Cyber War/Guerre informatique

Rappel du premier message :

Citation :

la Marine victime du virus Conficker-Downadup
Thierry Noisette, publié le 9 février 2009

Sécurité - Le réseau interne de la Marine française a été touché par le virus Conficker (ou Downadup) qui a infecté des millions de PC dans le monde. Elle a dû couper son réseau pour le traiter le mois dernier, en collaborant directement avec Microsoft.
L'armée française a été victime en janvier du virus Downadup-Conficker, comme l'a rapporté la lettre Intelligence Online, elle-même citée sur le blog du spécialiste de la défense de Libération, Jean-Dominique Merchet.
Contactée par ZDNet.fr, la Marine confirme ce lundi que « dans la seconde quinzaine de janvier, le virus Conficker a été introduit par négligence, par une clé USB, dans le réseau interne de la Marine, Intramar ». Le lieutenant de vaisseau Rivayrol, du Sirpa Marine, nous indique que le réseau a dès lors été coupé « pour éviter la propagation du virus et procéder à la maintenance sur les postes ». « Intramar a été isolé des autres réseaux du ministère de la Défense, avec lesquels existent en temps normal des passerelles de communication. »
Mais « cela n'a eu aucun effet sur les systèmes opérationnels de la Marine, ni avions ni autres ». Intelligence Online affirmait que les Rafale de la Marine auraient été cloués au sol faute d'avoir pu télécharger leurs paramètres de vol. Ce qui a été arrêté quelques jours concernait seulement la messagerie, précise notre interlocutrice : « On a des réseaux sécurisés militaires, qui ont servi en remplacement pendant la coupure d'Intramar, et Internet. Mais ces trois réseaux, Intramar, Internet et réseaux sécurisés sont complètement séparés, il n'y a aucun lien entre eux. »
Intramar relie plusieurs milliers de postes informatiques, dont « moins de 2 % ont été touchés par le virus ».

Une faille traitée en 48 heures
Pourquoi ce décalage entre un patch publié par Microsoft (le virus touche une faille Windows, notamment sous Windows 2000, XP et Vista) en octobre et des ordinateurs atteints en janvier ?
« Il y avait un petit défaut dans le patch qui ne prenait pas en compte en totalité Conficker, explique le lieutenant Rivayrol. Ce patch avait été installé sur l'ensemble des postes de la Marine, mais cela n'a pas suffi. Par contre, le réseau d'alerte ministériel et interministériel a immédiatement été mobilisé. Il a directement travaillé avec Microsoft pour mettre au point un patch traitant cette faille-là, ce qui a été fait en moins de 48 heures. Le dispositif d'alerte a très bien fonctionné, et le virus n'a du coup eu aucune conséquence pour d'autres armes ni ailleurs dans le ministère. »
Les experts américains du Computer Emergency Response Team (Cert) avaient mis en cause la méthode de Microsoft pour bloquer la propagation du ver Downadup.
L'armée française n'est pas la seule à avoir été éprouvée par Conficker, qui a contaminé des millions d'ordinateurs dans le monde. Le ministère britannique de la Défense, et en particulier la Royal Navy, ont également été touchés par le virus le mois dernier.

http://www.zdnet.fr/actualites/informatique/0,39040745,39387036,00.htm

États-Unis : L'Utah va-t-il devenir la capitale de la cyber-surveillance ?
La NSA est en train de se doter d'un centre de data mining géant à une demi-heure de Salt Lake City. Tous les emails pourront désormais être lus, les recherches en ligne scrutées et le centre servir au contre-espionnage.

Merci a GlaivedeSion pour l'info.

L'article a la source:

Cyberguerre: quand Israël peut détourner le trafic web

Citation :

L’expérience a été menée dans la plus ancienne université d’Israël, la faculté Technion de Haïfa. Elle a consisté à créer un serveur fantôme qui envoie de faux messages aux routeurs chargés d’acheminer les paquets de contenus sur le web. L’intrus peut, soit bloquer complètement le trafic en paralysant un nombre illimité de routeurs, soit capter les messages et analyser les informations qu’ils contiennent. Une étape cruciale dans l'évolution de la cyberguerre.

Fausses informations de routage

C’est probablement le type d’attaque le plus redoutable depuis qu’en 1976, les routeurs ont remplacé les passerelles. A la différence des passerelles qui organisaient le transit des messages entre les différentes plateformes sans assurer que les paquets allaient tous arriver aux bonnes destinations, les routeurs accélèrent le trafic en garantissant la destination et l’intégrité des contenus. C’est cette garantie, éprouvée par plus de trente ans d’expansion du web, que les informaticiens de Technion viennent de faire sauter.

Pour bien comprendre la portée de cette expérience, il faut imaginer le réseau mondial comme un gigantesque archipel de plateformes électroniques. Pour qu’un contenu (courriel, fichier audio, vidéo) puisse passer d’une «île » à l’autre, il faut que de nombreux ordinateurs très spécialisés assurent le transfert en orientant, par les meilleures routes possibles, les fragments numériques de ce contenu, fragments appelés paquets.

Le transfert des paquets n’est possible que si les routeurs dialoguent constamment entre eux. De fait, ils s’envoient périodiquement de brefs signaux qui les informent mutuellement sur l’état du réseau et sur leur disponibilité respective. Le vecteur permanent et universel de ce dialogue est un langage appelé protocole. Sous la direction du professeur Gabriel Raphaël, et sous la supervision directe de Gabi Nakibly et Itai Dabran, les étudiants de Technion, Alex Kirshon et Dima Gonikman, ont mené à terme un projet de fin d’études visant à pirater le plus ancien et le plus utilisé des protocoles de routage, l’OSPF (Open Shortest Path First = « D’abord le chemin ouvert le plus court »). Du coup, leur serveur fantôme a pu envoyer de faux messages aux routeurs et récupérer tout ce qui passait par eux.

La faille était dans le correctif

En forçant le trait, l’attaque ainsi réussie pourrait se comparer à ceci : des faux aiguilleurs se substituant aux vrais réussiraient (protocole piraté) à détourner une partie du trafic aérien international vers un aéroport clandestin installé sur une île peu connue (serveur fantôme).

Officiellement, l’opération universitaire a pour but d’aider le consortium W3C qui régit le réseau mondial à améliorer la sécurité du protocole de routage. Il suffirait en effet d’appliquer un correctif au langage piraté.

Mais en examinant de plus près le scénario de l’attaque réussie, on constate qu’Axel et Dima ont trompé les routeurs en exploitant une faille de leur actuel système de défense appelé « fight-back » : réaction automatique (réflexe) d’un routeur qui corrige le signal faux ou altéré de ses voisins les plus proches. Donc, la faille était dans le correctif.

La « cyberguerre » n’existe pas, mais…

Le fait d’avoir rendu public le succès de l’attaque - et récompensé les deux étudiants - s’inscrit dans une séquence un peu plus chaude que d’habitude de la « cyber guerre » entre Israël et certains pays du Moyen-Orient. La notion de cyberwarfare est récusée par de nombreux officiels à travers le monde. Ce qui n’a pas empêché les Etats-Unis d’avoir multiplié, depuis juin 2009, les agences de cyber défense, imités en cela par la Corée du Sud, la Grande-Bretagne et Israël.

Le 16 janvier dernier, le site web de la Bourse de Tel Aviv et celui de la compagnie El Al ont été les cibles d’attaques classiques, dites de « deni de service distribués » (torrents de requêtes visant à noyer les serveurs). Félicité par le Hamas, l’auteur se présentait comme un hacker vivant en Arabie Saoudite. Les firmes visées ont immédiatement bloqué les adresses IP de plusieurs pays arabes, dont l’Algérie, et un groupe de hackers baptisé « Forces de Défense d’Israël » a menacé d’attaquer plusieurs sites d’entreprises et de gouvernements arabes.

La publicité qui vient d’être donnée au piratage expérimental du protocole de routage revêt, dans ce contexte, la double dimension d’une escalade et d’un avertissement. Escalade : le détournement du trafic par « duperie de routeurs » est aux techniques classiques des hackers ce que les missiles de croisière sont aux pièces d’artillerie: un énorme avantage concurrentiel. Avertissement indirectement adressé à un pays, non pas arabe mais musulman, comme l’Iran : Israël est théoriquement en mesure de contrôler le trafic entre les plateformes électronique persanes. L’Iran étant le plus ferme soutien du régime syrien. Pour mémoire, la première bataille inter-étatique sur le web s’est produite le 27 avril 2007 quand des « guerriers » russes ont paralysé en une seule offensive de nombreux sites officiels estoniens. L’année suivante, les affrontements par « dénis de service distribués » (DDoS) opposaient à la Russie, une Georgie aidée par des experts estoniens et américains.

La publication, en mars dernier, de courriels privés révélant le rôle et le train de vie fastueux Mme Asma al-Assad n’a pas été revendiquée par Wikileaks, ni par les Anonymous. Elle ne peut être le fait des oppositions syriennes. A moins que les dignitaires du régime soient complètement novices en matière de sécurité, ces fuites ne peuvent provenir que de méthodes sophistiquées d’intrusion. Ou de détournement

Quoi qu’il en soit, dans la liste de ses priorités que le patron américain de la cybersécurité, Howard Schmidt, vient de remettre à Barack Obama, la fiabilité des connexions arrive en tête. C’est exactement ce que le président des Etats-Unis, Dwight Eisenhower, avait demandé aux « plus gros cerveaux » du pays convoqués en octobre 1957, quand il est apparu que le premier satellite soviétique, Spoutnik, pouvait détruire le réseau de communication partant du Pentagone.

Atlantico.fr

http://www.atlantico.fr/rdvinvite/cyberguerre-israel-trafic-web-nathalie-joannes-332613.html?page=0,2

La news d'origine du Technion

Citation :

Technion Students Hack OSPF, the Most Popular Routing Protocol on the Internet

The attack was part of a student project in the Computer Science Department and has attracted substantial interest in two scientific conferences; the students will be awarded the Technion Amdocs Prize

Alex Kirshon and Dima Gonikman, students in the Technion Computer Science Department, succeeded in hacking the OSPF routing protocol, the most common protocol on the internet. The attack was part of a student project in the Laboratory of Computer Communication and Networking and has attracted substantial interest in two scientific conferences it was presented in. Alex and Dima will be awarded the Technion Amdocs Prize for Best Project in Computer Science. Their supervisors were Gabi Nakibly and Itai Dabran.

Hundreds of thousands of routers work on the internet, linking the different networks. Each router is supposed to "know" all the other routers and to "talk" to them (obtain information about their neighbors and about networks connected to them). The incessant involvement of the routers in the transmission of this information encumbers them and diminishes their effectiveness. Hence, the internet is in fact split into autonomic systems that "talk" to each other. The routers in each such system "know" one another.

