Orange Errywhere!

Orange and Japan are my islands. I enjoy writing about cyber security, privacy, technology with an Apple & Google slant, various geekery, and interesting things I find in my travels throughout Japan.


Is This The NSA’s Secret to Cracking Secure Communications Such as SSL?
NSA Planned Surreptitious Malware Implants in Android App Stores
Justice Department Report Directly Contradicts Attorney General’s Claims About the Patriot Act
Monsanto’s Worst Fear May Be Coming True
Japan’s LINE Messaging Service Preparing for IPO in Tokyo and New York
Are American Industrial and Infrastructure Systems Safe from Cyber Threats?
DHS to Finally Launch STIX, TAXII Service for Automated Cyber Information Sharing
Startup Cyber adAPT Using Predictive Threat Analysis to Thwart Cyber Attacks
Argentine Judges Dismiss Rape Of Six-Year-Old Because Child Is “Gay”
China Perceives Ethnic Bias in US Cyber Espionage Accusations

Is This The NSA’s Secret to Cracking Secure Communications Such as SSL?

The Daily Beast digs deep into the the basics behind Logjam-type vulnerabilities and asks an intriguing question: is this The NSA’s Secret to cracking secure communications such SSL?:

Yet slides in the Snowden documents revealed the NSA’s astonishing success in exploiting IPSec. The researchers outlined an approach which, although requiring the construction of a dedicated supercomputer, lies within the NSA’s grasp. Diffie-Hellman uses a prime number in its computation, and although there are an astonishing number of usable primes, most systems use a standard prime number.

The basic idea is to do a nearly astronomical amount of work precomputing partial answers needed to break any connection associated with a given prime number and then, because most systems use a common prime number, perform only a little more work to crack any given connection. So with a huge amount of initial work and money, but only a modest amount of work per connection, the NSA could break two-thirds of the IPSec connections on the planet—opening up an untold number of corporate VPNs.

The researchers have no direct evidence that the NSA did this, but I believe their suspicions are well founded. The NSA is not made up of magicians, and all its successes must have a prosaic explanation. If the NSA did indeed discover this technique unnoticed, its failure to disclose is yet more evidence that the NSA does not care about the security of non-classified systems; it would rather spend hundreds of millions of dollars developing a cracking system than simply notifying the world how to secure U.S. businesses before some other foreign intelligence service discovers the same thing.

NSA Planned Surreptitious Malware Implants in Android App Stores

Iain Thomson of The Register on the latest from the Snowden treasure trove. This time the report is about surreptitious malware implants by the NSA in Android app stores:

According to a presentation released from the Snowden archive to The Intercept the so-called “5 Eyes” nation’s intelligence agencies – from the US, UK, Canada, Australia, and New Zealand – spent 2011 and 2012 working out ways to subvert connections to popular app stores, such as those run by Google and Samsung, in a project dubbed IRRITANT HORN.

That the intelligence services are working on software that can subvert iOS, Android and other smartphone operating systems isn’t new. But the presentation details how operatives could intercept communications between app servers and customers to install code that could harvest personal information and even display disinformation on handsets.

The spur for this effort was the Arab Spring uprisings in the Middle East and Africa. The intelligence agencies reasoned that in such a situation then it needed to be able to put out software that could influence actions on the ground.

Just another day at Ft. Meade, MD.

Justice Department Report Directly Contradicts Attorney General’s Claims About the Patriot Act

Freedom of the Press writes about how a Justice Department report directly contradicts the Attorney General’s claims about the Patriot Act:

As ACLU’s Jameel Jaffer pointed out, one of the IG report’s main conclusions is that FBI “did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders.”

Meanwhile, today Attorney General Loretta Lynch weighed in on the debate in Congress, claiming the exact opposite. She was quoted by CBS News as saying that if Patriot Act Section 215 expires: “[W]e lose important tools. I think that we lose the ability to intercept these communications, which have proven very important in cases that we have built in the past.” (emphasis mine)

Color my unsurprised there is a contradiction in reporting between the Inspector General and the Attorney General. Politics drives what the AG states whereas facts back up what the IG states.

