Fred Palma | Computer Scientist

By SIOBHAN GORMAN from WSJ

WASHINGTON — Russian hackers hijacked American identities and U.S. software tools and used them in an attack on Georgian government Web sites during the war between Russia and Georgia last year, according to new research to be released Monday by a nonprofit U.S. group.

In addition to refashioning common Microsoft Corp. software into a cyber-weapon, hackers collaborated on popular U.S.-based social-networking sites, including Twitter and Facebook Inc., to coordinate attacks on Georgian sites, the U.S. Cyber Consequences Unit found. While the cyberattacks on Georgia were examined shortly after the events last year, these U.S. connections weren’t previously known.

The research shows how cyber-warfare has outpaced military and international agreements, which don’t take into account the possibility of American resources and civilian technology being turned into weapons.

Identity theft, social networking, and modifying commercial software are all common means of attack, but combining them elevates the attack method to a new level, said Amit Yoran, a former cybersecurity chief at the Department of Homeland Security. “Each one of these things by itself is not all that new, but this combines them in ways we just haven’t seen before,” said Mr. Yoran, now CEO of computer-security company NetWitness Corp.

The five-day Russian-Georgian conflict in August 2008 left hundreds of people dead, crushed Georgia’s army, and left two parts of its territory on the border with Russia — Abkhazia and South Ossetia — under Russian occupation.

The cyberattacks in August 2008 significantly disrupted Georgia’s communications capabilities, disabling 20 Web sites for more than a week. Among the sites taken down last year were those of the Georgian president and defense minister, as well as the National Bank of Georgia and major news outlets.

Taking out communications systems at the onset of an attack is standard military practice, said John Bumgarner, chief technical officer at the USCCU and a former cyber-sleuth at the National Security Agency and the Central Intelligence Agency.

The USCCU assesses the economic and national-security implications of cybersecurity threats and briefs top U.S. officials, officials in key industries and international institutions.

“U.S. corporations and U.S. citizens need to understand that they can become pawns in a global cyberwar,” said Mr. Bumgarner, who wrote the report.

The White House completed a review of cybersecurity policy in April. Among the issues Obama administration officials are now studying is how laws of war and international obligations need to be reworked to account for cyberattacks.

Homeland Security department spokeswoman Amy Kudwa said she couldn’t comment on a report that she hadn’t seen and hadn’t been released yet.

Last year was the first time such cyberattacks were known to have coincided with a military campaign.

The Georgian attacks, according to the group’s findings, were perpetrated by Russian criminal groups and had no clear link to the Russian government. However, the timing of the attacks, just hours after the Russian military incursion began, suggests the Russian government may have at least indirectly coordinated with the cyberattackers, Mr. Bumgarner’s report concluded.

“Russian officials and the Russian military had nothing to do with the cyberattacks on the Georgian Web sites last year,” said Yevgeniy Khorishko, a spokesman at the Russian Embassy in Washington.

The USCCU plans to release a nine-page report on the attacks to the public on Monday.

Mr. Bumgarner traced the attacks back to 10 Web sites registered in Russia and Turkey. Nine of the sites were registered using identification and credit-card information stolen from Americans; one site was registered with information stolen from a person in France.

The 10 sites were used to coordinate the “botnet” attacks, which harnessed the power of thousands of computers around the world to disable the Georgian government sites as well as those of large Georgian banks and media outlets. The botnet attack commandeered thousands of other computers and instructed them to try to access the target Web sites all at once, overwhelming them.

The Russian and Turkish computer servers used in the attacks had been previously used by cybercriminal organizations, according to the USCCU.

Early reports last year pinned the attacks on the cyber equivalent of the Russian mafia, known as the “Russian Business Network.” Mr. Bumgarner said it wasn’t possible to connect the attacks directly to that group. Security experts disagree on whether the group still exists.

Some of the software used to carry out the attacks was a modified version of Microsoft code commonly used by network administrators to test their computer systems, Mr. Bumgarner found. The code remains freely available on Microsoft’s Web site, he said, declining to name it.

