded: Its 2,700 employees now do their work aboveground from a new 234,000-square-foot facility.
6 Domestic listening posts
The NSA has long been free to eavesdrop on international satellite communications. But after 9/11, it installed taps in US telecom “switches,” gaining access to domestic traffic. An ex-NSA official says there are 10 to 20 such installations.
7 Overseas listening posts
According to a knowledgeable intelligence source, the NSA has installed taps on at least a dozen of the major overseas communications links, each capable of eavesdropping on information passing by at a high data rate.
8 Utah Data Center, Bluffdale, Utah
At a million square feet, this $2 billion digital storage facility outside Salt Lake City will be the centerpiece of the NSA’s cloud-based data strategy and essential in its plans for decrypting previously uncrackable documents.
9 Multiprogram Research Facility, Oak Ridge, Tennessee
Some 300 scientists and computer engineers with top security clearance toil away here, building the world’s fastest supercomputers and working on cryptanalytic applications and other secret projects.
10 NSA headquarters, Fort Meade, Maryland
Analysts here will access material stored at Bluffdale to prepare reports and recommendations that are sent to policymakers. To handle the increased data load, the NSA is also building an $896 million supercomputer center here.

Citation :

He explains that the agency could have installed its tapping gear at the nation’s cable landing stations—the more than two dozen sites on the periphery of the US where fiber-optic cables come ashore. If it had taken that route, the NSA would have been able to limit its eavesdropping to just international communications, which at the time was all that was allowed under US law. Instead it chose to put the wiretapping rooms at key junction points throughout the country—large, windowless buildings known as switches—thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US. The network of intercept stations goes far beyond the single room in an AT&T building in San Francisco exposed by a whistle-blower in 2006. “I think there’s 10 to 20 of them,” Binney says. “That’s not just San Francisco; they have them in the middle of the country and also on the East Coast.”

Citation :

The software, created by a company called Narus that’s now part of Boeing, is controlled remotely from NSA headquarters at Fort Meade in Maryland and searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA.

The scope of surveillance expands from there, Binney says. Once a name is entered into the Narus database, all phone calls and other communications to and from that person are automatically routed to the NSA’s recorders. “Anybody you want, route to a recorder,” Binney says. “If your number’s in there? Routed and gets recorded.” He adds, “The Narus device allows you to take it all.” And when Bluffdale is completed, whatever is collected will be routed there for storage and analysis.

According to Binney, one of the deepest secrets of the Stellar Wind program—again, never confirmed until now—was that the NSA gained warrantless access to AT&T’s vast trove of domestic and international billing records, detailed information about who called whom in the US and around the world. As of 2007, AT&T had more than 2.8 trillion records housed in a database at its Florham Park, New Jersey, complex.

.........


Once the communications are intercepted and stored, the data-mining begins. “You can watch everybody all the time with data- mining,” Binney says. Everything a person does becomes charted on a graph, “financial transactions or travel or anything,” he says. Thus, as data like bookstore receipts, bank statements, and commuter toll records flow in, the NSA is able to paint a more and more detailed picture of someone’s life.

Citation :

Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. “We questioned it one time,” says another source, a senior intelligence manager who was also involved with the planning. “Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys.” According to the official, these experts told then-director of national intelligence Dennis Blair, “You’ve got to build this thing because we just don’t have the capability of doing the code-breaking.” It was a candid admission. In the long war between the code breakers and the code makers—the tens of thousands of cryptographers in the worldwide computer security industry—the code breakers were admitting defeat.

So the agency had one major ingredient—a massive data storage facility—under way. Meanwhile, across the country in Tennessee, the government was working in utmost secrecy on the other vital element: the most powerful computer the world has ever known.

The plan was launched in 2004 as a modern-day Manhattan Project. Dubbed the High Productivity Computing Systems program, its goal was to advance computer speed a thousandfold, creating a machine that could execute a quadrillion (1015) operations a second, known as a petaflop—the computer equivalent of breaking the land speed record. And as with the Manhattan Project, the venue chosen for the supercomputing program was the town of Oak Ridge in eastern Tennessee, a rural area where sharp ridges give way to low, scattered hills, and the southwestward-flowing Clinch River bends sharply to the southeast. About 25 miles from Knoxville, it is the “secret city” where uranium- 235 was extracted for the first atomic bomb. A sign near the exit read: what you see here, what you do here, what you hear here, when you leave here, let it stay here. Today, not far from where that sign stood, Oak Ridge is home to the Department of Energy’s Oak Ridge National Laboratory, and it’s engaged in a new secret war. But this time, instead of a bomb of almost unimaginable power, the weapon is a computer of almost unimaginable speed.