Personally, I find it hard to believe the Patriot Act has ever had any direct correlation to a major conviction of any form of terrorism. It seems the FBI is using the Patriot Act for standard criminal cases rather than terrorism prevention, as it was originally designed by Congress.

Monsanto’s Worst Fear May Be Coming True

This article about how Monsanto’s worst fear may be coming true is quite fascinating, both for their position on why Monsanto must be concerned but also because of the explanation of the science behind GMO’s:

The decision of the Chipotle restaurant chain to make its product lines GMO-free is not most people’s idea of a world-historic event. Especially since Chipotle, by US standards, is not a huge operation. A clear sign that the move is significant, however, is that Chipotle’s decision was met with a tidal-wave of establishment media abuse. Chipotle has been called irresponsible, anti-science, irrational, and much more by the Washington Post, Time Magazine, the Chicago Tribune, the LA Times, and many others. A business deciding to give consumers what they want was surely never so contentious.

The media’s heavy criticism of Chipotle has an explanation that is important to the future of GMOs. The cause of it is that there has long been an incipient crack in the solid public front that the food industry has presented on the GMO issue. The crack originates from the fact that while agribusiness sees GMOs as central to their business future, the brand-oriented and customer-sensitive ends of the food supply chain do not.

The brands who sell to the public, such as Nestle, Coca-Cola, Kraft, etc., are therefore much less committed to GMOs. They have gone along with their use, probably because they wish to maintain good relations with agribusiness, who are their allies and their suppliers. Possibly also they see a potential for novel products in a GMO future.

However, over the last five years, as the reputation of GMOs has come under increasing pressure in the US, the cost to food brands of ignoring the growing consumer demand for GMO-free products has increased. They might not say so in public, but the sellers of top brands have little incentive to take the flack for selling GMOs.

From this perspective, the significance of the Chipotle move becomes clear. If Chipotle can gain market share and prestige, or charge higher prices, from selling non-GMO products and give (especially young) consumers what they want, it puts traditional vendors of fast and processed food products in an invidious position. Kraft and McDonalds, and their traditional rivals can hardly be left on the sidelines selling outmoded products to a shrinking market. They will not last long.

I do not feel one bit of sympathy for Monsanto and their sue-happy business model.

Japan’s LINE Messaging Service Preparing for IPO in Tokyo and New York

Bloomberg News on how the company behind Japan’s LINE instant messaging service is prepping for an IPO in both Tokyo and New York:

The Tokyo-based company aims to sell shares around September to avoid competing for investors with state-owned Japan Post, the people said, asking not to be named as the information is private. The government has said it will raise as much as 2 trillion yen ($16.5 billion) from a Japan Post listing later in the year. Line has resumed work with Morgan Stanley and Nomura Holdings Inc. on plans for its offering, which could value it at more than 1 trillion yen, the people said.

Line, controlled by South Korean search portal Naver Corp., is customizing its software as it seeks to challenge Facebook Inc.’s WhatsApp service outside Asia. The company, which makes money by asking smartphone users to pay for teddy bear icons and games, has 205 million monthly active users, it said in a statement last month.

After doing the math, 1 trillion JPY is equivalent to approximately $8.2 billion USD at today’s exchange rate.

To put that into context, Facebook acquired WhatsApp for $19 billion in February 2014.

Are American Industrial and Infrastructure Systems Safe from Cyber Threats?

BetaNews conducted a Q&A session with Andrew Ginter, vice president of industrial security at Waterfall Security Solutions to find out if American industrial and infrastructure systems are safe from cyber threats:

BN: How worried should we be about attacks on industrial control systems (ICS) and national infrastructure?