The most popular protocol for the transmission of information between routers in autonomic systems is OSPF. If it malfunctions, many messages will not reach their destination. Moreover, there is the concern that these messages will reach the attacker of the protocol. Accordingly, stringent security measures are in place for the protocols of network routers.

One of the important defenses is called "fight-back". When it is implemented – when a router recognizes that another router has sent data in its name – it immediately issues a correction.

With help from their supervisors, Alex Kirshon and Dima Gonikman "targeted" this correction. They triggered a fight-back from a router on the network, but immediately before it was sent, they sent a fight-back with false data that was received by some of the other routers. When these routers received the fight-back of the compromised router, they rejected it because they supposedly already received a fight-back from it.

The "attacking" students also identified in advance which fight-back the attacked router will send, so that the other routers received it from them "without doubts or questions". From the moment they received the "fake" fight-back, there are routers on the network that have incorrect routing tables.

Such an attack can disrupt the entire operation of the autonomic system, prevent messages from reaching their destination and unnecessarily create substantial traffic on the network.

Seven groups of students will receive the Amdocs Prize for Best Project in a ceremony that will take place in mid-March in the Technion Computer Science Department.

Technion

http://www1.technion.ac.il/_local/includes/blocks/news-items/120227-dabran/news-item-en.htm

A mon avis cette attaque n'est pas contre "internet" mais viens s'ajouter a un arsenal utile.

OSPF est un protocole de routage (protocole qui reconfigure les tables des routeurs automatiquement) classe Intrerior Gateway Protocol, CAD a l'interieur des Autonomous Systems (par opposition au protocols de routage External Gateway Protocol tels BGP)

Les AS (autonomous systems) sont les unite de bases gerres apr des grandes entitees tel les gouvernements, les plus grandes ISPs etc... les AS echangent leurs infos par EGP, et une attaque contre un EGP (tel BGP) serait uneattaque contre internet car la base des echanges entre AS est la confiance, heritage du temps ou intenet etait un reseau universitaire resreaint a un nombre limitee d'entitees. C'est ce qui explique les dommages collatereux qu'avait provoque le magouillage pakistanais sur ses tables BGP pour bloquer youtubne/facebook Pakistan’s Accidental YouTube Re-Routing Exposes Trust Flaw in Net

Bref une attaque contre OSPF serait utile a l'interieur d'un AS donne et sepcifique au mailleur des cas mais ce genre d'attaques est la pour ouvrir la voie a d'autres vecterus et technniques.

Parmi ceux la il y'a les "rogue routers" infiltres dans l'organisation, surtout en Wifi, il y'a les petites cles usb qui desomais peuvent contenir un ordinatuer sur bord (crakcer les pass par un agent qui a l'acces physique), sans oublier les malwares decouverts de temps en temps sur le matos des constructeurs reseaux (le dernier en date etant HP, et avant , Cisco) et les suspiscion de backdoors (portes derobees) dans les logiciels de securite meme.

lien intéressant

http://thinkbank.eads.com/index.html?language=fr#/landing

Suspected cyber attack hits Iran oil industry

Citation :

(Reuters) - Iran is investigating a suspected cyber attack on its main oil export terminal and on the Oil Ministry itself, Iranian industry sources said on Monday.

A virus was detected inside the control systems of Kharg Island - which handles the vast majority of Iran's crude oil exports - but the terminal remained operational, a source at the National Iranian Oil Company (NIOC) said.

The virus, which is likely to draw comparisons with the Stuxnet computer worm which reportedly affected Iranian nuclear facilities in 2009-10 [ID:nPOM731768], struck late on Sunday.

It hit the internet and communications systems of Iran's Oil Ministry and of its national oil company, the semi-official Mehr news agency reported. Computer systems controlling a number of Iran's other oil facilities have been disconnected from the Internet as a precaution, the agency added.

Hamdullah Mohammadnejad, the head of civil defense at the oil ministry, was reported as saying Iranian authorities had set up a crisis unit and were working out how to neutralize the attacks.

IT systems at the oil ministry and at the national oil company were also disconnected to prevent the spread of any virus, the Mehr news agency said.

The oil ministry's own media network, Shana, quoted a spokesman as saying some data had been affected but that there was no major damage.

VIRUS REMINISCENT OF STUXNET

Iran's nuclear program is thought to be the principal target of the Stuxnet worm - discovered in 2010 - the first virus believed to have been specifically designed to subvert industrial systems.

U.S.-based think-tank, the Institute for Science and International Security (ISIS), said that in late 2009 or early 2010 about 1,000 centrifuges - machines used to refine uranium - out of the 9,000 used at Iran's Natanz enrichment plant, had been knocked out by the virus - not enough to seriously harm its operations.

Iranian officials have accused the United States and Israel of developing the virus to sabotage its atomic program, an allegation neither country has commented on.

The United States and its allies suspect Iran is using its enrichment activities to covertly develop a nuclear weapons capability, a charge Tehran denies.

Late last year, Iran also identified damage it said was inflicted by a similar virus aimed at disrupting industrial processes, called Duqu.

Experts say Duqu appears to be designed to gather data to make it easier to launch future attacks and that very few organizations could have written such complex programs. There is no confirmation this latest attack is related to Duqu.

A systems analyst at Hungary's Laboratory of Cryptography and System Security, which first discovered and named Duqu, told Reuters that Iran needed to be more cooperative with samples of malware codes if it required external help.

"As this recent incident might have been a targeted attack against Iran and only against Iran, security experts in Western countries might be reluctant to help them," Boldizsar Bencsath said.

The authorities said there had been no disruption to production or exports, Mehr news reported, but a shipping source with knowledge of operations at Kharg Island said that the NIOC has been prevented from sending out the crude-loading program at the terminal.

Most of the world's oil facilities are controlled by computers, but some processes can be managed manually when necessary.

SCEPTICISM

Some experts said it was not yet clear whether the virus reported on Monday was, like Stuxnet, seeking to corrupt industrial processes to cause physical damage, or was a simple data virus.

One cyber security specialist Ali Jahangiri said he had doubts about whether a virus actually existed.

"There is no indication that this is definitely a targeted attack from outside. It could be a technical failure inside the oil ministry's communications own systems," he said.

However, John Bumgarner, a security specialist at the U.S. Cyber Consequences Unit think tank, told Reuters a virus was a possibility, and that a sufficiently complex one could have more than a fleeting impact.

"The reason you would put a virus inside this network to erase data is because that causes those facilities to have to shut down," he said, saying servers would need to be rebuilt to get them back online.

"So during that time the production and refinery operations for Iran could be impacted. And depending on how the virus was written, it could be longer term."

(Reporting By Marcus George, Amena Bakr, Humeyra Pamuk, Daniel Fineren and William Maclean; Writing by Marcus George; Editing by Andrew Osborn)

In U.S.-Russia deal, nuclear communication system may be used for cybersecurity

The Washington Post

Citation :

A secure communications channel set up to prevent misunderstandings that might lead to nuclear war is likely to expand to handle new kinds of conflict — in cyberspace.

The Nuclear Risk Reduction Center, established in 1988 under President Ronald Reagan so that Washington and Moscow could alert each other to missile tests and space launches that could be mistaken as acts of aggression, would take a central role in an agreement nearing completion between U.S. and Russian negotiators.


The use of the secure channel would be a milestone in the effort to ensure that misperceptions in cyberspace — where it is difficult to know who is behind a digital attack or even whether a computer disruption is the result of deliberate action — do not escalate to full hostilities, say U.S. officials and experts from both countries.

The talks reflect the increasing importance of cyber-activities as points of potential conflict between nations. The Obama administration has warned with growing urgency in recent months that a cyberattack could undermine systems providing water, power or other critical services to Americans.

The agreement would be the first between the United States and another country seeking to lessen the danger of conflict in cyberspace, and it would include other measures to improve communication and transparency. It would be, officials and experts note, an initial step toward making cyberspace more stable.

“Both the U.S. and Russia are committed to tackling common cybersecurity threats while at the same time reducing the chances a misunderstood incident could negatively affect our relationship,” White House spokeswoman Caitlin Hayden said.

Russian Embassy spokesman Yevgeniy Khorishko said, “We feel that these confidence-building measures are important to preventing conflicts.”

The pact would be a positive development, in contrast to a generally downbeat U.S. assessment of Russian actions in cyberspace. An intelligence agency report last fall singled out Russia and China as aggressive perpetrators of cyber-espionage against economic targets. Russian organized-crime groups have been active for years in cyber-theft of consumers’ credit card information and other data.

The agreement would not address those issues, nor political differences over the extent to which governments can or should control speech on the Internet. At a conference in Germany this week, Russia pressed its campaign for a binding United Nations treaty on “information security” that would endorse the concept of a governmental role in controlling expression online. The United States opposes that effort.

Talks between the United States and the Chinese over cybersecurity are proceeding at a slower pace, officials say. American officials say the Chinese have not agreed with the U.S. position that the law of armed conflict, which requires the use of proportional force and the minimization of harm against civilians, applies to cyberspace.

The Russians accept that position, easing potential conflict on that point. Experts also note that the Russians and the Americans have had decades of experience in negotiating on nuclear and other strategic matters.

With computer terminals at the State Department and the Russian Ministry of Defense that are staffed 24 hours a day, the Nuclear Risk Reduction Center allows electronic messages to be quickly translated and directed to key officials. Each government, for instance, could alert the other before it test-fired an intercontinental ballistic missile so that the launch would not be mistaken as the first salvo in a nuclear war.

The nuclear center supports more than a dozen bilateral and multilateral treaties and agreements with up to 50 countries and in six languages. The treaties also deal with troop movements and major military exercises.

In the case of a cyber-incident, the channel of communication could be activated if either side detects what appears to be hostile activity coming from the other’s territory, officials said.

The channel would be used only if the malicious cyber-activity is of “such substantial concern that it could be perceived as threatening national security,” said an administration official who described the emerging agreement on the condition of anonymity because the talks are not yet final. “So this is not to be used every day.”

The Russians requested a phone-based hotline between the Kremlin and the White House exclusively for cyber-incidents, the official said. That would be distinct from the nuclear hotline.

Though often depicted in popular culture as red telephone, the nuclear hotline started as a Teletype machine and was later replaced by a computerized system, a defense official said. The hotline, used for crisis communications between heads of state, is not part of the Nuclear Risk Reduction Center.

The pending agreement has grown out of high-level cybersecurity talks in Moscow in February 2011 and a follow-up last June in Washington to establish confidence-building measures to prevent cyber-conflict.