A Microsoft spokesman declined to comment on the finding because he hadn’t seen the report.

Once the botnet attacks had launched, Mr. Bumgarner said, other would-be attackers noticed them and started to collaborate on various Web forums, including Twitter and Facebook.

Mr. Bumgarner used data-mining tools to review Facebook pages (which some people don’t keep private) and Twitter for certain Russian words that indicated they were likely involved in the attack. He saw users on those sites and others swapping attack code and target lists, and encouraging others to join.

“It’s a difficult problem to handle,” said Facebook spokesman Barry Schnitt, because it is impossible to detect such collaboration without monitoring conversations. Facebook has mechanisms to verify user identities and users can report inappropriate activities on the site, he said, but it doesn’t monitor communications of its users.

Twitter didn’t respond to requests to comment.

—Jessica E. Vascellaro contributed to this article.

Write to Siobhan Gorman at siobhan.gorman@wsj.com

Tags: security by Fred
No Comments »

Use the following operators:

• subject:
  Search the Subject .
  Ex: subject:contact finds all messages with “contact” in the Subject.
• from:
  Search for sender name and email address. Partial addresses are okay.
  Ex: from:Obama finds all messages from “obama@usa.gov”, but also all messages from “barack.obama@defense.gov”.
• to:
  Search the To line for names and addresses.
  Ex: to:congresso@brasil.gov.br finds all messages sent to this email.
• cc:
  Search recipients in the Cc field.
  Ex: cc:suzuki@sayonara.jp finds all messages that were sent to suzuki@sayonara.jp as a carbon copy.
• bcc:
  Search for addresses and names in the Bcc field.
  Ex: bcc:albert finds all messages that you sent with, for example, “albert@einstein.de” in the Bcc field.
• label:
  Search for messages assigned a label. (Replace whitespace characters in label names with hyphens.)
  Ex: “label:public-software finds all messages labeled “public software”.
• is:starred
  Search for messages that are starred.
• is:unread
  Search for new and unread messages.
• is:read
  Search for messages that have already been opened.
• has:attachment
  Search for messages that have files attached to them.
• filename:
  Search within file names of attachments. You can also search for file name extensions to restrict your search to certain file types.
  Ex: filename:.opf finds all messages with open document format  file attached.
• lang:
  Search for messages in a particular language. (Specify the language in English; “Chinese”, Portuguese works, but “中文”, “Tupi-guarani” or “Mandarin” do not, for example.)
  Ex: lang:French returns all emails that contain at least un peu de Français.
• in:
  Search in a standard “folder”. You can search in Drafts, Inbox, Chats, Sent, Spam, Trash and All.
  Ex: in:drafts finds all messages in your Drafts folder.
• after:
  Search for messages sent after a date. The date must given in YYYY/MM/DD format.
  Ex: after:2009/09/09 finds all messages sent or received after (and not including) September 9, 2009.
• before:
  Search for messages sent before a date.
  Ex: before:2007/07/07 finds all messages sent or received on July 7, 2007 and earlier.

Operators and search terms can be combined with the following modifiers:

• By default, terms are combined with (an invisible) “AND”.
  Ex: important update finds all messages that contain both “important” and “update”.
• “”
  Search for a phrase. Case is disregarded.
  Ex: “social development” finds all messages containing the phrase “social development”; subject:”computer science” finds all messages that have “computer science” in the Subject field.
• OR
  Search for messages containing at least one of two terms or expressions.
  Ex: feijoada or churrasco finds messages that contain either “feijoada” or “churrasco” or both; (.. I’m hungry..)  from:lula or label:2do finds messages that either come from a sender that contains “email.guide” or appear under the label “2do”.
• -
  Search for messages that do not contain a term or expression.
  Ex: -pizza finds all messages that do not contain the word “pizza”; “diet -macaroni” finds all messages that contain the word “diet” but not “macaroni”; subject:”priority info” -from:boss finds all messages with “priority info” in the subject that were not sent from an email address or name containing “boss”.
• ()
  Group search terms or expressions.
  Ex: subject:(you see) finds messages that have both “you” and “see” somewhere in the Subject line (but not necessarily as a phrase); from:boss (subject:(urgent OR now) OR label:todo-list)” finds all messages from a sender who has “email.guide” in their name that either have “urgent” or “now” (or both) in the Subject line or appear under the label “todo-list”.

