Tag Archives: Cyber Security

Congress Just Quietly Passed CISA: The Second Patriot Act

Update: CISA is now the law: OBAMA SIGNS SPENDING, TAX BILL THAT REPEALS OIL EXPORT BAN

US Senator Diane Feinstein, Chairman of the Senate Intelligence Committee.

Back in 2014, civil liberties and privacy advocates were up in arms when the government tried to quietly push through the Cyber security Information Sharing Act, or CISA, a law which would allow federal agencies – including the NSA – to share cyber security, and really any information with private corporations “notwithstanding any other provision of law.” The most vocal complaint involved CISA’s information-sharing channel, which was ostensibly created for responding quickly to hacks and breaches, and which provided a loophole in privacy laws that enabled intelligence and law enforcement surveillance without a warrant.

Ironically, in its earlier version, CISA had drawn the opposition of tech firms including Apple, Twitter, Reddit, as well as the Business Software Alliance, the Computer and Communications Industry Association and many others including countless politicians and, most amusingly, the White House itself.

In April, a coalition of 55 civil liberties groups and security experts signed onto an open letter opposing it. In July, the Department of Homeland Security itself warned that the bill could overwhelm the agency with data of “dubious value” at the same time as it “sweep[s] away privacy protections.” Most notably, the biggest aggregator of online private content, Facebook, vehemently opposed the legislation however a month ago it was “surprisingly” revealed that Zuckerberg had been quietly on the side of the NSA all along as we reported in “Facebook Caught Secretly Lobbying For Privacy-Destroying “Cyber-Security” Bill.” 

Even Snowden chimed in:

Following the blitz response, the push to pass CISA was tabled following a White House threat to veto similar legislation. Then, quietly, CISA reemerged after the same White House mysteriously flip-flopped, expressed its support for precisely the same bill in August.

And then the masks fell off, when it became obvious that not only are corporations eager to pass CISA despite their previous outcry, but that they have both the White House and Congress in their pocket.

As Wired reminds us, when the Senate passed the Cyber security Information Sharing Act by a vote of 74 to 21 in October, privacy advocates were again “aghast” that the key portions of the law were left intact which they said make it more amenable to surveillance than actual security, claiming that Congress has quietly stripped out “even more of its remaining privacy protections.”

“They took a bad bill, and they made it worse,” says Robyn Greene, policy counsel for the Open Technology Institute.

But while Congress was preparing a second assault on privacy, it needed a Trojan Horse with which to enact the proposed legislation into law without the public having the ability to reject it.

It found just that by attaching it to the Omnibus $1.1 trillion Spending Bill, which passed the House early this morning, passed the Senate moments ago and will be signed into law by the president in the coming hours. 

This is how it happened, again courtesy of Wired:

In a late-night session of Congress, House Speaker Paul Ryan announced a new version of the “omnibus” bill, a massive piece of legislation that deals with much of the federal government’s funding. It now includes a version of CISA as well. Lumping CISA in with the omnibus bill further reduces any chance for debate over its surveillance-friendly provisions, or a White House veto. And the latest version actually chips away even further at the remaining personal information protections that privacy advocates had fought for in the version of the bill that passed the Senate.

It gets: it appears that while CISA was on hiatus, US lawmakers – working under the direction of corporations andthe NSA – were seeking to weaponize the revised legislation, and as Wired says, the latest version of the bill appended to the omnibus legislation seems to exacerbate the problem of personal information protections.

It creates the ability for the president to set up “portals” for agencies like the FBI and the Office of the Director of National Intelligence, so that companies hand information directly to law enforcement and intelligence agencies instead of to the Department of Homeland Security. And it also changes when information shared for cyber security reasons can be used for law enforcement investigations. The earlier bill had only allowed that back channel use of the data for law enforcement in cases of “imminent threats,” while the new bill requires just a “specific threat,” potentially allowing the search of the data for any specific terms regardless of timeliness.

Some, like Senator Ron Wyden, spoke out out against the changes to the bill in a press statement, writing they’d worsened a bill he already opposed as a surveillance bill in the guise of cyber security protections.

Senator Richard Burr, who had introduced the earlier version of bill, didn’t immediately respond to a request for comment.

“Americans deserve policies that protect both their security and their liberty,” he wrote. “This bill fails on both counts.”

Why was the CISA included in the omnibus package, which just passed both the House and the Senate? Because any “nay” votes  – or an Obama – would also threaten the entire budget of the federal government. In other words, it was a question of either Americans keeping their privacy or halting the funding of the US government, in effect bankrupting the nation.

And best of all, the rushed bill means there will be no debate.

The bottom line as OTI’s Robyn Green said, “They’ve got this bill that’s kicked around for years and had been too controversial to pass, so they’ve seen an opportunity to push it through without debate. And they’re taking that opportunity.

The punchline: “They’re kind of pulling a Patriot Act.”

And when Obama signs the $1.1 trillion Spending Bill in a few hours, as he will, it will be official: the second Patriot Act will be the law, and with it what little online privacy US citizens may enjoy, will be gone.

