Darpa Starts Sleuthing out Disloyal Troops

Total Page:16

File Type:pdf, Size:1020Kb

Darpa Starts Sleuthing out Disloyal Troops UNCLASSIFIED (U) FBI Tampa Division National Security Threat Awareness Monthly Bulletin MARCH 2012 (U) Administrative Note: This product reflects the views of the FBI- Tampa Division and has not been vetted by FBI Headquarters. (U) Handling notice: Although UNCLASSIFIED, this information is property of the FBI and may be distributed only to members of organizations receiving this bulletin, or to cleared defense contractors. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized access. 10 MAR 2012 (U) The FBI Tampa Division National Security Threat Awareness Monthly Bulletin provides a summary of previously reported US government press releases, publications, and news articles from wire services and news organizations relating to counterintelligence, cyber and terrorism threats. The information in this bulletin represents the views and opinions of the cited sources for each article, and the analyst comment is intended only to highlight items of interest to organizations in Florida. This bulletin is provided solely to inform our Domain partners of news items of interest, and does not represent FBI information. In the MAR 2012 Issue: Article Title Page NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES: Director of National Intelligence delivers "Worldwide Threat Assessment" p. 2 US Intelligence Community Lists Iran Attack Threat and Cyberattacks as Leading Concerns p. 4 Secretary Napolitano Unveils National Strategy for Global Supply Chain Security p. 5 COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM THE PRESS: United States Alleges DuPont TiO2 Technology Stolen for China p. 6 US to Share Cautionary Tale of Wind Turbine Trade Secret Theft with New Chinese Leader p. 8 Man Pleads Guilty to Conspiracy to Export Military Antennae to Singapore and Hong Kong p. 10 Chinese Hackers Suspected In Long-Term Nortel Breach p. 11 Nortel Breach Exposes Security Vulnerabilities of All Enterprises p. 12 Researchers Unearth More Chinese Links to Defense Contractor Attacks p. 15 Company Pleads Guilty to Conspiracy to Export Computer-Related Equipment to Iran p. 15 Russian Diplomats Left Canada Weeks Before Halifax Espionage Arrest p. 16 CYBERSECURITY SPECIAL FOCUS FOR INDUSTRY Digital Spies: The Alarming Rise of Electronic Espionage p. 16 Traveling Light in a Time of Digital Thievery p. 23 CYBER THREAT ITEMS FROM THE PRESS: FBI Director Says Cyberthreat Will Surpass Threat from Terrorists p. 24 FBI Admits Hacker Group’s Eavesdropping p. 26 Cybersecurity Report Stresses Need for Cooperation p. 27 Cybersecurity Lessons from the Battlefields of Europe p. 30 Fake Windows Updater Targets Government Contractors, Stealing Sensitive Data p. 31 13 Security Myths You'll Hear, but Should You Believe? [. 32 Malware Network Threats Rising, How to Defend Yourself p. 35 The 10 Worst Cyberattacks p. 37 Nation-States Launch Cyberattacks Against an Array of Targets p. 39 US Official Signals Growing Concern Over Anonymous Group's Capabilities p. 40 Anonymous Continues To Plague Authority Figures p. 41 In Attack on Vatican Web Site, a Glimpse of Hackers’ Tactics p. 42 Ex-UCF Student Pleads Guilty To Federal Hacking Charge p. 44 Romanian Police Arrest Alleged Hacker In Pentagon, NASA Breaches p. 45 Hacking Now Responsible for Most of Exposed Records p. 45 UNCLASSIFIED 1 UNCLASSIFIED Iran Develops New Cyber-Army p. 46 Iranian Hackers Attacked the Website of Azerbaijani National State TV p. 46 Smartphone, Social Media Users at Risk for Identity Fraud p. 47 IRS Helps Bust 105 People in Massive Identity Theft Crackdown p. 47 More Than Half of Cyberattacks Come From Asia p. 49 GPS Attacks Risk Maritime Disaster, Trading Chaos p. 50 GPS Jammers and Spoofers Threaten Infrastructure, Say Researchers p. 51 COUNTERTERRORISM THREAT ITEMS FROM THE PRESS: 'Sovereign Citizen' Movement Now on FBI's Radar p. 52 NYPD Intelligence Director Mitchell Silber Warns Iran's First Target Is 'Essentially' New York p. 54 Al Qaeda Terrorist Dad Sent To Jail For 4 1/2 Years For Lies To FBI p. 54 US Capitol Suicide Bomb Plot Foiled: How to Catch a 'Lone Wolf' p. 55 D.C. Terrorism Case: Suspect Told Others to Be Ready For Battle, Authorities Said p. 56 Group Admits London Stock Exchange Bomb Plot p. 57 Florida Bomb Plot Suspect Pleads Not Guilty p. 59 (U) NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES: (U) Director of National Intelligence delivers Office of the Director of National Intelligence (ODNI) "Worldwide Threat Assessment" to the US Senate Intelligence Committee (U) Director of National Intelligence James Clapper and CIA Director David Petraeus gave their annual global threat assessment to the Senate Intelligence panel on January 31st, eight months after