In 2004, as part of the supercomputing program, the Department of Energy established its Oak Ridge Leadership Computing Facility for multiple agencies to join forces on the project. But in reality there would be two tracks, one unclassified, in which all of the scientific work would be public, and another top-secret, in which the NSA could pursue its own computer covertly. “For our purposes, they had to create a separate facility,” says a former senior NSA computer expert who worked on the project and is still associated with the agency. (He is one of three sources who described the program.) It was an expensive undertaking, but one the NSA was desperate to launch.

Known as the Multiprogram Research Facility, or Building 5300, the $41 million, five-story, 214,000-square-foot structure was built on a plot of land on the lab’s East Campus and completed in 2006. Behind the brick walls and green-tinted windows, 318 scientists, computer engineers, and other staff work in secret on the cryptanalytic applications of high-speed computing and other classified projects. The supercomputer center was named in honor of George R. Cotter, the NSA’s now-retired chief scientist and head of its information technology program. Not that you’d know it. “There’s no sign on the door,” says the ex-NSA computer expert.

Citation :

In the meantime Cray is working on the next step for the NSA, funded in part by a $250 million contract with the Defense Advanced Research Projects Agency. It’s a massively parallel supercomputer called Cascade, a prototype of which is due at the end of 2012. Its development will run largely in parallel with the unclassified effort for the DOE and other partner agencies. That project, due in 2013, will upgrade the Jaguar XT5 into an XK6, codenamed Titan, upping its speed to 10 to 20 petaflops.

Impressive.

Citation :

http://www.huffingtonpost.com/2012/03/20/war-iran-israel-attack-liveblog_n_1366906.html?%E2%80%8B1332254022#220_obama-records-video-directed-at-iranian-people-decries-electronic-curtain

A l'occasion du Noyrouz (nouvel an perse) Obama s'adresse aux iraniens sur youtube avec sous titre farsi et promet des solutions software et une ambassade virtuelle pour garder le contact avec les iraniens.

Voici qui corrobore un post par Rafi sur le feu vert US a isrl pour frapper l'IRI: y'a un paragraphe qui parle de preparation par la cyberguerre:

New Duqu Variant Discovered in Iran, Experienced Authors Still at Work

Security Week http://www.securityweek.com/new-duqu-variant-discovered-iran-experienced-authors-still-work

Citation :

It’s been an interesting week in developments related to Duqu, the complex cyber-espionage malware often referred to as “Son of Stuxnet.”

On Monday, Kaspersky Lab revealed details on what was a previously unknown programming language used in the “Duqu Framework”, a portion of the Payload DLL used by the Trojan to interact with Command & Control (C&C) servers after the malware infects a system. Kaspersky revealed that the Duqu framework was written using a custom object-oriented extension to C, generally called “OO C” and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008).

On Tuesday, Symantec came forward with details on a file that it recently received, which after being analyzed, proved to be a new variant of W32.Duqu—the first new version of Duqu that Symantec has found this year. While the sample received by Symantec isn't the full code used in the threat, it's the key component needed to fully infect a system—the loader file that loads the full malware and stores it in an encrypted state on a system once it restarts.

The newly discovered Duqu variant came from Iran, Vikram Thakur, principal manager, Symantec Security Response told SecurityWeek.

The component received by Symantec (Driver file .sys) fits into the Duqu malware as illustrated here:

Symantec researchers also noticed changes in the encryption algorithm the malware authors used to encrypt other components of the threat on disk, as well as some differences in the driver file. “… the old driver file was signed with a stolen certificate—and this one is not,” Symantec researchers noted in a blog post. “Also the version information is different in this new version compared to the previous version we have seen. In this case, the Duqu file is pretending to be a Microsoft Class driver.”

Information on the command and control server that the sample would potentially use to connect to was not available in the new file, Thakur told SecurityWeek. "The author(s) changed the encryption algorithm they use to encrypt the other components on disk. Also the driver was changed to evade AV coverage. That leads us to believe development of Duqu is still ongoing," he said.

While evidence of a new loader file shows the Duqu attackers are still hard at work, it’s unclear what else may have been updated or modified in the rest of the Duqu malware. “Without the other components of the attack it is impossible to say whether any new developments have been added to the code since we last saw a release from the group in November 2011,” Symantec's blog post added.