Source: Zero Hedge

Average:

Federal Election Commission Refuses to Release Computer Security Flaws Study

The Federal Election Commission (FEC) is refusing to release an internal study of its vulnerable computer network, which Chinese hackers infiltrated two years ago.

The Center for Public Integrity, which revealed the hacking from October 2013, filed a Freedom of Information Act request to see a nearly $200,000 study performed by an outside company, SD Solutions, but the FEC rejected the request. That study reportedly discusses the security flaws in the FEC computer network and provides recommendations for fixing them.

FEC Chairwoman Ann Ravel told the center it would not publish the study because “the concern is that it contains information that details potential vulnerabilities.”

The agency is moving forward with fixing its computer problems. The center learned that commissioners moved last month to hire an outside firm to implement the study’s recommendations, but the agency has not yet decided whom to hire. The FEC has approved spending about $400,000 on the upgrades.

The Chinese cyber attack reportedly crippled the commission’s systems that inform the public about the billions of dollars raised and spent each election cycle by candidates, parties and political action committees.

Before the attack, other audits had raised concerns about the FEC’s computer system. “Without adopting and implementing National Institute of Science and Technology minimum security controls, the FEC’s computer network, data and information is at an increased risk of loss, theft, manipulation, [and] interruption of operations,” according to contractor Leon Snead & Co.’s 2012 report. The FEC’s response was that its “systems are secure.”

by Noel Brinkerhoff for AllGov

A Russian Plane Zaps U.S. Warship’s Missile Defense System


by
Gary North

An unarmed Russian bomber in April flew over a high-tech U.S. ship. A crew member pressed a button. Poof! No more missile defense system on the ship. No more radar. The ship became a defenseless floating coffin.

Then the plane flew over the blind ship a dozen times. Basically, it was “Nyah, nyah, nyah.”

This story got no play in American media.

On 10 April 2014, the USS Donald Cook entered the waters of the Black Sea and on 12 April a Russian Su-24 tactical bomber flew over the vessel triggering an incident that, according to several media reports, completely demoralized its crew, so much so that the Pentagon issued a protest.

The USS Donald Cook (DDG-75) is a 4th generation guided missile destroyer whose key weapons are Tomahawk cruise missiles with a range of up to 2,500 kilometers, and capable of carrying nuclear explosives. This ship carries 56 Tomahawk missiles in standard mode, and 96 missiles in attack mode.

The US destroyer is equipped with the most recent Aegis Combat System. It is an integrated naval weapons systems which can link together the missile defense systems of all vessels embedded within the same network, so as to ensure the detection, tracking and destruction of hundreds of targets at the same time. In addition, the USS Donald Cook is equipped with 4 large radars, whose power is comparable to that of several stations. For protection, it carries more than fifty anti-aircraft missiles of various types.

Meanwhile, the Russian Su-24 that buzzed the USS Donald Cook carried neither bombs nor missiles but only a basket mounted under the fuselage, which, according to the Russian newspaper Rossiyskaya Gazeta, contained a Russian electronic warfare device called Khibiny.

As the Russian jet approached the US vessel, the electronic device disabled all radars, control circuits, systems, information transmission, etc. on board the US destroyer. In other words, the all-powerful Aegis system, now hooked up — or about to be — with the defense systems installed on NATO’s most modern ships was shut down, as turning off the TV set with the remote control.

The Russian Su-24 then simulated a missile attack against the USS Donald Cook, which was left literally deaf and blind. As if carrying out a training exercise, the Russian aircraft — unarmed — repeated the same maneuver 12 times before flying away.

After that, the 4th generation destroyer immediately set sail towards a port in Romania.

Since that incident, which the Atlanticist media have carefully covered up despite the widespread reactions sparked among defense industry experts, no US ship has ever approached Russian territorial waters again.

According to some specialized media, 27 sailors from the USS Donald Cook requested to be relieved from active service.

Vladimir Balybine — director of the research center on electronic warfare and the evaluation of so-called “visibility reduction” techniques attached to the Russian Air Force Academy — made the following comment: “The more a radio-electronic system is complex, the easier it is to disable it through the use of electronic warfare.”

In short, “back to the drawing board!”

Problem: it takes about seven years for the Pentagon to design and deploy a new cyber security system. As for missile guidance systems, it takes even longer.

If you want to know how much bang for the taxpayer’s buck the Pentagon gets, begin here.

This is blind man’s bluff. The Pentagon is the blind man.

The Pentagon’s strategy is to play dumb. “Incident? What incident?”

Congressional hearings? Don’t hold your breath.

Now Russia’s defense minister says that Russian bombers will soon start patrolling the Gulf of Mexico.

George H. W. Bush and NATO promised in 1990 that NATO would not be expanded to Russia’s borders. Then NATO broke the promise. It was mission creep by a bloated bureaucracy, whose original mission was to defend Western Europe for a few hours against an invasion by the USSR until the USA launched nuclear missiles on the USSR. That mission officially ended in 1991, when the USSR committed suicide.

Russian bombers in the Gulf? We are now seeing tit-for-tat. It is mission creep from the other side.

All those Pentagon bucks! So little bang!