Vice President Biden said in November that talks between the United States and Russia were intended to “build cooperation and to set up lines of communication in the event of an alarming incident.”

The negotiators agreed on two other measures, including an exchange of position papers, which has been completed. The United States gave the Russians the Pentagon’s strategy for cyberspace before it was published last July. In December, the Russians delivered a Ministry of Defense paper on the “information space” that affirmed that the law of armed conflict applies in cyberspace, although the Russians have said more rules may be needed.

The other measure would set up an ongoing exchange of basic, unclassified data on malicious cyber-activity between the Department of Homeland Security’s U.S. Computer Emergency Readiness Team and its counterpart in Russia.

“It’s a very good approach in bilateral relations to decrease tensions,” said Andrey Kulpin, an adviser on international cooperation at the Institute of Information Security Issues at Lomonosov Moscow State University. If either side sees what appears to be a cyberattack from the other, he said,“we have a direct line to discuss that and to have a clear vision that this is not from Russia or the United States.”

Citation :

Lockheed Martin to Assist Department of Defense in Fight Against Growing Threat: Cyber Crime

Supporting DoD’s Cyber Crime Center through Digital Forensics and Analysis

VALLEY FORGE, Pa., May 3, 2012 – Already one of the U.S. Department of Defense’s most-experienced providers of solutions for defeating military threats, Lockheed Martin (NYSE:LMT) will now team with the Department of Defense Cyber Crime Center (DC3) to thwart another type of enemy — cyber criminals.

The company has been selected to deliver a full range of technical, functional, and managerial support to the DC3, which provides vital assistance in the investigation of criminal, counterintelligence and counterterrorism matters, as well as cyber security support to Defense Industrial Base partners. The work will be conducted through a task order awarded by the General Services Administration’s Federal Systems Integration and Management Center under the General Services Administration Alliant Contract. The task order has a ceiling value of $454 million if all options are exercised.

“DC3 faces compelling requirements for superior digital forensics and multi-media lab services, related research, development, test and evaluation, and cyber analytics,” said Steve Shirley, executive director of the Center in Linthicum, Md. “Responsive and capable industry mission partners are a significant feature of DC3’s operations. We’re looking forward to a smooth transition as Lockheed Martin becomes a key mission partner, and we’re confident the company’s capabilities will help us succeed in our future challenges.”
The Lockheed Martin team will bring to DC3 its extensive cyber analysis expertise gained through its role in protecting some of the most-sensitive information networks in the world. As the leading IT provider for the federal government 17 consecutive years (Washington Technology), Lockheed Martin also has executed many successful large contract transitions.

“As DC3’s new mission partner, we’re excited to assist the Center as it expands and advances its technical capabilities in support of DoD criminal investigative, counterintelligence, and counterterrorism organizations, and to help safeguard the networks of Defense Industrial Base partners,” said Gerry Fasano, president of Lockheed Martin Information Systems & Global Solutions-Defense (IS&GS-Defense).

Because of its size and importance, the DoD is targeted by cyber criminals ranging from terrorists to spies to identity thieves. “Our industry team provides solutions to address a cyber threat environment that is highly dynamic and growing in volume and complexity,” said Dr. Rohan Amin, DC3 program director for Lockheed Martin IS&GS-Defense. “We recognize the uniqueness of the mission and look forward to working with DC3 to address these future challenges.”

Lockheed Martin’s scope of work will include digital and multimedia forensics examination, analysis, research, development, test and evaluation, information technology and cyber analytical services. The primary work will be conducted at DC3 headquarters in Linthicum, Md.Headquartered in Bethesda, Md., Lockheed Martin is a global security company that employs about 123,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. The Corporation's net sales for 2011 were $46.5 billion.

http://www.lockheedmartin.com/us/news/press-releases/2012/may/isgs-DC3-EITS-0503.html

FBI: We need wiretap-ready Web sites - now

CNET

Citation :

CNET learns the FBI is quietly pushing its plan to force surveillance backdoors on social networks, VoIP, and Web e-mail providers, and is asking Internet companies not to oppose a law making those backdoors mandatory.

Citation :

The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.

In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.

The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.

"If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding," an industry representative who has reviewed the FBI's draft legislation told CNET. The requirements apply only if a threshold of a certain number of users is exceeded, according to a second industry representative briefed on it.

The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks.

FBI Director Robert Mueller is not asking companies to support the bureau's CALEA expansion, but instead is "asking what can go in it to minimize impacts," one participant in the discussions says. That included a scheduled trip this month to the West Coast -- which was subsequently postponed -- to meet with Internet companies' CEOs and top lawyers.

A further expansion of CALEA is unlikely to be applauded by tech companies, their customers, or privacy groups. Apple (which distributes iChat and FaceTime) is currently lobbying on the topic, according to disclosure documents filed with Congress two weeks ago. Microsoft (which owns Skype and Hotmail) says its lobbyists are following the topic because it's "an area of ongoing interest to us." Google, Yahoo, and Facebook declined to comment.

In February 2011, CNET was the first to report that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its "Going Dark" problem, meaning that its surveillance capabilities may diminish as technology advances. Caproni singled out "Web-based e-mail, social-networking sites, and peer-to-peer communications" as problems that have left the FBI "increasingly unable" to conduct the same kind of wiretapping it could in the past.

In addition to the FBI's legislative proposal, there are indications that the Federal Communications Commission is considering reinterpreting CALEA to demand that products that allow video or voice chat over the Internet -- from Skype to Google Hangouts to Xbox Live -- include surveillance backdoors to help the FBI with its "Going Dark" program. CALEA applies to technologies that are a "substantial replacement" for the telephone system.

"We have noticed a massive uptick in the amount of FCC CALEA inquiries and enforcement proceedings within the last year, most of which are intended to address 'Going Dark' issues," says Christopher Canter, lead compliance counsel at the Marashlian and Donahue law firm, which specializes in CALEA. "This generally means that the FCC is laying the groundwork for regulatory action."
Subsentio, a Colorado-based company that sells CALEA compliance products and worked with the Justice Department when it asked the FCC to extend CALEA seven years ago, says the FBI's draft legislation was prepared with the compliance costs of Internet companies in mind.

In a statement to CNET, Subsentio President Steve Bock said that the measure provides a "safe harbor" for Internet companies as long as the interception techniques are "'good enough' solutions approved by the attorney general."
Another option that would be permitted, Bock said, is if companies "supply the government with proprietary information to decode information" obtained through a wiretap or other type of lawful interception, rather than "provide a complex system for converting the information into an industry standard format."

A representative for the FBI told CNET today that: "(There are) significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government 'going dark,' resulting in an increased risk to national security and public safety."

Next steps

The FBI's legislation, which has been approved by the Department of Justice, is one component of what the bureau has internally called the "National Electronic Surveillance Strategy." Documents obtained by the Electronic Frontier Foundation show that since 2006, Going Dark has been a worry inside the bureau, which employed 107 full-time equivalent people on the project as of 2009, commissioned a RAND study, and sought extensive technical input from the bureau's secretive Operational Technology Division in Quantico, Va. The division boasts of developing the "latest and greatest investigative technologies to catch terrorists and criminals."
But the White House, perhaps less inclined than the bureau to initiate what would likely be a bruising privacy battle, has not sent the FBI's CALEA amendments to Capitol Hill, even though they were expected last year. (A representative for Sen. Patrick Leahy, head of the Judiciary committee and original author of CALEA, said today that "we have not seen any proposals from the administration.")
Mueller said in December that the CALEA amendments will be "coordinated through the interagency process," meaning they would need to receive administration-wide approval.

Stewart Baker, a partner at Steptoe and Johnson who is the former assistant secretary for policy at Homeland Security, said the FBI has "faced difficulty getting its legislative proposals through an administration staffed in large part by people who lived through the CALEA and crypto fights of the Clinton administration, and who are jaundiced about law enforcement regulation of technology -- overly jaundiced, in my view."

On the other hand, as a senator in the 1990s, Vice President Joe Biden introduced a bill at the FBI's behest that echoes the bureau's proposal today. Biden's bill said companies should "ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." (Biden's legislation spurred the public release of PGP, one of the first easy-to-use encryption utilities.)

The Justice Department did not respond to a request for comment. An FCC representative referred questions to the Public Safety and Homeland Security Bureau, which declined to comment.

From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it's making sure that a wiretap is guaranteed to produce results.

But that nuanced argument could prove radioactive among an Internet community already skeptical of government efforts in the wake of protests over the Stop Online Piracy Act, or SOPA, in January, and the CISPA data-sharing bill last month. And even if startups or hobbyist projects are exempted if they stay below the user threshold, it's hardly clear how open-source or free software projects such as Linphone, KPhone, and Zfone -- or Nicholas Merrill's proposal for a privacy-protective Internet provider -- will comply.

The FBI's CALEA amendments could be particularly troublesome for Zfone. Phil Zimmermann, the creator of PGP who became a privacy icon two decades ago after being threatened with criminal prosecution, announced Zfone in 2005 as a way to protect the privacy of VoIP users. Zfone scrambles the entire conversation from end to end.

"I worry about the government mandating backdoors into these kinds of communications," says Jennifer Lynch, an attorney at the San Francisco-based Electronic Frontier Foundation, which has obtained documents from the FBI relating to its proposed expansion of CALEA.

As CNET was the first to report in 2003, representatives of the FBI's Electronic Surveillance Technology Section in Chantilly, Va., began quietly lobbying the FCC to force broadband providers to provide more-efficient, standardized surveillance facilities. The FCC approved that requirement a year later, sweeping in Internet phone companies that tie into the existing telecommunications system. It was upheld in 2006 by a federal appeals court.

But the FCC never granted the FBI's request to rewrite CALEA to cover instant messaging and VoIP programs that are not "managed"--meaning peer-to-peer programs like Apple's Facetime, iChat/AIM, Gmail's video chat, and Xbox Live's in-game chat that do not use the public telephone network.

If there is going to be a CALEA rewrite, "industry would like to see any new legislation include some protections against disclosure of any trade secrets or other confidential information that might be shared with law enforcement, so that they are not released, for example, during open court proceedings," says Roszel Thomsen, a partner at Thomsen and Burke who represents technology companies and is a member of an FBI study group. He suggests that such language would make it "somewhat easier" for both industry and the police to respond to new technologies.

But industry groups aren't necessarily going to roll over without a fight. TechAmerica, a trade association that includes representatives of HP, eBay, IBM, Qualcomm, and other tech companies on its board of directors, has been lobbying against a CALEA expansion. Such a law would "represent a sea change in government surveillance law, imposing significant compliance costs on both traditional (think local exchange carriers) and nontraditional (think social media) communications companies," TechAmerica said in e-mail today.