This week’s developments show that in addition to knowing the authors behind Duqu are still at work, Duqu code is coming from a seasoned and experienced development team. In terms of the programming language used in the Duqu framework, there is no easy explanation as to why OO C was used instead of C++. Kaspersky Lab experts believe there are two likely causes that support its use: More control over the code and Extreme portability.

“These two reasons indicate that the code was written by a team of experienced ‘old-school’ developers who wanted to create a customized framework to support a highly flexible and adaptable attack platform. The code could have been reused from previous cyber-operations and customized to integrate into the Duqu Trojan,” noted Igor Soumenkov, Chief Malware Expert at Kaspersky Lab. “However, one thing is certain: these techniques are normally seen by elite software developers and almost never in today’s general malware.”

Duqu originally surfaced in October 2010 and has been the subject of considerable industry research as experts attempt to unveil more details on the mystery and origin of the malware. Duqu was designed to help attackers infiltrate systems via backdoor access and steal information and data primarily from industrial control systems and corporate secrets. While Duqu is assumed to have been created by the same authors as Stuxnet, unlike Stuxnet, it does not contain any components that attempt to control industrial control systems, but instead is primarily a remote access Trojan (RAT) designed to collect intelligence data and assets, possibly for use in future attacks.

Duqu – Designed to Be Resilient

According to Kaspsersky Lab, Duqu’s framework was written using code that was object-oriented and event driven, and performs its own set of actions making it ideal for network applications, and giving the malware a highly event driven architecture designed to be used in variety of conditions, including asynchronous commutations.

“This model makes sure that any form of communication can still occur even when some communications are already happening and could be taking a long time,” Roel Schouwenberg, senior researcher at Kaspersky Lab told SecurityWeek earlier this month. “Most programs out there hang or freeze if a certain operation is taking too long, much like your browser or email client may do at times. Using this asynchronous model means there's no chance of that happening with Duqu.”

“The authors built an extremely resilient platform for that, ensuring Duqu, for instance, can still receive C&C commands while waiting for a response from another infected machine,” he added.

According to Symantec, the recently recieved Duqu component was compiled on February 23, 2012, indicating that the new variant has not been in the wild for long. “Checking the code we can see the authors have changed just enough of the threat to evade some security product detections, although this appears to have only been partially successful,” Symantec said.

“Although we do not have all of the information regarding this infection, the emergence of this new file does show that the attackers are still active.”

Cyber Cops Stop Mohammed Merah, Scour Web For Missing Murder Videos

Fast Company

Citation :

...

Merah was caught because he used his family computer to arrange the first paratrooper's death. The terrorist pretended he wanted to buy the soldier's motorcycle; when the soldier met him, he was shot to death (shades of American Craigslist robberies!). The victim, paratrooper Imad Ibn Ziaten, was trying to sell a Suzuki Bandit. In the advert, Ziaten noted that he was a soldier and provided his first name--which identified him as a Frenchman of Arabic or Muslim heritage. Ziaten made plans to meet with Merah on a Sunday afternoon; upon meeting, he was shot in the head at close range--a M.O. that repeated itself in all the killings that followed. Media sources including CNN, France 24, and Le Monde variously report that the computer belonged to either his mother or brother.

MERAH WAS CAUGHT BECAUSE HE USED HIS FAMILY COMPUTER TO ARRANGE THE FIRST PARATROOPER'S DEATH.

According to Le Monde's Yves Bordenave, French cyber police found that 580 users viewed the original motorcycle advertisement. The police obtained IP addresses for these users and attempted to geolocate them, focusing on unspecified districts in the city. Users on the smaller, geotargeted list then became the focus of investigation. Merah became the primary suspect after they viewed emails between him and Ibn Ziaten.

Interestingly, French authorities appear to have been monitoring Merah's family's IP address and Internet activity even before he was a suspect. On France24, a public prosecutor working on the case said that the IP address had been monitored two days before Ibn Ziaten's death, but that further checks still needed to be made. Merah's brother and girlfriend were also taken into custody; the brother is also known locally for sympathy for Islamist causes. Reuters reports that Merah was not particularly religious and was primarily angry at the Israeli-Palestinian conflict and NATO's presence in Afghanistan. However, the New York Times' Dan Bilefsky and Maia de la Baume indicate that Merah was radicalized in prison.
...