the US intelligence community celebrated its role in the killing of al-Qaida leader Osama bin Laden. While the two were optimistic about the decline of al-Qaida, they noted that its fragmentation poses continued risks. In addition, Clapper said, the United States in the future is likely to face an increasingly complex security environment with no single predominant threat. "The capabilities, technologies, know-how, communications and environmental forces not confined to borders are occurring with astonishing speed," Clapper told lawmakers Tuesday. "Never before has the intelligence community been asked to master such a complex environment." (U) Here four key take-aways from the testimony: (U) 1. Core al-Qaida is on the run, but the decentralized jihadi movement still poses a threat (U) The killing of Osama bin Laden last May as well as the assassination of several other top al-Qaida leaders has severely fragmented al-Qaida's organization. "A new group of leaders, even if they could be found, would have difficulty integrating into the organization and compensating for mounting losses," Clapper wrote in his testimony. But franchises in weak and failed states such as Yemen, Somalia, and north Africa are still dangerous and plotting attacks against the United States. The global jihadi movement "will continue to be a dangerous transnational force," Clapper wrote. "Terrorist groups and individuals sympathetic to the jihadist movement will have access to the recruits, financing, arms and explosives, and safe havens needed to execute operations." UNCLASSIFIED 2 UNCLASSIFIED (U) 2. Iran undecided on assembling nuclear weapons; but willing to carry out attacks on the United States (U) In Clapper's written testimony, he pointed to last year's plot to assassinate the Saudi ambassador to the United States as a sign that members of Iran's leadership show a new willingness to conduct attacks in the United States. The US intelligence community assesses that Iran's leaders have not yet made the decision whether to produce nuclear weapons. However, the spy chief said, Iran is keeping its options open to do so by pursuing materials needed for a nuclear bomb. Senator Olympia Snow asked Clapper and Petraeus at the hearing how we would know if Iran decides to make a nuclear weapon. "A clear indicator would be enrichment of uranium to 90 percent level," Clapper replied (90 percent is weapon grade). "That would be a pretty good indicator of their seriousness. There [are] however, some other things they still need to do." CIA Director Petraeus added that Iran is pursuing "various components" needed for a nuclear weapon, including "enrichment, weaponization research and delivery" mechanisms, he told Snowe. (U) 3. Cyber attacks are a growing threat (U) Clapper noted growing intelligence community concern about the United States' vulnerability to cyber-threats, from both state-sponsored and non-state hackers from places like China and Russia. Senators at the hearing expressed frustration that the US government still lacks an integrated strategy for confronting the problem. "Cyber threats pose a critical national and economic security concern due to the continued advances in, and growing dependency on, the information technology (IT) that underpins nearly all aspects of modern society," Clapper wrote. But while "our technical advancements in detection and attribution shed light on malicious activity," he continued, "cyber intruders continue to explore new means to circumvent defensive measures." (U) 4. United States facing increasingly complex security challenges, as intelligence community faces fiscal constraints (U) The intelligence community is struggling to assess a world of fast-paced, inter-connected challenges-- in a time of fiscal constraints. "Although I believe that counterterrorism, counterproliferation, cybersecurity, and counterintelligence are at the immediate forefront of our security concerns, it is virtually impossible to rank, in terms of long-term importance, the numerous, potential threats to US national security," Clapper wrote. "The United States no longer faces, as in the Cold War, one dominant threat. Rather, it is the multiplicity and interconnectedness of potential threats, and the actors behind them, that constitute our biggest challenge." "Indeed, even the four categories noted above are also inextricably linked, reflecting a quickly changing international environment of rising new powers, rapid diffusion of power to nonstate actors and ever greater access by individuals and small groups to lethal technologies," Clapper said. (U) Analyst Comment: I advise all our partners in the US government, state and local government, law enforcement, and the private sector, especially those companies doing business overseas, to download and review this document.
