segunda-feira, 6 de junho de 2011
The underground world of computer hackers.
The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers.
Cyber policing units have had such success in forcing online criminals to co-operate with their investigations through the threat of long prison sentences that they have managed to create an army of informants deep inside the hacking community.
In some cases, popular illegal forums used by cyber criminals as marketplaces for stolen identities and credit card numbers have been run by hacker turncoats acting as FBI moles. In others, undercover FBI agents posing as "carders" – hackers specialising in ID theft – have themselves taken over the management of crime forums, using the intelligence gathered to put dozens of people behind bars.
So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the federal authorities to be their eyes and ears. "Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation," .
"It makes for very tense relationships," said John Young, who runs Cryptome, a website depository for secret documents along the lines of WikiLeaks. "There are dozens and dozens of hackers who have been shopped by people they thought they trusted."
The best-known example of the phenomenon is Adrian Lamo, a convicted hacker who turned informant on Bradley Manning, who is suspected of passing secret documents to WikiLeaks. Manning had entered into a prolonged instant messaging conversation with Lamo, whom he trusted and asked for advice. Lamo repaid that trust by promptly handing over the 23-year-old intelligence specialist to the military authorities. Manning has now been in custody for more than a year.
For acting as he did, Lamo has earned himself the sobriquet of Judas and the "world's most hated hacker", though he has insisted that he acted out of concern for those he believed could be harmed or even killed by the WikiLeaks publication of thousands of US diplomatic cables.
"Obviously it's been much worse for him but it's certainly been no picnic for me," Lamo has said. "He followed his conscience, and I followed mine."
The latest challenge for the FBI in terms of domestic US breaches are the anarchistic co-operatives of "hacktivists" that have launched several high-profile cyber-attacks in recent months designed to make a statement. In the most recent case a group calling itself Lulz Security launched an audacious raid on the FBI's own linked organisation InfraGard. The raid, which was a blatant two fingers up at the agency, was said to have been a response to news that the Pentagon was poised to declare foreign cyber-attacks an act of war.
Lulz Security shares qualities with the hacktivist group Anonymous that has launched attacks against companies including Visa and MasterCard as a protest against their decision to block donations to WikiLeaks. While Lulz Security is so recent a phenomenon that the FBI has yet to get a handle on it, Anonymous is already under pressure from the agency. There were raids on 40 addresses in the US and five in the UK in January, and a grand jury has been hearing evidence against the group in California at the start of a possible federal prosecution.
Kevin Poulsen, senior editor at Wired magazine, believes the collective is classically vulnerable to infiltration and disruption. "We have already begun to see Anonymous members attack each other and out each other's IP addresses. That's the first step towards being susceptible to the FBI."
Barrett Brown, who has acted as a spokesman for the otherwise secretive Anonymous, says it is fully aware of the FBI's interest. "The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable."
Day 1: Global Cooperation on Global Cyber Threats
Seats were tough to find at the first day of the Eastwest Institute’s Second Worldwide Cybersecurity Summit in London, where more than 450 government, industry and technical leaders from 43 countries gathered to craft new solutions for threats facing our digital world. Speakers called for cooperation between businesses, between governments, and across sectors.
“We need to be more open about discussing the threats and the issues around cybersecurity,” said Sir Michael Rake, Chairman, BT Group plc., in a keynote address. “I think that it’s an area that will require huge investment and government-business cooperation.”
While speakers on the business panels pointed to a few examples of collaboration including an industry-government working group set up under British Prime Minister David Cameron to tackle cyber crime, they portrayed cooperation and information-sharing between competitors as all too rare.
“Companies actually underestimate the threats and quite often they don’t know what the real threats are,” said Natalya Kaspersky of leading anti-virus software provider Kaspersky Lab. “Even when they do, they tend to hide these facts.”
Other participants also pointed out that, to protect their reputations, companies often underreport the damage inflicted by cyber attacks.
“As our dependency on cyberspace grows, so does our need to be able to share information and act as a more united force against the cyber threat,” said Martin Sutherland, Managing Director of BAE Systems Detica, who estimated that cyber crime costs the private sector in the U.K. alone 21 billion pounds a year.
Shawn Henry of the FBI cast a positive light on recent international efforts to fight cyber crime, saying that the FBI arrested over 200 cyber criminals in 2010. He explained, “Our ability to partner with many different countries allowed us to not only identify those actors but extradite them and bring them to justice.”
“No single country can deal with cross border issues such as hacking, viruses, or spam,” said Liu Xiaoming, China’s ambassador to the United Kingdom. “China stands for extensive international cooperation.”
The summit becomes interactive this afternoon, as participants gather in smaller breakthrough groups to discuss cooperative solutions for everything from securing the undersea cables that carry over 97% of internet traffic to ensuring emergency cooperation after disasters.
One breakthrough group will continue discussions between Chinese and U.S. experts on regulating spam – an ongoing bilateral process that has produced a major report, Fighting Spam to Build Trust.
In his opening remarks, EWI President John E. Mroz said that building trust is the key to cooperation – the kind of cooperation that produces concrete solutions.
“As we make progress in these relationships, we should face up to the fact that at both the national and international levels, there is a worrisome trust deficit between us—that is across professional disciplines—business, technology, law enforcement and policy,” said Mroz. “We have to address that.”
Day 2: EWI’S Cybersecurity Summit Advances Solutions for Digital Problems
On the second day of the EastWest Institute’s Second Worldwide Cybersecurity Summit in London, 450 private and public sector delegates advanced solutions to the complex problems facing our digital world.
Meeting in smaller “breakthrough groups,” participants hammered out next steps for everything from channeling emergency messages through congested networks, to securing global supply chains, to safeguarding the undersea cables that carry over 97% of Internet traffic.
“The technology is available – it’s not the impediment,” said the U.S. National Security Council’s former Acting Senior Director for Cyberspace Melissa Hathaway. “It's really that we need to move to collective action.”
What would that collective action look like? Several speakers called for business and technical experts to lead collaborative efforts with governments around the world.
EWI’s Chief Technology Officer Karl Rauscher applauded Huawei’s Chief Technology Officer Matt Bross’s personal commitment to champion the exploration of deploying international priority communications on all appropriate network systems.
“This would be one of the most dramatic examples of a proactive private sector initiative to save lives and property in future catastrophes,” said Rauscher.
Scott Charney, Microsoft’s Corporate Vice President for Trustworthy Computer, said to help counter global cyber threats, businesses need to ensure the transparency of IT product development and transport, adding, “We need a sensitive risk-based approach to help governments grapple with supply-chain concerns.”
Speakers on topics ranging from fighting cyber crime to protecting children online pointed out that cybersecurity challenges are borderless challenges.
Lt. General (Ret.) Harry D. Raduege, Jr., Chairman of the Deloitte Center for Cyber Innovation, shared a revelation he had during a trip to India.
“Isn’t our own homeland security dependent on India’s homeland security and their cybersecurity?” said Raduege. “These things are becoming interrelated as we gain more dependence on cyberspace.”
Panelists also discussed plans for EWI’s Third Cybersecurity Summit, to be held in Delhi in October 2012, and ongoing collaborations in between.
“I’d like to see us create a working group which talks about cybersecurity espionage and cyber conflict in a big way,” said Dr. Kamlesh Bajaj, Chief Executive Officer of the Data Security Council of India. “Cybersecurity is now intertwined with international security, and you can't divorce it from that.”