Comment la police est remontée jusqu'à Mohamed Merah
Le Monde

Citation :

...
Les investigations complémentaires menées par la police judiciaire après la tuerie de l'école confessionnelle juive le 19 mars, à Toulouse, ont permis de localiser le suspect. L'enquête s'est accélérée au cours des derniers jours, après que les cyberpoliciers qui travaillaient sur une annonce de vente de moto diffusée sur Internet par le parachutiste abattu le 11mars à Toulouse, ont réussi à identifier l'adresse IP du frère du suspect. Les cyber policiers avaient constaté que 580 personnes s'étaient connectées sur le site où l'annonce avait été postée. Parmi ces connexions, les enquêteurs ont sélectionné celles qui provenaient d'une zone située sur la ville et ses alentours. Ils ont ensuite dressé une liste restreinte, jusqu'à l'identification de leur cible.
...

communiquer par le pc familial,plutot bete pour un serial killer

Yakuza a écrit:

communiquer par le pc familial,plutot bete pour un serial killer

Bete et irresponsable. maintenant des gens qui peut être n'ont rien a voir avec sa folie serons impliques.

Ca rappelle l'histoire de Sabu le leader des LulzSec/Anonymous qui s'est connecte sur IRC une fois avec sa véritable addr IP, et paf...

En tout cas ce sera une raison de plus pour généraliser plus la cyber surveillance en France, au moins...



EDIT:

Sarkozy announces crackdown on Internet hate sites

Citation :

(Reuters) - President Nicolas Sarkozy said on Thursday that France would make it a crime to consult Web sites that advocate terrorism or hate crimes and would toughen a crackdown on people who went abroad for ideological indoctrination.

"From now on, any person who habitually consults Web sites that advocate terrorism or that call for hatred and violence will be criminally punished," Sarkozy said in a televised address after police shot dead an al Qaeda-inspired gunman who had killed seven people.

"France will not tolerate forced recruitment or ideological indoctrination on its soil," Sarkozy said, adding that an enquiry would be launched into whether prisons were being used to propagate extremism in France.

He said authorities were investigating whether Mohamed Merah, a 23-year-old Frenchman of Algerian origin, acted alone in the shootings of three Jewish children and four adults in southwest France.

Merah died on Wednesday in a hail of bullets when he jumped from a window after elite police commandos entered the apartment where he was holed up following a siege of more than 30 hours.

(Reporting By Daniel Flynn and Alexandria Sage; editing by Paul Taylor)

Citation :

Les pirates de la nouvelle guerre israélo-arabe
http://www.slate.fr/story/52101/israel-palestine-cyberguerre-hackers-stuxnet-duqu

Quelques petites precisions sur ma-CERT

english.etnews.com

Citation :

LG CNS Breaks into African Cyber Security Market

2011/03/07 By Kim Won-bae

LG CNS has succeeded in making a foray into the African cyber security market. LG CNS announced on March 3 that the company launched ma-CERT (Maroc Cyber Emergence Response Team) and began to build the center in Rabat, the capital of Morocco. The Moroccan government is planning to take advantage of the cyber security center to prevent public organizations from being hacked. LG CNS is in charge of consulting on the whole project, designing and building the cyber security center and supporting its operation. This US$3.4 million project is an electric government project that the state-run Korea International Cooperation Agency (KOICA) is pushing for in order to support the information system security of Morocco.LG CNS is planning to complete the construction of the cyber security center by this November by joining forces with small and medium-sized SW-specialized firms such as SGA, Igloo Security (both in charge of security solutions), CPI (in charge of the situation room control center) and Kopeng (in charge of servers)

Toutes de compagnies coreennes.

http://www.sgacorp.kr/eng/

http://www.kopeng.co.kr/

http://www.igloosec.com/

CPI est apparemnt une filliale de LG Chem (CPI Compact Power Inc.)

Citation :

Satellite-jamming becoming a big problem in the Middle East and North Africa

The Arab Spring has had yet another consequence—satellite jamming, and the practice is serious enough to threaten the satellite operators' business. Two operators, Arabsat and Nilesat, complained about the jamming in the Satellite 2012 Conference in Washington, D.C. last week, according to an article in Space News. Arabsat is a 21-country consortium that provides broadcasting to over 100 countries in the Middle East, Africa, and Europe. Nilesat is an Egypt-based operator that carries 415 channels to the Middle East and North Africa. The satellites also provide broadband, telephone, and VSAT service.

Jamming and rounding up satellite dishes has become a common practice for governments wishing to limit unfavorable coverage in their own (or sometimes other people's) countries. An article in February at BroadcastEngineering.com detailed the decision of the United Nations' International Telecommunications Union (ITU) to condemn satellite jamming in Iran as "contrary to Article 19 of the Universal Declaration of Human Rights." That decision came after complaints by several broadcasters, including the BBC, Radio Netherlands Worldwide, and Voice of America. Last year Reuters reported that jamming of satellite phones and other services occurred in Libya during the uprising.