Recommended publications
  • Virtual Currencies and Terrorist Financing : Assessing the Risks And
    DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT FOR CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS COUNTER-TERRORISM Virtual currencies and terrorist financing: assessing the risks and evaluating responses STUDY Abstract This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the TERR Committee, explores the terrorist financing (TF) risks of virtual currencies (VCs), including cryptocurrencies such as Bitcoin. It describes the features of VCs that present TF risks, and reviews the open source literature on terrorist use of virtual currencies to understand the current state and likely future manifestation of the risk. It then reviews the regulatory and law enforcement response in the EU and beyond, assessing the effectiveness of measures taken to date. Finally, it provides recommendations for EU policymakers and other relevant stakeholders for ensuring the TF risks of VCs are adequately mitigated. PE 604.970 EN ABOUT THE PUBLICATION This research paper was requested by the European Parliament's Special Committee on Terrorism and was commissioned, overseen and published by the Policy Department for Citizens’ Rights and Constitutional Affairs. Policy Departments provide independent expertise, both in-house and externally, to support European Parliament committees and other parliamentary bodies in shaping legislation and exercising democratic scrutiny over EU external and internal policies. To contact the Policy Department for Citizens’ Rights and Constitutional Affairs or to subscribe to its newsletter please write to: [email protected] RESPONSIBLE RESEARCH ADMINISTRATOR Kristiina MILT Policy Department for Citizens' Rights and Constitutional Affairs European Parliament B-1047 Brussels E-mail: [email protected] AUTHORS Tom KEATINGE, Director of the Centre for Financial Crime and Security Studies, Royal United Services Institute (coordinator) David CARLISLE, Centre for Financial Crime and Security Studies, Royal United Services Institute, etc.
    [Show full text]
  • RSA-512 Certificates Abused in the Wild
    RSA-512 Certificates abused in the wild During recent weeks we have observed several interesting publications which have a direct relation to an investigation we worked on recently. On one hand there was a Certificate Authority being revoked by Mozilla, Microsoft and Google (Chrome), on the other hand there was the disclosure of a malware attack by Mikko Hypponen (FSecure) using a government issued certificate signed by the same Certificate Authority. That case however is not self-contained and a whole range of malicious software had been signed with valid certificates. The malicious software involved was used in targeted attacks focused on governments, political organizations and the defense industry. The big question is of course, what happened, and how did the attackers obtain access to these certificates? We will explain here in detail how the attackers have used known techniques to bypass the Microsoft Windows code signing security model. Recently Mikko Hypponen wrote a blog on the F-Secure weblog (http://www.f-secure.com/weblog/archives/00002269.html) detailing the discovery of a certificate used to sign in the wild malware. Specifically this malware was embedded in a PDF exploit and shipped in August 2011. Initially Mikko also believed the certificate was stolen, as that is very common in these days, with a large amount of malware families having support, or optional support, for stealing certificates from the infected system. Apparently someone Mikko spoke to mentioned something along the lines that it had been stolen a long time ago. During the GovCert.nl symposium Mikko mentioned the certificate again, but now he mentioned that according to the people involved with investigating the case in Malaysia it likely wasn't stolen.