Ross Schulman, public policy and regulatory counsel at the Computer and Communications Industry Association, adds: "New methods of communication should not be subject to a government green light before they can be used."
Last updated at 12:30 p.m. PT

Citation :

"Going Dark" timeline
June 2008: FBI Director Robert Mueller and his aides brief Sens. Barbara Mikulski, Richard Shelby, and Ted Stevens on "Going Dark."

June 2008: FBI Assistant Director Kerry Haynes holds "Going Dark" briefing for Senate appropriations subcommittee and offers a "classified version of this briefing" at Quantico.

August 2008: Mueller briefed on Going Dark at strategy meeting.

September 2008: FBI completes a "high-level explanation" of CALEA amendment package.

May 2009: FBI Assistant Director Rich Haley briefs Senate Intelligence committee and Mikulsi staffers on how bureau is "dealing with the 'Going Dark' issue.'" Mikulski plans to bring up "Going Dark" at a closed-door hearing the following week.
May 2009: Haley briefs Rep. Dutch Ruppersberger, currently the top Democrat on House Intelligence, who would later co-author CISPA.

September 2008: FBI staff briefed by RAND, which was commissioned to "look at" Going Dark.

November 2008: FBI Assistant Director Marcus Thomas, who oversees the Quantico-based Operational Technology Division, prepares briefing for President-Elect Obama's transition team.

December 2008: FBI intelligence analyst in Communications Analysis Unit begins analysis of VoIP surveillance.

February 2009: FBI memo to all field offices asks for anecdotal information about cases where "investigations have been negatively impacted" by lack of data retention or Internet interception.

March 2009: Mueller's advisory board meets for a full-day briefing on Going Dark.

April 2009: FBI distributes presentation for White House meeting on Going Dark.

April 2009: FBI warns that the Going Dark project is "yellow," meaning limited progress, because of "new administration personnel not being in place for briefings."

April 2009: FBI general counsel's office reports that the bureau's Data Interception Technology Unit has "compiled a list of FISA dockets... that the FBI has been unable to fully implement." That's a reference to telecom companies that are already covered by the FCC's expansion of CALEA.

May 2009: FBI's internal Wikipedia-knockoff Bureaupedia entry for "National Lawful Intercept Strategy" includes section on "modernize lawful intercept laws."

May 2009: FBI e-mail boasts that the bureau's plan has "gotten attention" from industry, but "we need to strengthen the business case on this."

June 2009: FBI's Office of Congressional Affairs prepares Going Dark briefing for closed-door session of Senate Appropriations subcommittee.

July 2010: FBI e-mail says the "Going Dark Working Group (GDWG) continues to ask for examples from Cvber investigations where investigators have had problems" because of new technologies.

September 2010: FBI staff operations specialist in its Counterterrorism Division sends e-mail on difficulties in "obtaining information from Internet Service Providers and social-networking sites."

Une "reponse" face a la decouverte que alQda utilise de la steganographie, le cauchemard de la cryptanalysis? et que des groups "terro" au pakistan ont etabli leur propre reseau VoIP GPRS?

http://www.zeit.de/2012/12/Al-Kaida-Deutschland/seite-1

Article du Zeit, explication sur Ars Technica:

Steganography: how al-Qda hid secret documents in a porn video

http://arstechnica.com/business/news/2012/05/steganography-how-al-qaeda-hid-secret-documents-in-a-porn-video.ars

tres interessant l´article de Zeit
comme ca on sait ce que zawahiri et ses lieutenants regardent en temps libre

Citation :

made it far more difficult for agents to wiretap Americans suspected of illegal activities

reste a voir s´ils veulent seulement limiter ca aux US ou ratisser large?
en tout cas si ca passe hotmail Facebook and co vont y laisser des plumes

Yakuza a écrit:

tres interessant l´article de Zeit
comme ca on sait ce que zawahiri et ses lieutenants regardent en temps libre

Citation :

made it far more difficult for agents to wiretap Americans suspected of illegal activities

reste a voir s´ils veulent seulement limiter ca aux US ou ratisser large?
en tout cas si ca passe hotmail Facebook and co vont y laisser des plumes

Exact, et nous savons maintenant comment on peut aide la "cause" des deux cotes pendant notre temps libre.......... ou peut etre pas

Concernant le FBI, il existe au moins 2 elements:

1 - la montee en puissance de la NSA pousse les autres services a garder l'equilibre...competition entre differentes bureaux oblige. Si le fer de lance de la NSA c'est la science, le FBI lui ne peut compter que sur la loi, surtout que la cours supreme lui avait interdit de placer des engins de tracking GPS sans authorization judiciaire apres plusieurs scandales et que certains technos d'authentifications sur Android se sont averee incrackables (dans les delais et le budget du FBI)

FBI Turns Off Thousands of GPS Devices After Supreme Court Ruling

FBI, stumped by pimp's Android pattern lock, serves warrant on Google

Anoter que la police bresilienne, il y'a 3 ans, avait torture un banquier accuse de blanchiment d'argent de drogue pour qu'il crache le password TrueCrypt (logiciel open source de cryptage) ou il avait mis ses documents. La methode, low-tech, avait produit le resulat escompte en bonne et due forme

2- a cause de l'architecture internet, (pratiquement) toutes les voies du traffic IP menent aux US. Il 'sagit d'un cadeau de facto qu'il serait stupide de negliger, avec les milliers de docs, de communications et d'autres information qui transiteraient par des serveurs US sans que les autoritees ne soient capables d'y acceder. Le crackdown sur les services d'anonymization en fait partie.

FBI Seizes Activists' Anonymizing Server In Probe Of Pittsburgh's Bomb Threats

Pour retourner a la question brulante de la steganographie, la methode suivie pour le moment est de se fier au flair human, le HUMINT pour filtrer les suspects. Technologiquement, des logs de securite sont mis a jours avec des signatures de logiciles connus de stegano. Le probelem est que a l'age ou des groupes arrivent a monter leur propre reseau cellulaire VoIP avec une encryption prorietaire, ou meme open source de qualite industrielle, d'autres groupes seront de meme autonomes technologiquement pour ces affaires de cryptage, et cette methode de signatures tombera a l'eau. pour l'anecdote l'un des premier "ONG" a utiliser massivement la stegano etait la maffia italienne durant les 90's qui distribuait des information entre l'europe et l'amerique par le biais d'innocentes photos de familia... Les renseignements occidentaux du futurs feront vraisemblablement un retour massif au facteur humain, il n'y a pas de doute IMHO.



De Wikipedia: http://en.wikipedia.org/wiki/Steganography

Cette photo



est a l'interieure de celle-ci:

Pour continuer sur le theme de la steganographie et sa contre-mesure, steganalysis:

Communications Research Centre Canada

http://www.crc.gc.ca/en/html/crc/home/mediazone/eye_on_tech/2009/issue10/steganography

(versions EN et FR)

Citation :

Steganography, the art and science of hiding communication, has been a part of spy craft and military strategy for millennia. In the Histories of Herodotus, written in 440 BC, the author recounts the story of Histiaeus, who shaved the head of his most trusted slave, tattooed a message on his scalp and, once the hair had grown back, sent the man through enemy lines to deliver the message.

Unlike cryptography, where the message is evident but its meaning is obscured, the goal of steganography is to hide the message entirely so only the sender and the recipient know of its existence - what the Communications Research Centre's (CRC) Dr. Ken Sala refers to as "hiding in plain sight." And, like all things in the modern world, steganography has gone digital.

"Most people don't understand that each time you visit a website the photographs from that website are downloaded to your computer," explains Sala.

That, added to the recent proliferation of cheap, accessible steganography software, means you may already have altered or "dirty" files on your computer with no knowledge that they're there, and this has some companies and government departments concerned. While most steganography software is used for legitimate purposes, the fear is that these powerful programs could be used to mask illegal activity such as the theft of trade secrets or the exchange of child pornography. Both private companies and government departments are looking for ways to ensure their computers and websites are free of corrupted files.

"When you consider that there are over 2.5 trillion images exchanged through the Internet on a daily basis," says Sala, "the potential scope of the problem becomes clear."

Most steganography software is used lawfully for securing computer files. In the age of the laptop, where a hard drive may contain secret company files as well as bank passwords and personal information, the software can be employed to hide sensitive material and thus protect it in the event that the laptop is lost or stolen. Many companies also want to secure desktop computers within the workplace, especially those of people working on classified projects.

Sala's interest is the flip side of steganography, the science of steganalysis. While the steganographer's goal is to hide the message, Sala's research focuses on ways to detect altered files. All digital steganography involves one or several carrier files - often image files - as well as the image or message the sender wishes to hide. What is important to understand, says Sala, is that the steganography software embeds the hidden image in the binary code of the carrier file. There is no "picture-within-a-picture," so no matter how hard you stare, the faint outline of the hidden image will never emerge. Rather, says Sala, digital steganography uses binary code to exploit a weakness in the human eye.

Each pixel within a digital image is made up of 24 bits of information - a string of zeros and ones that translate into the pixel's colour. But with 24 bits, a computer can generate over 16 million colours, far more than the eye can distinguish. To embed the hidden message, then, the steganography software "steals" bits from each pixel and replaces them with the binary code for the secret digital file. By stealing only the least significant bits within any pixel, the very slight alteration in hue can't be detected by the human eye. So how much information can you hide in a snapshot?

"Just think of a common digital camera," says Sala. "You have 3600 x 2400 pixels in each image, and each pixel is coded by 24 bits. I can easily steal six bits from each pixel and not noticeably alter the colours. That means I can commandeer over 50 megabits for my hidden message in only a single image. I can put the whole text of the Bible in 50 megabits."

To extract the hidden image or message, the recipient then uses the software to strip away the code for the carrier file, leaving only the code for the secret message. These bits are then reassembled into an array that can be displayed as a JPEG, GIF or other file. While this simple substitution of the hidden-message code for least-significant-bits (lsb) is relatively easy to detect, says Sala, the new, more sophisticated steganography tools now allow users to encrypt their code before embedding it in the carrier file, as well as spread it out across multiple files. Each picture in the "family album" could thus contain an encrypted section of code from the hidden message or image, and this, says Sala, makes the altered files extremely difficult to detect.

Sala's research focuses on the use of neural networks to detect hidden files. Neural networks, he explains, are computer networks made up of simple "artificial neurons" that process information. Working together, these "artificial neurons" function much like a human brain, learning from past experience and coming up with novel ways to solve a problem. According to Sala, the advantage of using a neural network to search for altered files is two-fold. First neural networks can process vast amounts of information.

"You can throw tens of thousands of images per second at these neural networks and they just spit out an answer: clean or suspect."