But the issue may not be limited to Middle East governments. The Islamic Republic of Iran's Broadcasting English website claimed in January that British technicians were jamming Iranian broadcasts on Eutelsat's Hotbird sat network from a site in Bahrain. If that's accurate, it may suggest that European governments think it's acceptable to jam European companies' satellites as long as the broadcasts themselves aren't European.

Any attempt to jam satellites in the United States is generally tracked and stopped quickly by the Federal Communications Commission (FCC), which strictly enforces the licensing and sharing of US radio spectrum by the many parties that use it. Off-frequency or overpowered broadcasts in the United States generally result in an instant broadcaster shutdown and possible fines or jail terms.

In Europe, a new pan-European regulatory body entitled the Body of European Regulators for Electronic Communications (BEREC) began meeting in 2010. BEREC has broad authority for licensing and enforcement and has, from all reports, even broader and stricter powers.

Unfortunately for customers or companies seeking redress, there is no pan-African or pan-Middle Eastern authority available to prevent illegal transmissions. There are, instead, cooperative agreements between the countries that make up each body of operators. The countries that are doing the jamming are member states of this consortium, and at times they have even jammed their own broadcasts.

In a few cases, according to the Space News article, the operators have been able to identify the antennas doing the jamming using Google Earth. Notifying the governments involved is ineffective, and there is at present no practical way to stop the jammers.

The two companies were hesitant to name the culprits, but countries that have been mentioned elsewhere in the press include Libya, Syria, Bahrain, Iraq, and Iran. Syria and Bahrain, in particular, have ongoing domestic problems right now.

Ars Technica

Citation :

Pakistan backs away from proposed censorship system

Last week we reported on the controversy over Pakistan's Request for Proposals for a sophisticated Internet censorship system. The Pakistan Telecommunication Authority has vowed to stop the distribution of "blasphemous and objectionable content" over the Pakistani Internet, and was seeking a system capable of blocking up to 50 million URLs. Internet freedom activists rallied against the proposal and secured commitments from several major IT vendors not to bid for the project.

Now the Pakistani government appears to be backing away from the proposal. A member of the National Assembly, the lower house of Pakistan's legislature, told the Express Tribune that Pakistan's Ministry of Information Technology had withdrawn the project "due to the concern shown by various stakeholders."

Yet the Pakistani officials in charge of the proposal have yet to confirm the reports. A spokesman from the IT Ministry told the Express Tribune that it would release a statement on Tuesday, but Ars was unable to find such a statement on the agency's website.

Critics of the censorship scheme hailed the news, but warned the fight was far from over.

"While these reports are promising, there is still a possibility that the Pakistani government could try to covertly implement a similar system," said Mike Rispoli, a spokesman for the advocacy group Access. His group collected more than 18,000 signatures opposing the scheme.

Rispoli called for new legislation prohibiting the Pakistani government from implementing such a censorship regime in the future.

Ars Technica

Citation :

Researchers release new exploits to hijack critical infrastructure

Researchers have released two new exploits that attack common design vulnerabilities in a computer component used to control critical infrastructure, such as refineries and factories.

The exploits would allow someone to hack the system in a manner similar to how the Stuxnet worm attacked nuclear centrifuges in Iran, a hack that stunned the security world with its sophistication and ability to use digital code to create damage in the physical world.

The exploits attack the Modicon Quantum programmable logic controller made by Schneider-Electric, which is a key component used to control functions in critical infrastructures around the world, including manufacturing facilities, water and wastewater management plants, oil and gas refineries and pipelines, and chemical production plants. The Schneider PLC is an expensive system that costs about $10,000.

One of the exploits allows an attacker to simply send a “stop” command to the PLC.

The other exploit replaces the ladder logic in a Modicon Quantum PLC so that an attacker can take control of the PLC.

The module first downloads the current ladder logic on the PLC so that the attacker can understand what the PLC is doing. It then uploads a substitute ladder logic to the PLC, which automatically overwrites the ladder logic on the PLC. The module in this case only overwrites the legitimate ladder logic with blank ladder logic, to provide a proof of concept demonstration of how an attacker could easily replace the legitimate ladder logic with malicious commands without actually sabotaging the device.

The exploits take advantage of the fact that the Modicon Quantum PLC doesn’t require a computer that is communicating with it to authenticate itself or any commands it sends to the PLC—essentially trusting any computer that can talk to the PLC. Without such protection, an unauthorized party with network access can send the device malicious commands to seize control of it, or simply send a "stop" command to halt the system from operating.