    [Show full text]
  • Compromised Connections
    COMPROMISED CONNECTIONS OVERCOMING PRIVACY CHALLENGES OF THE MOBILE INTERNET The Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and many other international and regional treaties recognize privacy as a fundamental human right. Privacy A WORLD OF INFORMATION underpins key values such as freedom of expression, freedom of association, and freedom of speech, IN YOUR MOBILE PHONE and it is one of the most important, nuanced and complex fundamental rights of contemporary age. For those of us who care deeply about privacy, safety and security, not only for ourselves but also for our development partners and their missions, we need to think of mobile phones as primary computers As mobile phones have transformed from clunky handheld calling devices to nifty touch-screen rather than just calling devices. We need to keep in mind that, as the storage, functionality, and smartphones loaded with apps and supported by cloud access, the networks these phones rely on capability of mobiles increase, so do the risks to users. have become ubiquitous, ferrying vast amounts of data across invisible spectrums and reaching the Can we address these hidden costs to our digital connections? Fortunately, yes! We recommend: most remote corners of the world. • Adopting device, data, network and application safety measures From a technical point-of-view, today’s phones are actually more like compact mobile computers. They are packed with digital intelligence and capable of processing many of the tasks previously confined
    [Show full text]
  • Violent Jihad in the Netherlands
    Violent Jihad in the Netherlands Current trends in the Islamist terrorist threat Violent Jihad in the Netherlands Current trends in the Islamist terrorist threat 2 Contents Foreword 5 Introduction 7 The murder of Theo van Gogh: consequences and effects 7 General trends in the development of jihadism 9 Framework of terms and definitions 10 1 From exogenous threat to home-grown terrorism 13 1.1 What is a jihadist network? 13 1.2 Historical development of network formation 15 1.2.1 The traditional phase: migration of jihadists 15 1.2.2 The proliferation phase: recruitment 16 1.2.3 The ‘home-grown’ phase: radicalisation and jihadisation 17 1.3 Three types of jihadist networks 17 2 Decentralisation and local implantation of international jihad19 2.1Al-Qaeda: from ‘network of gynetworks’ 19 to trademark and ideolo 2.2 Ideology of global violent jihad 21 2.3 Decentralisation of international jihad 22 2.4 Local implantation of international jihad 26 3 Radicalisation and the emergence of local networks 29 3.1Radicalisation, recruitment and jihadisation 29 3.2 The religious context of radicalisation 30 3.3 The socio-political context of radicalisation 33 3.4 The cultural and socio-psychological context of radicalisation 35 3.5 Emergence of local autonomous cells and networks 37 3.6 Backgrounds and functioning of local autonomous networks 38 3.7 The significance of the Hofstad network 39 4 Virtualisation of jihad 43 4.1The Internet as a propulsion of the jihad movement 43 4.2 Al-Qaeda as a virtual database (top-down) 44 4.3 The virtual umma (grass
    [Show full text]
  • The Terrorism Trap: the Hidden Impact of America's War on Terror
    University of Tennessee, Knoxville TRACE: Tennessee Research and Creative Exchange Doctoral Dissertations Graduate School 8-2019 The Terrorism Trap: The Hidden Impact of America's War on Terror John Akins University of Tennessee, [email protected] Follow this and additional works at: https://trace.tennessee.edu/utk_graddiss Recommended Citation Akins, John, "The Terrorism Trap: The Hidden Impact of America's War on Terror. " PhD diss., University of Tennessee, 2019. https://trace.tennessee.edu/utk_graddiss/5624 This Dissertation is brought to you for free and open access by the Graduate School at TRACE: Tennessee Research and Creative Exchange. It has been accepted for inclusion in Doctoral Dissertations by an authorized administrator of TRACE: Tennessee Research and Creative Exchange. For more information, please contact [email protected]. To the Graduate Council: I am submitting herewith a dissertation written by John Akins entitled "The Terrorism Trap: The Hidden Impact of America's War on Terror." I have examined the final electronic copy of this dissertation for form and content and recommend that it be accepted in partial fulfillment of the requirements for the degree of Doctor of Philosophy, with a major in Political Science. Krista Wiegand, Major Professor We have read this dissertation and recommend its acceptance: Brandon Prins, Gary Uzonyi, Candace White Accepted for the Council: Dixie L. Thompson Vice Provost and Dean of the Graduate School (Original signatures are on file with official studentecor r ds.) The Terrorism Trap: The Hidden Impact of America’s War on Terror A Dissertation Presented for the Doctor of Philosophy Degree The University of Tennessee, Knoxville John Harrison Akins August 2019 Copyright © 2019 by John Harrison Akins All rights reserved.