AG: I’m very much worried. Modern attacks have demonstrated repeatedly that they can punch through corporate-style cyber defenses, more or less, at will, and it is corporate-style defenses that are deployed at the majority of critical industrial infrastructure sites. This is a mistake. IT can restore damaged systems from backup. There is no way to restore a damaged turbine or a boiler from backup. There are industrial sites that understand all this and have taken appropriate steps to defend themselves, but the vast majority of sites are not protected thoroughly enough.

BN: Should enterprise IT and ICS be kept completely separate? Why connect ICS to the Internet at all?

AG: There are too many ways to profit from ICS data to keep it locked up and inaccessible. For example, if business systems can determine how often and how long each piece of costly equipment has been used, we can delay maintenance until it is really needed rather than maintain the equipment every few months whether it needs it or not. This predictive maintenance application of ICS data alone, integrated with HR personnel scheduling, spare parts ordering and other business applications, is estimated to save the average industrial facility between three and seven percent of total operating costs. In some industries, this is the plant’s entire operating profit. There are many other uses for industrial data.

Long story short: US industrial control systems are vulnerable because of the rush to connect them to the internet. It is not as black and white as that though.

However, NERC CIP is a great starting point for protecting the power industry, and therefore other critical infrastructure sections should adopt a similar baseline cyber security framework to help ensure there is a minimum set of security controls in place. Implementing a NERC CIP-like set of guidelines will go a long way in limiting potential cyber attack exposure and risk to critical systems.

Having recently worked with the US electrical system in the United States, I have to say that what I personally witnessed was generally a highly professional cadre of cyber security experts who take their jobs protecting the power grid quite seriously. From the wonderful folks at FERC to NERC to DoE, to the many power companies our team worked with, this group is working really hard and quite diligently to ensure the American power system is safe. Other industrial and infrastructure area, however, remain to be seen.

DHS to Finally Launch STIX, TAXII Service for Automated Cyber Information Sharing

Jason Miller of Federal News Radio on DHS finally launching STIX and TAXII services for automated cyber information sharing:

CSIS says any cyber threat information sharing effort must build upon existing structures, limit personal information and take advantage of existing peer-to-peer relationships, while also recognizing there is a cost-benefit analysis for these processes and agreements. Nix said part of the reason STIX and TAXII are attractive is the fact both specifications don’t replace existing standards, but works within them.

As part of this effort to implement STIX and TAXII, U.S.-CERT will open access to servers running these specifications to promote cyber information sharing with its public and private sector partners.

“We want to set up an environment that is risk rated at the right level to facilitate the sharing of information, but still provides the appropriate levels of confidentiality, integrity and availability controls that would be required for an organization that actually depends on the information,” Nix said. “The idea behind the use of the cloud for the STIX/TAXII server is to enable the access to the information with the appropriate level of control so that organizations can submit information but also can retrieve information that is relevant to them. We want to protect the anonymity of information that is shared from the partners who are actually sharing the information, but also make sure that when we set up the actual information it’s getting back to the people that it needs to.”

Startup Cyber adAPT Using Predictive Threat Analysis to Thwart Cyber Attacks

Tim Greene of Network World on new startup Cyber adAPT using predictive threat analysis to thwart cyber attacks:

Cyber adAPT, a startup springing from DARPA funded research, is shipping its first products that detect network compromises and gather data that can be used later for forensic analysis of breaches.

The company’s appliance-based platform monitors network traffic looking for suspicious communications that might indicate a breach and correlates it with threat feeds to improve its accuracy.

The company just landed a $4.1 million Series A round from Alvin Fund, Granite Point Capital Partners, Griffin Fund II, and Fundamental Capital Management. It started work about 15 months ago and grew out of Irvine Sensors, which had done research funded by the Defense Advanced Research Projects Agency.

The goal is for the platform to perform predictive threat analysis in which it would determine where threats are moving, the goals of the attackers, where the attack is likely to pivot and what assets it is likely to pivot to, and what phase the attack is in.