The attack code was created by Reid Wightman, an ICS security researcher with Digital Bond, a computer security consultancy that specializes in the security of industrial control systems. The company said it released the exploits to demonstrate to owners and operators of critical infrastructures that "they need to demand secure PLC’s from vendors and develop a near-term plan to upgrade or replace their PLCs."

The exploits were released as modules in Metasploit, a penetration testing tool owned by Rapid 7 that is used by computer security professionals to quickly and easily test their networks for specific security holes that could make them vulnerable to attack.

The exploits were designed to demonstrate the "ease of compromise and potential catastrophic impact" of vulnerabilities and make it possible for owners and operators of critical infrastructure to "see and know beyond any doubt the fragility and insecurity of these devices," said Digital Bond CEO Dale Peterson in a statement.

But Metasploit is also used by hackers to quickly find and gain access to vulnerable systems. Peterson has defended his company’s release of exploits in the past as a means of pressuring companies like Schneider into fixing serious design flaws and vulnerabilities they’ve long known about and neglected to address.

Peterson and other security researchers have been warning for years that industrial control systems contain security issues that make them vulnerable to hacking. But it wasn’t until the Stuxnet worm hit Iran’s nuclear facilities in 2010 that industrial control systems got widespread attention. The makers of PLCs, however, have still taken few steps to secure their systems.

"[M]ore than 500 days after Stuxnet the Siemens S7 has not been fixed, and Schneider and many other ICS vendors have ignored the issues as well," Peterson said.

Stuxnet, which attacked a PLC model made by Siemens in order to sabotage centrifuges used in Iran’s uranium enrichment program, exploited the fact that the Siemens PLC, like the Schneider PLC, does not require any authentication to upload rogue ladder logic to it, making it easy for the attackers to inject their malicious code into the system.

Peterson launched a research project last year dubbed Project Basecamp, to uncover security vulnerabilities in widely used PLCs made by multiple manufacturers.

In January, the team disclosed several vulnerabilities they found in the Modicon Quantum system, including the lack of authentication and the presence of about 12 backdoor accounts that were hard coded into the system and that have read/write capability. The system also has a web server password that is stored in plaintext and is retrievable via an FTP backdoor.

At the time of their January announcement, the group released exploit modules that attacked vulnerabilities in some of the other products, and have gradually been releasing exploits for other products since then.

Photograph by Reid Wightman/Digital Bond

Ars Technica

AND

http://www.wired.com/threatlevel/2012/01/scada-exploits/




Mais franchement lorsqu'il s'agit des compagnies de securite elles memes Sophos maintenant a decouver des RATs (remote Access tools) sur ses servurs

Citation :

Security Notification for Sophos Partners

UPDATE: FRIDAY, APRIL 6

Did the attacker have access to any financial data?

No financial information was stolen from this database. This was not a database designed to hold financial information, but we ran comprehensive data scans to look for any banking details (credit cards, sorting codes, account numbers, etc.) lurking in the fields. All scans came back clean.

How did you detect the attack?

Sophos Endpoint Security detected and blocked an attempt by the attacker to upload two hacking tools to the server. The first was a program designed to steal passwords, the second a privilege escalation tool. Sophos detected these as the PUAs (potentially unwanted applications) as “Windows Credentials Extractor” and “BackEx”.

What are you doing now?

We have an image of the compromised machine and are performing a forensic offline analysis of the system to gain a complete understanding of the attack. In parallel, we are running copies of the compromised machine in a virtual secure lab to further understand the constraints the attacker was operating within.


UPDATE: THURSDAY, APRIL 5

Sophos monitors its servers closely for potential security issues, and on 3rd April identified some suspicious activity on the main webserver that serves our Partner Portal at https://gpp.partners.sophos.com/.

Two unauthorized programs were found on the server, and our preliminary investigations indicate that these were designed to allow unauthorized remote access to information.

As a precautionary step to prevent any potential data breach, we have temporarily taken the entire Partner Portal site offline, suspending partner logins. In parallel, we are conducting an in-depth security audit and once that is completed our partners will be able to use the Portal again. For those partners who have moved onto the new SFDC-based partner portal, this site was not compromised so there is no need to reset those passwords.

At this stage we have been unable to confirm that any data has been stolen as a result of the security incident. However, we feel it's sensible to assume the worst: that information may have been accessed.

Data included in the server's databases include: Partners' names and business addresses, email addresses, contact details, and hashed passwords.