Second, they learn, so as steganographers come up with increasingly convoluted ways to hide information, the neural network will evolve and adapt. But to carry out a complex task like detecting hidden files, the neural network, says Sala, must be trained, and this involves presenting the network with as many varieties of clean and altered files as possible.


"It's like training a child. You start with the easy stuff and progress to the hard stuff, giving feedback along the way."

Sala is currently building a database of clean and dirty files, trying to develop the most nefarious ways imaginable to embed hidden messages. These files will then be used to train a neural network to detect anomalies in a file's structure that would indicate a hidden message. If he succeeds - if he is able to train a neural network to flag suspect files - he'll have, he says, the electronic equivalent of a sniffer dog. With this powerful tool, able to scan large numbers of files in a short period of time, resources can be focussed on cracking open only the suspect files.

"To do this kind of work," says Sala, "we need something fast, that can evolve and learn, but we also need something that is in-house, not in the public domain. Once a new kind of steganalysis software is on the market, the people who are using this kind of technology for illicit purposes have already figured out a way to get around it. With neural networks, that's almost impossible."

For more information contact Ken Sala, Research Scientist, Integrated Electronics, at 613-998-2823 or info@crc.gc.ca.

Version FR

Citation :

La stéganographie est l'art ou la science de la dissimulation des communications. Elle fait partie des méthodes d'espionnage et des stratégies militaires depuis plus des millénaires. Dans les Histoires d'Hérodote, écrites en 440 avant Jésus-Christ, l'auteur raconte l'histoire d'Histiaeus qui a rasé la tête de son esclave le plus fidèle afin d'y tatouer un message avant de l'envoyer, une fois sa chevelure repoussée, à travers les lignes ennemies pour livrer ce message. Contrairement à la cryptographie, pour laquelle le message est évident, mais la signification demeure obscure, le but de la stéganographie consiste à cacher complètement le message pour que seuls l'expéditeur et le destinataire en connaissent l'existence, une méthode que Ken Sala du Centre de recherches sur les communications (CRC) appelle la « dissimulation en plein jour ». Et comme chaque chose du monde moderne, la stéganographie est passée à l'ère numérique.

« La plupart des gens l'ignorent, mais chaque fois qu'ils visitent un site Web, ils téléchargent les photographies de ce site dans leur ordinateur », explique Ken Sala.

Cette situation et la récente prolifération de logiciels stéganographiques peu coûteux et faciles à utiliser signifient que ces personnes possèdent peut-être déjà, à leur insu, des fichiers modifiés ou « sales » dans leur ordinateur. Une telle situation inquiète beaucoup d'entreprises et de ministères. La majorité des logiciels stéganographiques servent à des fins légitimes, mais on craint que ces puissants programmes soient utilisés pour dissimuler des activités illégales, comme le vol de secrets commerciaux ou l'échange de pornographie juvénile. Les entreprises privées et les ministères cherchent comment protéger leurs ordinateurs et leurs sites Web contre les fichiers corrompus.

« Quand on apprend que le nombre d'images échangées quotidiennement sur Internet dépasse les 2,5 billions », souligne Ken Sala, « on saisit instantanément l'ampleur éventuelle du problème. »

La plupart des logiciels stéganographiques sont utilisés de façon légitime pour protéger des fichiers d'ordinateur. À l'ère de l'ordinateur portatif, chaque disque dur peut contenir des fichiers commerciaux secrets, des mots de passe bancaires ou des renseignements personnels. De tels logiciels peuvent servir à cacher l'information sensible et, ainsi, à la protéger en cas de perte ou de vol d'un ordinateur portatif. De nombreuses entreprises souhaitent également protéger leurs ordinateurs de bureau en milieu de travail, et surtout ceux utilisés par des personnes travaillant sur des projets classifiés.

Ken Sala s'intéresse à un autre aspect de la stéganographie, soit la science de la stéganalyse. Le but de la stéganographie consiste à dissimuler le message, mais les recherches de Ken Sala portent plutôt sur les façons de détecter les fichiers modifiés. La stéganographie numérique nécessite un ou plusieurs fichiers de transport (souvent des fichiers images) et l'image ou le message que l'expéditeur souhaite caché. Ce qu'il faut comprendre, explique Ken Sala, c'est que les logiciels stéganographiques intègrent l'image cachée dans le code binaire du fichier de transport. Il n'y a aucune « image dans l'image ». Même si vous observiez sans arrêt, vous ne verriez jamais le fin contour de l'image cachée. En fait, explique Ken Sala, la stéganographie numérique utilise le code binaire pour exploiter une faiblesse de l'œil humain.

Chaque pixel d'une image numérique est composé de 24 bits d'information, c'est-à-dire d'une série de « 0 » et de « 1 » qui détermine la couleur du pixel. Avec ces 24 bits, un ordinateur peut générer plus de 16 millions de couleurs, soit bien plus que l'œil peut en distinguer. Ainsi, pour dissimuler un message, les logiciels stéganographiques « volent » des bits à chaque pixel et les remplacent par le code binaire du fichier numérique secret. En volant seulement les bits les moins importants de chaque pixel, l'œil humain ne peut pas détecter la très légère altération des teintes. Ainsi donc, quelle quantité d'information peut-on cacher dans un cliché?

« Songeons seulement à une caméra numérique ordinaire », explique Ken Sala. « Chaque image contient 3 600 pixels sur 2 400 pixels, et chaque pixel compte 24 bits. Je peux facilement voler six bits à chaque pixel sans altérer de façon visible les couleurs. Cela signifie donc que je peux cacher un message de plus de 50 mégabits dans chaque image. Le texte complet de la Bible compte moins de 50 mégabits. »

Pour extraire l'image ou le message caché, le destinataire doit utiliser un logiciel pour dépouiller le code du fichier de transport et obtenir ainsi le code du message secret. Il réassemble ensuite les bits pour former un fichier JPG, GIF ou autre. La simple substitution du code du message caché aux bits les moins significatifs est relativement facile à détecter, précise Ken Sala, mais les nouveaux outils stéganographiques de pointe permettent aux utilisateurs de chiffrer leur code avant de l'intégrer dans le fichier de transport ou de le répartir dans plusieurs fichiers. Chaque image de l'« album de famille » peut donc contenir une partie chiffrée du code de l'image ou du message caché. Voilà ce qui rend extrêmement difficile la détection de ces fichiers modifiés, s'exclame Ken Sala.

Les recherches de Ken Sala se concentrent sur l'utilisation des réseaux neuronaux pour détecter les fichiers cachés. Les réseaux neuronaux, explique-t-il, sont des réseaux d'ordinateurs composés de simples « neurones artificiels » qui traitent de l'information. Ensemble, ces « neurones artificiels » fonctionnent beaucoup comme le cerveau humain, c'est-à-dire qu'ils tirent des leçons de leurs expériences passées et qu'ils trouvent de nouvelles façons de résoudre des problèmes. Selon Ken Sala, l'utilisation d'un réseau neuronal pour la recherche de fichiers modifiés comporte un double avantage. Premièrement, les réseaux neuronaux peuvent traiter de grandes quantités d'information.

« Vous pouvez présenter des dizaines de milliers d'images par seconde à ces réseaux neuronaux pour obtenir une réponse instantanée : correct ou suspect. »

Deuxièmement, ils sont capables d'apprendre à mesure que les stéganographes complexifient leurs convolutions pour dissimuler de l'information et, conséquemment, d'évoluer et de s'y adapter. Mais avant d'effectuer une tâche complexe comme la détection de fichiers cachés, indique Ken Sala, il faut entraîner chaque réseau neuronal en lui présentant le plus grand nombre possible de variétés de fichiers propres ou modifiés.

« Cet apprentissage ressemble à celui d'un enfant. On commence par des choses simples, puis on passe à des éléments plus difficiles tout en formulant continuellement des commentaires. »

Ken Sala construit actuellement une base de données de fichiers propres et sales et il essaie de trouver les façons les plus abjectes d'intégrer des messages cachés. Ces fichiers serviront ensuite à entraîner chaque réseau neuronal à détecter les anomalies structurelles d'un fichier dissimulant un message caché. S'il réussit, s'il devient capable d'entraîner un réseau neuronal à signaler des fichiers suspects, alors il obtiendra l'équivalent d'un chien-pisteur. Grâce à un outil aussi puissant et à sa grande capacité de traitement de fichiers en peu de temps, on pourra consacrer les ressources au craquage de fichiers suspects seulement.

« Pour accomplir une tâche semblable », affirme Ken Sala, « nous avons besoin d'un dispositif rapide, capable d'évoluer et d'apprendre, mais nous avons aussi besoin d'un outil conçu en interne, qui n'appartient pas au domaine public. Chaque fois qu'un nouveau type de logiciel stéganographique est mis sur le marché, les personnes qui utilisent cette technologie à des fins illicites savent déjà comment le contourner. Les réseaux neuronaux rendront un tel contournement presque impossible. »

Pour de plus amples renseignements, veuillez communiquer avec Ken Sala, cherchheur scientifique, Électroniques intégrées, à info@crc.gc.ca ou au 613-998-2823.

Citation :

How Canada’s telecoms quietly backed Internet surveillance bill

Canada’s proposed Internet surveillance was back in the news recently after speculation grew that government intends to keep the bill in legislative limbo until it dies on the order paper. Public Safety Minister Vic Toews denied the reports, maintaining that Bill C-30 will still be sent to committee for further study.

Since its introduction in mid-February, the privacy and law enforcement communities have continued to express their views on the bill, but Canada’s telecom service providers, which include the major telecom carriers and Internet service providers, have remained strangely silent. The silence is surprising given the enormous implications of the bill for the privacy of their customers and the possibility of millions of dollars in new surveillance equipment costs, active co-operation with law enforcement, and employee background checks.

While some attribute the Internet surveillance silence to an attempt to avoid picking sides in the high stakes privacy and security battle, documents obtained under the Access to Information Act and reported here for the first time offer a different, more troubling explanation. In the months leading up to the introduction Bill C-30, Canada’s telecom companies worked actively with government officials to identify key issues and to develop a secret industry-government collaborative forum on lawful access.

The working group includes virtually all the major telecom and cable companies, whose representatives have signed nondisclosure agreements and been granted secret-level security clearance. The group is led by Bell Canada on the industry side and Public Safety for the government.

The inaugural meeting, held just three weeks before Bill C-30 was introduced, included invitations to 11 companies (Bell Canada, Cogeco, Eagle, MTS Allstream, Quebecor, Research In Motion, Rogers, Sasktel, Telus, Vidéotron, and Wind Mobile) along with two industry associations (the Canadian Wireless Telecommunications Association and the Canadian Network Operators Consortium).