Predictive threat analysis has long been thought of as the holy grail of cyber security since it would allow networks to dynamically modify policy to account for potential new threats. However, throughout the years it has been very difficult to nail down, often-times producing highly spotty results leading to no better security posture than without the technology.

Maybe this startup has a unique and novel method that has cracked the predictive analysis code?

Argentine Judges Dismiss Rape Of Six-Year-Old Because Child Is “Gay”

The Daily Beast reports on two Argentine judges dismissing rape of a six-year-old because the child may be “gay” thanks to repeated sexual abuse by his father:

Two judges in Argentina decided that a soccer coach who raped a 6-year-old boy shouldn’t be held entirely responsible because the child had already been traumatized by previous alleged abuse—and because he supposedly showed “homosexual tendencies.”

The ruling, which was sealed when it came down last year but was leaked to the press, has caused an uproar in Argentina. It has also revealed a pair of judges with a long record of reducing sentences for sexual and gender-based crimes, including justifying a pastor’s rape of two teenage girls because they belonged to a lower economic class.

The court papers show that judges Horacio Piombo and Benjamin Ramon Sal Llargues reduced the sentence of Mario Tolosa, a soccer club coach, who was charged in 2010 with raping the unnamed boy. The pair decided to lower Tolosa’s jail time from six years to 38 months, saying that because the boy’s father may have already raped him, he was used to such abuse and had showed homosexual traits.

In radio and television interviews defending his decision this week, Piombo saidthe boy had “signs of a transvestite conduct, of conduct we had to take into account,” and argued that he had already had “the initiation by his father into the worst of worlds, leading him to depravation.”

Unbelievable and fucking deplorable. There are not enough words to describe the anger I am feeling after having read this article.

Maybe these two judges need a dose of their own medicine and need to feel what it is like to be anally raped. Only then will they finally understand the utterly disgusting nature of such an attack on a helpless, identity-less six-year-old child.

The response in Argentina has been swift. One of the judges, Piombo, has already been fired from his post as a lecturer at the University of Mar del Plata. By Wednesday, there were 32,000 signatures on a petition to speed up the judges’ dismissal.

The decision lies with a senate committee, but Fracchia expects that political and international pressure will propel the case forward. Argentine politicians from both sides of the aisle have railed against the judges’ decision. “It’s repugnant to say that the presumed sexual orientation of an abused 6-year-old boy is a reason to reduce the sentence of the abuser,” said Interior Minister and presidential candidate Florencio Randazzo. The case, said President Cristina Fernandez de Kirchner’s cabinet chief, was “one of the biggest disgraces we’ve ever seen in this country.”

“This kid has suffered a lot,” Fracchia says. “And now the system has made him suffer again by saying, ‘You look kind of gay, so you’re used to being raped.’”

Thankfully cooler heads are prevailing in Argentina and there is something being done to right this extreme wrong.

China Perceives Ethnic Bias in US Cyber Espionage Accusations

Stuart Leavenworth of McClatchy DC on how China perceives a form of ethnic bias in the United States cyber espionage accusations and the recent arrest of six Chinese men for alleged theft of code from US tech companies:

China is hitting back against U.S. indictments of six of its citizens for economic espionage, with a state-run newspaper on Thursday accusing American authorities of engaging in ethnic persecution by targeting Chinese nationals.

“The U.S. has a history of indulging in persecution of certain groups of immigrants by using the Espionage Act,” wrote Global Times, an arm of the Communist Party’s People’s Daily, in an editorial.

“We hope Chinese-Americans won’t suffer from this because of China’s rise.”

The official Chinese government response was less bellicose, but still expressed “strong concern” over the prosecutions. “The Chinese government will ensure that the legitimate rights and interests of Chinese citizens in China-U.S. personnel exchanges will not be hurt,” Hong Lei, a Foreign Ministry spokesman, said at a regular press conference on Wednesday.

Interesting politics at play.

Copyright © 2015, Scott Jarkoff, & all respective content owners.