Next steps

When the Partner Portal comes back online, you will find that your password has been reset as a precautionary step, just in case it fell into the wrong hands. You should, of course, ensure that you never use the same password on different websites - and if you did use your old Partner Portal password on other sites, we would advise that you change the login credentials on those sites to something unique.

We do not currently know if email addresses were accessed by any unauthorized persons, but if they were, it is possible that partners may find they are targeted by phishing emails purporting to come from Sophos or other targeted attacks. Please take care when accessing unsolicited emails.

We realize that the site's downtime and the forced password resets may be an overreaction and are sorry for the disruption this will cause, but we would rather cause some inconvenience at this stage than delay as we wait for further information.

Again, we apologize for the inconvenience caused and will continue to take every precaution in protecting partners' data.

If you have any concerns or queries about this matter, please contact us at AskSophos@sophos.com

In the meantime, please revisit this page for any further updates and contact your CAM for any immediate business needs.

Sinon les recentes attaques des Anonyous (s'agit-ils des memes anons apr ailleurs?) diriges contre la Chine commence a donner des resultats

par Reuters:

Hacker claims breach of Chinese defense contractor

Citation :

(Reuters) - A hacker has posted thousands of internal documents he says he obtained by breaking into the network of a Chinese company with defense contracts, an unusual extension of the phenomenon of activist hacking into the world's most populous country.

The hacker, who uses the name Hardcore Charlie and said he was a friend of Hector Xavier Monsegur, the leader-turned- informant of the activist hacking group, LulzSec, told Reuters he got inside Beijing-based China National Import & Export Corp (CEIEC).

He posted documents ranging from purported U.S. military transport information to internal reports about business matters on several file-sharing sites, but the authenticity of the documents could not be independently confirmed.

The Beijing company, better known by the acronym, CEIEC, did not respond to a request for comment. U.S. intelligence and Department of Defense officials had no immediate comment.

CEIEC's website says the company performs systems integration work for the Chinese military.

Cyber-spying, both economic and political, is a growing concern for companies and governments around the world. The Chinese government is often accused of promoting, or at least tolerating, hacking attacks aimed at Western targets. But Chinese institutions have rarely been publicly identified as victims of such attacks.

Hackers associated with LulzSec have largely targeted Western defense contractors and law enforcement, although some of their attacks may have been driven by FBI informants. LulzSec is a spin-off of Anonymous, an amorphous collective that uses computer break-ins to promote social causes and expose what members see as wrongdoing by governments and corporations.

Hardcore Charlie said in email and Twitter conversations with Reuters that he had worked with others to crack the email passwords that got him inside CEIEC.

In particular, the hacker said he worked with an associate who calls himself YamaTough on Twitter, another former ally of Monsegur who recently released stolen source code for old versions of security products made by Symantec Corp (SYMC.O).

YamaTough had also been involved in an incident in which fake documents, purportedly from Indian military intelligence, were mixed with genuinely purloined documents, raising the possibility Hardcore Charlie had pursued a similar strategy in posting the alleged CEIEC documents.

Hardcore Charlie described himself as a 40-year-old Hispanic man in a country close to the United States. He said he did not have strong political leanings, but was concerned the Chinese company had access to material about the U.S. war effort in Afghanistan, as some of the documents suggest.

He said he planned to "explore" the computer networks of other Chinese companies.

(Reporting by Joseph Menn in San Francisco; additional reporting by Mark Hosenball in Washington; editing by Jonathan Weber and Andre Grenon)

Citation :

Dassault Systèmes claque la porte du "cloud à la française"

Bernard Charlès, le patron de Dassault Systèmes, a écrit à René Ricol, le commissaire général à l'investissement, pour lui dire qu'il se retirait définitivement d'Andromède, le projet de "cloud à la française" qui doit être soutenu par le Grand Emprunt. Son partenaire, SFR, va chercher un autre allié. En attendant, le projet concurrent porté par Orange et Thalès, devrait recevoir un avis favorable pour son financement.

Dassault Systèmes a mis un point final à son aventure dans « le cloud à la française ». De sources concordantes, Bernard Charlès, le PDG de l'éditeur de logiciels, a écrit en début de semaine au commissaire général à l'investissement René Ricol, au patron de la Caisse des Dépôts et Consignations (CDC) Antoine Gosset-Grainville et à Jean-Bernard Lévy, le patron de SFR et de Vivendi, pour leur faire part de sa décision de se retirer définitivement du projet, exprimant son regret de ne pas avoir su convaincre le Commissariat général à l'investissement (CGI) de répondre à ses exigences.