Tags: Google, search by Fred
No Comments »

By Tony Mobily from Free Software Magazine

This article was originally published on “2008-06-15 13:09:55 +0000”. I re-read it, and decided that it deserved to be re-published in Free Software Magazine as a tribute to those individual who made GNU/Linux possible. Every field has its own key individuals who donated much of their time to the ideas they believed in. Each one of them is a reminder that it’s up to individuals to make a difference — and to make history. Their work affects large chunks of the world’s population, and bring amazing changes to the way we see and experience the world. The free software world has its own heroes. You probably know a lot of them already; if you don’t, you probably use the results of their work on a daily basis. This article is both a tribute to them, and a summary to those people who are new to the free software world. Some of the key people

Richard Stallman.. With rms, I don’t even know where to start. He started the GNU project, which is a rather important part of the GNU/Linux operating system, in 1983 (that’s right: nineteen eighty-three!) and set up the Free Software Foundation in 1985. He wrote the original GNU C compiler—yes, the program used to transform programs from programming language to executable code. He spends most of his time being a political and software activist. If you want to see what dedication is, read his blog and see his beyond-hectic travelling schedule.

Pamela Jones. Talking about dedication, Pamela Jones is the author of Groklaw, arguably the web site that saved GNU/Linux and free software in general from SCO/Microsoft’s claws. Pamela Jones is a truly outstanding individual. She authored around 1000 articles over the last 3 years—and a lot of them are full-length pieces which resonated loudly in the IT industry as a whole.

Linus Torvards.. He wrote Linux, the kernel, without which the GNU utilities wound’t have anything to run on. Linus’ kernel was timely, and was released under the GPL (written by Richard Stallman) in 1991. Linux is a very important part of the GNU/Linux project.

Mark Shuttleworth. He’s the founder of Canonical, which created Ubuntu Linux. The short version of Shuttleworth’s story is simple: he made a small fortune selling Thawte (which made digital certificates) to VeriSign. He then went through the Russian astronaut training programme and went to space. He came back, and founded Canonical in order to create Ubuntu Linux, which is arguably the most popular and innovative GNU/Linux distribution aimed at end users.

Larry Page and Sergey Brin. They created Google. Regardless of the silly spelling mistake, you may have heard of it: you type a sentence in their web page, and you magically get a list of relevant pages as a result… you should check it out if you haven’t yet. Although Google is not a free software company, and a lot of their software is indeed proprietary, they still released vast amount of free software and (more importantly) contributed to the creation of free standards that are free software friendly (think of OpenSocial vs. Facebook, or Android vs iPhone/Windows Mobile).

Bob Young and Matthew Szulik. Bob Young created Red Hat, one of the most successful free software companies. Under young’s leadership, Red Hat established itself as the leading GNU/Linux distribution in the server space. Red Hat’s contributions to the Linux kernel and free software in general are immense. Matthew Szulik was Red Hat’s CEO after Young, and made the company even stronger. More importantly, Szulik had an historical (and unconfirmed) dinner with Steve Ballmer, Microsoft’s CEO, who tried his best to convince him to enter a compromising patent agreement with Microsoft. Szulik said “no”, although the agreement would have probably been very lucrative for Red Hat. Signing it would have crippled the free software world.

Jimmy Wales. He is the creator of another web site you might have heard of: Wikipedia. I don’t need to put a link here: just type anything in Google (see above: that’s the fancy search page I talked about a minute ago), and you’ll probably find one or more Wikipedia pages listed… Wikipedia’s software is available under a free license (GPL). Yes, that’s the same license created by Richard Stallman (see above). While Wikipedia itself is not free software, it was one of the first times (if not the first time) that the free software philosophy was applied to a non-technical field. And it was immensely successful.