The secret working group is designed to create an open channel for discussion between telecom providers and government. As the uproar over Bill C-30 was generating front-page news across the country, Bell reached out to government to indicate that “it was working its way through C-30 with great interest” and expressed desire for a meeting to discuss disclosure of subscriber information. A few weeks later, it sent another request seeking details on equipment obligations to assist in its costing exercises.

Months before the January 2012 meeting, officials worked with the telecom companies to identify many concerns and provide guidance on the government’s intent on Internet surveillance regulations, information that has never been publicly released.

For example, a December 2011 draft list of lawful access issues features questions about surveillance of social networks, cloud computing facilities, and Wi-Fi networks. The telecom companies raise many questions about compensation, such as “a formula for adequate compensation” for the disclosure of subscriber information as well as payment for testing surveillance capabilities and providing surveillance assistance.

At a September 2011 meeting that included Bell Canada, Cogeco, RIM, Telus, Rogers, Microsoft, and the Information Technology Association of Canada, government officials provided a lawful access regulations policy document that offered guidance on plans for extensive regulations that will ultimately accompany the Internet surveillance legislation.

The 17-page document indicates that providers will be required to disclose certain subscriber information without a warrant within 48 hours and within 30 minutes in exceptional circumstances. Interceptions of communications may also need to be established within 30 minutes of a request, with capabilities that include simultaneous interceptions for five law enforcement agencies.

The close co-operation between the government and telecom providers has created a two-tier approach to Internet surveillance policy, granting privileged access and information for telecom providers. Meanwhile, privacy and civil society groups, opposition MPs and millions of interested Canadians are kept in the dark about the full extent of the government’s plans. The public has already indicated its opposition to the bill. The secrecy and backroom industry talks associated with Bill C-30 provides yet another reason to hit the reset button.

Michael Geist holds the Canada research chair in Internet and e-commerce law at the University of Ottawa. He can be reached online at www.michaelgeist.ca.

Toronto Star

Ara berra3


Source: NSA

Citation :

National Centers of Academic Excellence - Cyber Operations


The National Security Agency (NSA) is pleased to announce the establishment of a new National Centers of Academic Excellence (CAE) in Cyber Operations Program. The program is in support of the President's National Initiative for Cybersecurity Education (NICE): Building a Digital Nation and furthers the goal to broaden the pool of skilled workers capable of supporting a cyber-secure nation.

The CAE-Cyber Operations program is intended to be a deeply technical, inter-disciplinary, higher education program firmly grounded in the computer science (CS), computer engineering (CE), and/or electrical engineering (EE) disciplines, with extensive opportunities for hands-on applications via labs/exercises.

The CAE-Cyber Operations program complements the existing Centers for Academic Excellence (CAE) in Information Assurance Education (CAE-IAE) and Research (CAE-R) programs, providing a particular emphasis on technologies and techniques related to specialized cyber operations (e.g., collection, exploitation, and response), to enhance the national security posture of our Nation. These technologies and techniques are critical to intelligence, military and law enforcement organizations authorized to perform these specialized operations.

For information on the Centers of Academic Excellence in Information Assurance Education and Research, please visit the Information Assurance section of our web site.

http://www.nsa.gov/public_info/press_room/2012/new_college_cyber_ops_program.shtml

Citation :

...
After a rigorous application and screening process, NSA selected this month the first four schools to receive the CAE-Cyber Operations designation for the 2012-2013 academic year: Dakota State University, South Dakota; the Naval Postgraduate School, California; Northeastern University, Massachusetts; and the University of Tulsa in Oklahoma. The program will complement 145 existing centers of academic excellence (CAEs) in research and information assurance education, jointly overseen by the agency and the Department of Homeland Security.
...

La robitisation et "dronification" de l'armee, invesstissemt logique contre la guerilla necessitera d'etendre ces capacitee et de les proteger. Il s'agira aussi de maintenir le transfert de competences public/militaire/privee pour preparer les nouveaux geants US du futur.

Citation :

IT security training event in Morocco by SANS

SANS Europeis pleased to present its first ever event in Morocco this August following rising demand for IT security training from across North Africa. SANS Morocco 2012 will run consecutively from August 27th to September 1st at the Le Royal Mansour Meridien in Casablanca.

“Over the last few months, we have received a huge number of requests from the SANS community in North Africa to hold an event within the region,” explains Gareth Dance, GSEC Conference Director, EMEA SANS Institute, “In response, we have decided to run two of our most popular courses and we invite students interested in the event to apply early as places are limited and filling up quickly.”

The Security 401: SANS Security Essentials Bootcamp Style offers the opportunity to learn the language and underlying theory of computer security. The course also offers essential, up-to-the-minute knowledge and skills required for people responsible for securing systems and organizations. The six-day course will be taught by Jim Herbeck, SANS Certified Instructor and co-founder of the Business Information Security Competency Center at the Geneva School of Business Administration. Security 401 is also is endorsed by the Committee on National Security Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in Information Systems Security (INFOSEC).

SANS Certified Instructor Steve Armstrong will be teaching the SANS Security 504: Hacker Techniques, Exploits & Incident Handling. The six-day course is aimed at helping information security professionals understand attackers' tactics and strategies with hands-on experience in finding vulnerabilities and discovering intrusions. The course is designed to equip IT professionals with a comprehensive incident handling plan and the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

SecurityPark

http://www.sans.org/morocco-2012/location.php

Citation :

The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.

http://www.sans.org/about/sans.php

hohoho

Citation :

Newly Discovered "Flame" Cyber Weapon On Par With Stuxnet, Duqu

"Flame" a Highly Sophisticated and Discreet Cyber Weapon Has Been Discovered Targeting the Middle East

A new cyber threat some say rivals Stuxnet and Duqu in complexity has been discovered on systems in the Middle East.

Known as Flame or Flamer, the threat is an attack toolkit that appears to be targeting systems in several countries, principally Iran and Israel (West Bank). Earlier today, Iran’s National Computer Emergency Response Team issued an alert stating the malware was tied to multiple incidents of “mass data loss” in the country’s computer networks.

The first confirmed appearance of the malware has been traced to 2010, though Symantec also said it has unconfirmed reports stretching back to 2007.

According to Kaspersky Lab, Flame is a backdoor Trojan with worm-like features that allow it to propagate itself on local networks and removable media. When a system is infected, the malware begins a series of operations that range from taking screenshots to recording audio conversations and intercepting network traffic. The malware's operators can also upload additional modules to expand Flame's functionality.

"Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators," blogged Alexander Gostev, head of Kaspersky Lab's Global Research and Analysis team. "Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage."

When all of its modules are installed, the malware is 20 MB in size, making it about 20 times larger than Stuxnet. It also contains code written in Lua, a programming language uncommon in the cyber underworld.

"LUA is a scripting (programming) language, which can very easily be extended and interfaced with C code," Gostev explained. "Many parts of Flame have high order logic written in Lua - with effective attack subroutines and libraries compiled from C++…usage of Lua in malware is uncommon. The same goes for the rather large size of this attack toolkit. Generally, modern malware is small and written in really compact programming languages, which make it easy to hide. The practice of concealment through large amounts of code is one of the specific new features in Flame."

The modular nature of the malware suggests its developers created it with the goal of maintaining the project over a long period of time – most likely along with a different set of individuals using the malware, according to Symantec's Security Response team.


"The architecture being employed by W32.Flamer allows the authors to change functionality and behavior within one component without having to rework or even know about the other modules being used by the malware controllers," Symantec noted. "Changes can be introduced as upgrades to functionality, fixes, or simply to evade security products."



"The complexity of the code within this threat is at par with that seen in Stuxnet and Duqu, arguably the two most complex pieces of malware we have analyzed to date," according to Symantec. "As with the previous two threats, this code was not likely to have been written by a single individual but by an organized, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry."

According to Gostev, there does not appear to be any overarching theme in regards to targets, indicating that Flame may have been designed for more general cyber-espionage purposes. He speculated that Flame was developed separately from Duqu and Stuxnet, and noted that Flame's developers did not use the Tilded platform used for Duqu and Stuxnet. However, he noted that Flame makes use of the same print spooler vulnerability exploited by Stuxnet. It also abuses AutoRun, just like Stuxnet.

"Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states," Gostev noted. "Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group…the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."

SecurityWeek



http://www.wired.com/threatlevel/2012/05/flame/


=========

Citation :

Researchers find backdoor in milspec silicon

A pair of security researchers claim to have found a back door in a commercial field-programmable gate array (FPGA) marketed as a secure tool for military applications.

The FPGA in question is the Actel ProASIC3, a device manufacturer MicroSEMI recommends for use in “portable, consumer, industrial, communications and medical applications with commercial and industrial temperature devices,” but also comes in models boasting “specialized screening for automotive and military systems.”

Sergei Skorobogatov, a researcher at the University of Cambridge, and Christopher Woods of London's Quo Vadis Labs have released a draft paper (PDF) describing a method whereby attackers can “disable all the security on the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device.”

The pair chose the ProASIC3 for their tests because, they say, it is a very widely used device, boasts of superior security and is known to have military users. Those qualities, the pair say, made it an ideal subject for a back door hunt.

The pair used the Actel's own analysis tools and the Joint Test Action Group (JTAG) interface to analyse the silicon. That analysis yielded undocumented features, thanks to discovery of what the draft paper calls “command field and data registers.”

The pair also applied differential power analysis (DPA), a method of analysing variations in electrical activity that hint at tasks being performed in silicon, and “ Pipeline Emission Analysis (PEA)” to probe the device “in an attempt to better understand the functionality of each unknown command.” Just how PEA does so is not clear: the draft paper says PEA was developed by the “sponsor” of the research, but that entity is not revealed. Even the footnote describing the technique has been redacted so it reads “ Removed to comply with anonymity requirement for submission”.

But the paper hints PEA is a more sensitive version of DPA, describing it as follows:

“The outstanding sensitivity of the PEA is owed to many factors. One of which is the bandwidth of the analysed signal, which for DPA, stands at 200 MHz while in PEA at only 20 kHz.”

PEA seems to have done the trick, yielding evidence of a passkey that allows control of many features in the FPGA.

“Further investigation,” the paper says, “revealed that this is a backdoor function with the key capable of unlocking many of the undocumented functions, including IP access and reprogramming of secure memory.”

The paper is clearly marked as a draft and Skorobogatov promises to detail the exploit fully at the 2012 Workshop on Cryptographic Hardware and Embedded Systems in Belgium.

One imagines the presentation will be rather well attended.

The Register

Ce virus a fait passer stuxnet et duqu pour des gosses...

GlaivedeSion a écrit:

Ce virus a fait passer stuxnet et duqu pour des gosses...