Dassault Systèmes s'est porté avec SFR candidat à Andromède, le « cloud à la française », que le Grand Emprunt souhaite financer et qui doit doter la France d'une infrastructure de cloud sécurisée (informatique dématérialisée), capable d'héberger des données sensibles. Problème : le CGI et la CDC ont proposé d'injecter de l'argent dans les deux projets en lice, celui de Dassault Systèmes et celui porté par Orange et Thalès. Confirmant ces informations, Bernard Charlès justifie ce retrait: « Nous sommes très heureux d'avoir soutenu avec notre partenaire Vivendi ce projet d'intérêt général pour la France, mais Dassault Systèmes n'entend pas investir 75 millions d'euros dans un projet où l'un des actionnaires (l'Etat, ndlr) est actionnaire à part égale d'une structure concurrente. Étant à l'origine du projet Andromède, nous avions clairement exprimé les conditions de réussite : concentration stratégique, compétitivité structurelle, plateforme ouverte à des partenaires, en ayant enfin la capacité d' ouverture à des alliances Européennes. Ces conditions ne sont pas réunies à ce jour. »

Voyant les pouvoirs publics s'acheminer vers cette solution, Bernard Charlès, menant ses menaces à exécution, a voulu prendre les devants en mettant un terme à sa candidature, sans attendre la décision finale de René Ricol, et l'arbitrage de François Fillon. De fait, selon nos informations, la lettre de Dassault Systèmes est arrivée au CGI avant les recommandations du Comité d'investissement indépendant, qui s'était réuni vendredi 30 mars pour choisir et noter les projets. De bonne source, d'après les dépouillements effectués au CGI, les deux Andromède, Dassault-SFR et Orange-Thalès, sont finalement arrivés à égalité. Du coup, si Dassault Systèmes ne s'était pas désisté, René Ricol aurait donc dû recommander les deux solutions de cloud à François Fillon. L'enveloppe initiale prévue par le Grand Emprunt était de 135 millions d'euros, mais le CGI avait prévu de l'ajuster au regard des besoins. De fait, les deux tandem demandaient chacun 75 millions d'euros de financement public, soit un total de 150 millions.

René Ricol va recommander le financement d'Orange-Thales

Face au désistement de Dassault Systèmes, le commissaire général à l'investissement René Ricol va recommander dans un premier temps l'Andromède d'Orange-Thalès. Selon nos informations, Jean-Bernard Lévy lui a écrit pour l'informer que SFR était toujours candidat, et qu'il cherchait un autre partenaire. Pour obtenir son financement, l'opérateur devra repasser devant le Comité d'investissement.

Dassault Systèmes claque la porte une deuxième fois

Pour Dassault Systèmes, c'est la fin d'une aventure de plus de deux ans, qu'il avait pourtant pilotée. A l'origine, l'Etat ne devait financer qu'un seul projet cloud. Pendant deux ans, Dassault Systèmes a donc travaillé à la composition d'un consortium au côté d'Orange et de Thalès. Mais en décembre, en raison de mésententes avec Stéphane Richard, le PDG d'Orange, sur la gouvernance de l'entité, les clauses de non concurrence, et les conditions tarifaires, Bernard Charlès a claqué une première fois la porte du projet, créant de facto une remise à cause totale des vélléités « cloud » gouvernementales.

Orange restant dans la course au côté de Thalès, Bernard Charlès avait ensuite beaucoup milité pour qu'un seul projet soit sélectionné: le sien. Le groupe a tenté de démontrer par qu'il n'y avait pas forcément la place pour deux, qu'une double concurrence créerait des pressions sur les prix, et retarderait le retour sur investissement. A la mi-mars, l'ancien PDG de SFR, Frank Esser, avait lui-même souhaité qu'il n'y ait qu'un seul financement. Mais les pouvoirs publics en ont décidé autrement. Les défenseurs de cette solution avancent qu'il s'agit là d'un moyen de créer de la concurrence pour que le marché décolle plus rapidement.

La Tribune

http://www.latribune.fr/technos-medias/20120405trib000692197/dassault-systemes-claque-la-porte-du-cloud-a-la-francaise.html

http://www.latribune.fr/technos-medias/informatique/20120315trib000688524/les-dessous-nebuleux-du-cloud-a-la-francaise.html

http://archives.lesechos.fr/archives/2011/lesechos.fr/09/20/0201647375671.htm

https://far-maroc.forumpro.fr/t2030p630-us-air-force-usaf#229753