Lawrence Lessig. He created the Creative Commons licenses, which allow artists to release their works under licenses that have the same principles as free software licenses.

Sir Tim Berners-Lee. He invented the Wold Wide Web. And released the specifications (HTTP and HTML) for free, rather than asking companies and developers to enter unacceptable agreements on supposedly non-discriminatory terms. Without him, the internet today could be dominated by MSN- and AOL-like proprietary protocols and chaos. And I mean: chaos.

Blake Ross. He’s the man who, as a teen-ager (in 2003), realised that the free software movement was losing the web browser world because there wasn’t a lean, free web browser available. So, he forked Mozilla and created another piece of software you might have already heard of: Firefox. The rest is history. In fact, it’s a history with a 25% market share, which is impressive if you consider that each copy of Firefox needs to be downloaded and installed, as opposed to using what comes with Windows directly.

Dries Buytaert. The author of Drupal, one of the greatest Content Management Systems out there. (Yes, I am biased, since I am a Drupal developer.) Most people aren’t Drupal users; however, a lot of people are users of web sites that use Drupal as their backend.

Keith Packard. He was the force behind XOrg, a fork of XFree86. GNU/Linux today has a fantastic graphic subsystem thanks to him. This interview with Keith Packard, which dates back to 2003, explains part of what happened. Note that in the interview nothing was set in stone just yet, and XOrg was still more or less an “idea”. Today, it’s a strong reality in the free software world.

Bram Cohen. The mathematical genius creator of BitTorrent. Unlike pretty much everybody else, he released the specifications and the reference implementation of his protocol for free. BitTorrent proved to be crucial for free software, since it made the download of ever-growing distributions possible. Other players (see: the RIAA) are not as impressed by the protocol’s potential.

Michael Tiemann. He founded Cygnus back in 1989. Cygnus Solutions was one of the first attempts to “make money” out of free software. Tiemann also wrote the GNU C++ compiler and worked on the GNU C compiler and debugger, which are crucial pieces of software that change the IT world.

The world without them What would the world be like if those individuals had taken a plumbing career instead? You can argue that if they hadn’t done it, well, somebody else may have. That word “may” is the problem here. (This also brings the more the more theoretical problem of the “near-miss list”: the list of people who did take a plumbing career instead of helping the world, but that’s a different story…) Without Pamela Jones, many (including me) believe that the SCO case against Linux could have taken a much nastier turn. Without Stallman, the free software movement wouldn’t be nearly as organised and strong. Without Shuttleworth, a proprietary GNU/Linux distribution could have become the market leader (it was already happening, slowly, with Linspire). Without Larry Page and Sergey Brin there would be no Google. No Summer of Code. No Android. No OpenSocial—and the list goes on and on. Without Bob Young and Matthew Szulik, there might be no clear leader in the GNU/Linux server market, or—worse — Red Hat might have given in to Microsoft’s pressure to enter a disastrous patent deal. Without Jimmy Wales there would be no Wikipedia. Without Lawrence Lessig, tons of artworks wouldn’t be available through the World Wide Web. And by the way, without Sir Tim Berners-Lee there would be no World Wide Web. Without Blake Ross, you might have to use Interenet Explorer to do anything online. Without Dries Buytaert, Drupal wouldn’t exist. Without Keith Packard, we might be stuck with the monolithic, sort-of-free-but-not-quite XFree86. Without these individuals, basically, the world would be a much, much grimmer place to live in.

Care joining the club?

By reading this article, you probably get the idea: each one of those individuals is smart, dedicated, and willing to sacrifice big chunks of his personal life in order to improve the world. One of the fantastic things about free software is that there is no bar. Anybody can enter it. Your name could well be in this list. All you need, is phenomenal amounts of work and passion for your field—whichever that is. I am not in that list, although I always thought I’d love to be be. I am doing my best with Free Software Magazine, and every time I am tired, or lack inspiration, I look up to those who made this world possible—and strive to do just as much, just as well. We mortals might not go as far as Sir Tim Berners-Lee or Richard Stallman or Pamela Jones. But… we can only try.

Tags: People by Fred
No Comments »