Avec cette taille et fonctionnalitees c'est plus un virus c'est un systeme d'exploitation (au sens litteral)

20MB stux n´etait que 1,5MB et pourtant..les printers iraniens vont devoir chomer

Yakuza a écrit:

20MB stux n´etait que 1MB et pourtant..les printers iraniens vont devoir chomer

Capacite de telecharger les contacts et le contenu des engins environnants en bluthooth, capacite de faire du screenshort, keylogging et remote desktop, capacite de mettre ajour et d'ajouter des modules independants et pluging, interpreteur de language de script Lua embarque, sys de base de donnes SQLite embarque, capacite d'enregister les conversations Voip sur la machine et utilisation du micro et wqebcam de l'ordinateur a portee, capture de traffic reseau, propagation ingenieuse (parmi d'autres) par le biais d'imprimantes partagees sur le reseau, selon certains sites le machin trainait depuis 6 ou 7 ans dans le coin meme si selon d'autres le malware a ete concu vers 2010...

no comment ou safi

Voici le liens vers le CERT Iranien (MAHER) sur la question:

Citation :

Following to investigations started since 2010, about Stuxnet and Duqu, Iran National CERT (MAHER) has done a technical survey during past several months. MAHER publishes information about the last found sample for the first time.
ID: IRCNE2012051505
Date: 2012-05-28

Having conducted multiple investigations during the last few months, the Maher center, the Iranian CERTCC, following the continuous research on the targeted attacks of Stuxnet and Duqu since 2010, announces the latest detection of this attack for the very first time.
The attack, codenamed "Flame" is launched by a new malware. The name “Flame” comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals. At the time of writing, none of the 43 tested antiviruses could detect any of the malicious components. Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May. And now a removal tool is ready to be delivered.
Some features of the malware are as follows:
· Distribution via removable medias
· Distribution through local networks
· Network sniffing, detecting network resources and collecting lists of vulnerable passwords
· Scanning the disk of infected system looking for specific extensions and contents
· Creating series of user’s screen captures when some specific processes or windows are active
· Using the infected system’s attached microphone to record the environment sounds
· Transferring saved data to control servers
· Using more than 10 domains as C&C servers
· Establishment of secure connection with C&C servers through SSH and HTTPS protocols
· Bypassing tens of known antiviruses, anti malware and other security software
· Capable of infecting Windows Xp, Vista and 7 operating systems
· Infecting large scale local networks
According to file naming conventions, propagation methods, complexity level, precise targeting and superb functionality, it seems that there is a close relation to the Stuxnet and Duqu targeted attacks.
The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat.
A list of the major infection components of this malware is presented below; these samples would be available for security software vendors.



Registry key existence
HKEY_LOCAL_MACHINE\CurrentControlSet\Control\Lsa\Authentication Packages -> mssecmgr.ocx
Malware binaries
windows\system32\mssecmgr.ocx
Windows\System32\ccalc32.sys
Windows\System32\msglu32.ocx
Windows\System32\boot32drv.sys
Windows\System32\nteps32.ocx
Windows\System32\advnetcfg.ocx
Windows\System32\soapr32.ocx

http://www.certcc.ir/index.php?name=news&file=article&sid=1894


http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east

http://www.securelist.com/en/blog?weblogid=208193522


Un coup de maitres

Ceci est le Futur, et c'est serieux

Spoiler:

c´est ce que je pensais vraiment tous les antivirus ne servent plus a rien quand c´est deja trop tard,ils vont nous ramener au stone age comme ca.
in fine les iraniens vont faire tourner leurs centrifuges a la main

Yakuza a écrit:

c´est ce que je pensais vraiment tous les antivirus ne servent plus a rien quand c´est deja trop tard,ils vont nous ramener au stone age comme ca.

aucune mesure de securite isolee n'est utile en fait: d'ou l'importance de "defense in depth", qui commence par "l'obscurite" (le minimum possible d'info et le max de desinfo sur le systeme, y compris a l'echelle de l'implementation du software par ex.) et se termine a l'echelle de la formation/sensibilisation de l'utilisateur final, car au final il y'aura un operateur...entre ces 2 le nombre de mesure de securite est illimite...ce qui pousse a la chose suivante: developper son propre software (modifier et localiser apres etude est aussi du developpement). Cette mesure, a part les retombee economiques possibles (centre d'excellence qualite militaire) et symbolique (tentative de souverainte dans un des domaines les moins controles dans le monde) fait preuve d'effet de suprise et de creativie, l'unicite et la specificite etant la seule chose qui rendra la vie "cyber"compliquee et obligera les parties adverses a "telecharger" des hommes en chair et en OS, ce qui ramene la question a la classique securite physique, classiques renseignemnt, bien compris (sauf exceptions) par les Etats...

la turquie a son Pardus
wikipedia

Citation :

Pardus is a Linux distribution developed with support from the Turkish government. Pardus’ main focus is office-related work, including the use in Turkish government agencies.[1] Despite that, Pardus ships in several languages. Its ease of use[2] and availability free of charge spawned numerous communities throughout the world.[3] The name is derived from the Latin scientific name for the Anatolian leopard.

l'iran a desormais son "Sharif Linux"

la Chine a son Redflag Linux:

wikipedia (chinois traduit)

Citation :

Red Flag Linux is a release by the Beijing Red Flag Software Co., Ltd. developed a series of Linux , including in desktop, workstation, server version of the data center, the HA Cluster Edition, and the red flag embedded Linux products. The software store in China can purchase the CD version, while the official website also offers a CD image for free download. Red Flag Linux in China's larger, more mature one of the Linux distributions.

Early 1980s, due to the need of large computer and other research projects, the Government of the People's Republic of China started to develop its own computer operating system COSIX but was not successful due to inadequate investment and lack of application software support and other reasons.

The late 1980s, the PC began to enter China. Chinese government departments, including the PC almost all of Microsoft 's Dos operating system installed . The 1992 Gulf War and the 1999 NATO invasion of the Federal Republic of Yugoslavia in Kosovo, a region, the successful use of information warfare to paralyze each other almost all communication systems . This makes the Chinese government a lot of people think, because Iraq and the various departments of the Federal Republic of Yugoslavia to use the computer operating system 100% Microsoft and other foreign companies, operating system, although there is no evidence that the U.S. computer software companies and communications companies in this war provide some back door or a computer virus to the U.S. military , but if there is its own independent computer operating system and the corresponding software in the information war will be less vulnerable to attack. Institute of Software, Chinese Academy of Sciences, was ordered to develop Linux - based independent operating system, and the Red Flag Linux version 1.0 was released in August 1999 . Primarily for the relationship between national security, government departments.

In June 2000, the Institute of Software, Chinese Academy of Sciences and Shanghai Alliance Investment Management Co., Ltd. jointly established Beijing Red Flag Software Co., Ltd. , Ministry of Information Industry in March 2001 by the China Electronic Information Industry Development (CCID), Beijing The CCID Venture Capital Limited to the equity injection, so that the total registered capital of $ 960,000. Red Flag Software, chairman appointed by the deputy director of the Institute of Software, Chinese Academy of Sciences , Red Flag Linux project leader Sun Yufang Professor. With its headquarters in River Road, Haidian District, Beijing, No. 68, Zijin Building, 6th floor. About 120 employees, of which 70% of developers and technical support personnel, allegedly core or the backbone of a considerable number of R & D personnel from the Linux community.

les systemes proprietaires, grand public, OEM et surout pirates sont un cadeau du ciel pour toute cette activite malware...

or il faut faire attention: les systemes open sources, commercieux ou gratuits (ou les 2 car la licence GNU le permet) peuvent aussi etre truffes de bestioles a pratiquement chaque etape! open source signfie en clair open source pour ceux qui peuvent naviguer parmi les 15 millions de lignes de codes et verifier 1 a 1 les routies sur leur validite et "proprete". I lexiste des outils pour cela mais derriere il faut des gens prets a decortiquer cette "pyramide" de code et recontruire tout from scratch...a la main...

Citation :

in fine les iraniens vont faire tourner leurs centrifuges a la main

telle est la beaute de la cyberguerre: tu utilises la technologies tu es piege, tu ne l'utilise pas tu es depasse. echec et mat?

Un interessant article sur le Newyork Times:

Citation :

Obama Order Sped Up Wave of Cyberattacks Against Iran


By DAVID E. SANGER
Published: June 1, 2012 131 Comments

WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.

Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.

These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.

Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.

Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.

The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.

It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.

A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.

If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

A Bush Initiative

The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.

Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so.

Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.

For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.

The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.

The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.

Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to “throw a little sand in the gears” and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.

Breakthrough, Aided by Israel

It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.

Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.

The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the Israelis from carrying out their own pre-emptive strike against the Iranian nuclear facilities. To do that, the Israelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.

Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of Iran’s P-1 centrifuges, an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.

When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.

Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.

“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data.

“Somebody crossed the Rubicon,” he said.

Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.

The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.

The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. “This may have been the most brilliant part of the code,” one American official said.

Later, word circulated through the International Atomic Energy Agency, the Vienna-based nuclear watchdog, that the Iranians had grown so distrustful of their own instruments that they had assigned people to sit in the plant and radio back what they saw.

“The intent was that the failures should make them feel they were stupid, which is what happened,” the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole “stands” that linked 164 machines, looking for signs of sabotage in all of them. “They overreacted,” one official said. “We soon discovered they fired people.”

Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.

But by the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice.

The Stuxnet Surprise

Mr. Obama came to office with an interest in cyberissues, but he had discussed them during the campaign mostly in terms of threats to personal privacy and the risks to infrastructure like the electrical grid and the air traffic control system. He commissioned a major study on how to improve America’s defenses and announced it with great fanfare in the East Room.

What he did not say then was that he was also learning the arts of cyberwar. The architects of Olympic Games would meet him in the Situation Room, often with what they called the “horse blanket,” a giant foldout schematic diagram of Iran’s nuclear production facilities. Mr. Obama authorized the attacks to continue, and every few weeks — certainly after a major attack — he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.

“From his first days in office, he was deep into every step in slowing the Iranian program — the diplomacy, the sanctions, every major decision,” a senior administration official said. “And it’s safe to say that whatever other activity might have been under way was no exception to that rule.”

But the good luck did not last. In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”

In fact, both the Israelis and the Americans had been aiming for a particular part of the centrifuge plant, a critical area whose loss, they had concluded, would set the Iranians back considerably. It is unclear who introduced the programming error.

The question facing Mr. Obama was whether the rest of Olympic Games was in jeopardy, now that a variant of the bug was replicating itself “in the wild,” where computer security experts can dissect it and figure out its purpose.

“I don’t think we have enough information,” Mr. Obama told the group that day, according to the officials. But in the meantime, he ordered that the cyberattacks continue. They were his best hope of disrupting the Iranian nuclear program unless economic sanctions began to bite harder and reduced Iran’s oil revenues.

Within a week, another version of the bug brought down just under 1,000 centrifuges. Olympic Games was still on.

A Weapon’s Uncertain Future

American cyberattacks are not limited to Iran, but the focus of attention, as one administration official put it, “has been overwhelmingly on one country.” There is no reason to believe that will remain the case for long. Some officials question why the same techniques have not been used more aggressively against North Korea. Others see chances to disrupt Chinese military plans, forces in Syria on the way to suppress the uprising there, and Qaeda operations around the world. “We’ve considered a lot more attacks than we have gone ahead with,” one former intelligence official said.

Mr. Obama has repeatedly told his aides that there are risks to using — and particularly to overusing — the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.


This article is adapted from “Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power,” to be published by Crown on Tuesday.

tres bon article tshaashh voila donc ce qui confirme donc la main israelo-americaine ladedans,le monde devient de plus en plus dangereux avec cette limite depassée y´a tjs une faute/fuite qui se passe quelquepart
et ils se rendent de moins en moins fiables devant les autres pays

Yakuza a écrit:

tres bon article tshaashh voila donc ce qui confirme donc la main israelo-americaine ladedans,le monde devient de plus en plus dangereux avec cette limite depassée y´a tjs une faute/fuite qui se passe quelquepart
et ils se rendent de moins en moins fiables devant les autres pays

My pleasure Yakuza

A la relecture de l'article, un truc: cet article et ce livre publie maintenant ne seraient-ils pas aussi, peut etre, pour pousser les US contre l'IRI encore plus vers la voie militaire? les sources de l'auteur ont demande a rester anynyme, ce qui signfie que l'on doit croire l'auteur sur "parole". meme si la logique suggere que l'auteur est "honnete", il n'est pas certain que lui meme connaisse ou divulgue toute "l'histoire".

Le message egalement que l'on peut tirer de l'article est qu'il s'agisse d'un ultimatum: "on tout esseaye contre le programme clandestin de l'IRI, meme cela n'a pas marche, il ne reste donc qu'une option..."

Il reste egalement une inconnue: Flame est plus "reconaissance" que stuxnet et apparement plus ancien, moins sophistique dans sa charge utile meme si son mecanisme est plus etendu (peut etre update)...sauf que Flame n'a pas deborde puisque les pays touche (y inclut les territoires palestiniens, reportes par certains articles comme israel) tombent tous dans la meme categorie...ce qui laisse penser qu'il y'a plus derriere toute cette histoire surtout a pointer des doigt une action solitaire de l'unite 8200, la NSA israelienne

Citation :

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

A ce propos, date du 30 sept 2011

Citation :

ISRAELVALLEY PLUS By Yuval Dror , Ha’artez

In recent years, the number 8200 has come to signify the prospect of opening doors for Israeli and foreign investors. This military unit is the most important one for the Israeli economy, for it is this unit that produced Shlomo Dovrat, who sold Oshap Technologies to Sunguard for $210 million; Ehud Weinstein, who sold his shares in Libit Signal Processing for $40 million; the Zisapel brothers, who sold and floated more than ten companies for hundreds of millions of dollars; and Didi Arazi, who set up Nice Systems.

Cautious estimates indicate that in the past few years, unit 8200 veterans have set up some 30 to 40 high-tech companies, including 5 to 10 that were floated on Wall Street. This correlation between serving in the intelligence unit 8200 and starting successful high-tech companies is not coincidental:

Many of the technologies in use around the world and developed in Israel were originally military technologies and were developed and improved by unit veterans.

The unit’s commander, Brigadier General B., attended a ceremony Monday where prizes were awarded to the winners of the CodeGuru competition, involving some 2,000 high school students from all over the country. The computer challenge contest was rumored to have been sponsored by the 8200 unit, together with the high-tech company, Aladdin.

Although 8200 never confirmed that it was a sponsor, its human resources department set up a booth at the competition. 8200 representatives were more than happy to help the students in attendance fill out forms about their “suitability for development jobs in the computer field.”

Brigadier General B., from his seat in the last row, applauded the winner and left at the end of the ceremony.

The reason why the commander of one of the army’s busiest units took the time to attend a civilian ceremony is not top secret: The IDF is losing in its struggle with high-tech and start-up companies, as more talented people prefer to earn a fat salary and options than to serve in the unit. Public relations opportunities like the CodeGuru competition help the unit to keep competitive with the high-tech companies’head-hunting.

B., 44, started his military career in a pilot training course. “After a few months, they said goodbye to me and I switched to the Sayeret Matkal (elite reconnaissance unit),” he says.

After serving in the Sayeret, he was discharged and only after six years as a civilian – following the request of the current deputy chief of staff, Moshe Ya’alon, who was then the commanderrnof the Sayeret Matkal – did B. re-enlist as the deputy commander of the unit.

“He promised that it would only be for one year. That year has gone on until now,” says B.

In 1988, B. was offered the option of switching to intelligence and since then, he has worked his way up in the 8200 unit. Three years ago, he took command of the intelligence corps’ elite unit, which is referred to in foreign reports as “the central [intelligence] gathering unit.”

According to B., “our areas of operation are very interesting and complex and create a real challenge for those who serve here. No civilian company can offer such a wide variety of challenges as our unit offers.”

B. therefore refuses to accept the claim made last August by the head of the personnel directorate, Major General Yehuda Segev that “we are in the middle of a war. The civilian economy has
gone all out.”

B. sees the current fight to attract the top talent as a competition, not a battle. “We are managing to keep in the unit those whom we favor and surveys we conducted among our soldiers found that salary isn’t everything.” B. believes that challenge, personal fulfillment, interest, promotion track, work environment and service conditions are no less important than the high salaries offered by high-tech companies.

“It should be said to the chief of staff’s credit, that he understands that at least as far as work environment and service conditions are concerned, there has to be progress,” he says. “The army, as a rule, understands that it has to invest special resources in technological manpower, that theyrnneed to get conditions, service plans, benefits.”

B. stresses that he does not feel that the members of his unit are rushing to join high-tech companies: “There is a natural flow from the army to civilian jobs, and even I wouldn’t wantrneveryone to remain in the unit. You have to remember that every year I get a new work force, that is young and better than their predecessors, and that is because, among other reasons, huge resources have been invested in finding and training a suitable work force.”

Nevertheless, B. also has some complaints about the high-tech companies. “The IDF units are the biggest generators in the country of technology personnel. Whoever grabs unripe people today, will pay the price tomorrow,” he says, adding that the only way to overcome the problem is to establish a balance between civilian and military life. “We are looking into ways of cooperating, reaching an understanding and creating joint programs for us and high-tech companies.”

At this stage, he says that there are still no practical proposals for such joint programs, but that various ideas are being reviewed with the aim of benifiting all parties, including and especially the Israeli economy and national security.

When asked how it is possible to attract so many people to a unit where no one is permitted to say what it does, B. smiles and replies: “The reputation of the unit’s veterans in creating high-tech companies gives us great ratings. It makes young people want to serve here.”

B. adds that the unit tries to reach out to the public, not only for recruiting purposes: “We promote projects for studying Arabic in schools. While we hope to benefit from the results, the projects are for the net benefit of the community, such as the Yachdav (together) project, in which 250 soldiers and officers from the unit volunteer to tutor and mentor children having trouble with their studies.”

The CodeGuru competition is a similar public relations venture in the spirit of the unit – a computer challenge where students must achieve the goal at all costs.

“Unlike civilian companies, we have to stick to missions at all costs,” says B. “The prevailing atmosphere here lets us use work methods that are not acceptable everywhere in the IDF. We allow free thinking and creativity in order to allow the technology people to deal with their task.”

A senior commander in the unit with a master’s degree in computer science admitted that his subordinates are more talented than he: "I’ll never say to them, here’s the problem and solve it this way – because then I would be restricting them to the limits of my knowledge.

et

http://www.forbes.com/2007/02/07/israel-military-unit-ventures-biz-cx_gk_0208israel.html

http://articles.businessinsider.com/2012-04-04/news/31285790_1_nsa-spy-israeli-paper

Have fun

ces deep throat ont tjs leur raisons..

possible ta supposition pour une militarisationde la solution,mais peut etre aussi des "colombes" qui veulent un retour aux fondamentaux des democrates,vu qu´il continue des prog de Reps herités,et donc pourrai perdre des voix (ex-CIA qui parle du rubicon depassé)

en tout cas ca doit avoir une relation avec les elections,ca tombe pas mtn par hasard

si les iraniens auraient decouvert le pot a temps,et analysé(par exemple avec l´aide de R.Langner),ils auraient pu y arriver avec le 164 du code qui saute aux yeux

Yakuza a écrit:

ces deep throat ont tjs leur raisons..

possible ta supposition pour une militarisationde la solution,mais peut etre aussi des "colombes" qui veulent un retour aux fondamentaux des democrates,vu qu´il continue des prog de Reps herités,et donc pourrai perdre des voix (ex-CIA qui parle du rubicon depassé)

en tout cas ca doit avoir une relation avec les elections,ca tombe pas mtn par hasard

si les iraniens auraient decouvert le pot a temps,et analysé(par exemple avec l´aide de R.Langner),ils auraient pu y arriver avec le 164 du code qui saute aux yeux

+1

Here is my take:

les NYT c'est pas des colombes mais des faucons raisonnables

le retour au fondamentaux sur la politique interne sur fait sur du "folklore" (mariage gay et autres futilitees populistes). surl ep lan externe, les drones, la cyberguerre et le renforcement des renseignement vs. les militaires ( en reorientant en meme temps la politique energitique US en dehors des zones de conflit) s'aligne plus sur la vision democrate que republicaine, IMHO. n'oublions pas que la veritable 'mission accomplished" c'est Obama (meme s'il a herite le programme...) question image ils ont interets a rester eloignes de l'image de hippies...

J'ai plus l'impression que les experts du 8200 (qui peuvent recruter des tas de black hats russes competents ,au pire, pour pirater meme les cellphones) ont ou bien foire cette operation pour le pas laisser le choix aux US, ou bien cherchaient qq chose d'autre...

Avec cete article, les US ont sur les bras une accusation de cyberattaque, le cas meme ou ils avaint declare qu'uen telle attaque serait une declaration de guerre...au moment ou l'Iran re-re-negocie...

EDIT: quelle est la probabilite maintenant que R. Langner bosse part-time pour les memes orgs qui ont cree stuxnet et autre parties immergees de l'iceberg , pour que lui, ou d'autres offrent leur services a l'IRI