    [Show full text]
  • TLS Attacks & DNS Security
    IAIK TLS Attacks & DNS Security Information Security 2019 Johannes Feichtner [email protected] IAIK Outline TCP / IP Model ● Browser Issues Application SSLStrip Transport MITM Attack revisited Network Link layer ● PKI Attacks (Ethernet, WLAN, LTE…) Weaknesses HTTP TLS / SSL FLAME FTP DNS Telnet SSH ● Implementation Attacks ... ● Protocol Attacks ● DNS Security IAIK Review: TLS Services All applications running TLS are provided with three essential services Authentication HTTPS FTPS Verify identity of client and server SMTPS ... Data Integrity Detect message tampering and forgery, TLS e.g. malicious Man-in-the-middle TCP IP Encryption Ensure privacy of exchanged communication Note: Technically, not all services are required to be used Can raise risk for security issues! IAIK Review: TLS Handshake RFC 5246 = Establish parameters for cryptographically secure data channel Full handshake Client Server scenario! Optional: ClientHello 1 Only with ServerHello Client TLS! Certificate 2 ServerKeyExchange Certificate CertificateRequest ClientKeyExchange ServerHelloDone CertificateVerify 3 ChangeCipherSpec Finished ChangeCipherSpec 4 Finished Application Data Application Data IAIK Review: Certificates Source: http://goo.gl/4qYsPz ● Certificate Authority (CA) = Third party, trusted by both the subject (owner) of the certificate and the party (site) relying upon the certificate ● Browsers ship with set of > 130 trust stores (root CAs) IAIK Browser Issues Overview Focus: Relationship between TLS and HTTP Problem? ● Attacker wants to access encrypted data ● Browsers also have to deal with legacy websites Enforcing max. security level would „break“ connectivity to many sites Attack Vectors ● SSLStrip ● MITM Attack …and somehow related: Cookie Stealing due to absent „Secure“ flag… IAIK Review: ARP Poisoning How? Attacker a) Join WLAN, ● Sniff data start ARP Poisoning ● Manipulate data b) Create own AP ● Attack HTTPS connections E.g.
    [Show full text]
  • Web and Mobile Security
    Cyber Security Body of Knowledge: Web and Mobile Security Sergio Maffeis Imperial College London bristol.ac.uk © Crown Copyright, The National Cyber Security Centre 2021. This information is licensed under the Open Government Licence v3.0. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open- government-licence/. When you use this information under the Open Government Licence, you should include the following attribution: CyBOK Web & Mobile Security Knowledge Area Issue 1.0 © Crown Copyright, The National Cyber Security Centre 2021, licensed under the Open Government Licence http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at [email protected] to let the project know how they are using CyBOK. bristol.ac.uk Web & Mobile Security KA • This webinar covers and complements selected topics from the “Web & Mobile Security Knowledge Area - Issue 1.0” document [WMS-KA for short] • “The purpose of this Knowledge Area is to provide an overview of security mechanisms, attacks and defences in modern web and mobile ecosystems.” • We assume basic knowledge of the web and mobile platforms – The WMS-KA also covers some of the basic concepts assumed here Web and Mobile Security 3 Scope • The focus of WMS-KA is on the intersection of mobile and web security, as a result of recent appification and webification trends. – The KA does not cover specific mobile-only aspects including mobile networks, mobile malware, side channels.
    [Show full text]
  • SSL/TLS Interception Proxies and Transitive Trust Jeff Jarmoc Dell Secureworks Counter Threat Unit℠ Threat Intelligence
    SSL/TLS Interception Proxies and Transitive Trust Jeff Jarmoc Dell SecureWorks Counter Threat Unit℠ Threat Intelligence Presented at Black Hat Europe – March 14, 2012. Introduction Secure Sockets Layer (SSL) [1] and its successor Transport Layer Security (TLS) [2] have become key components of the modern Internet. The privacy, integrity, and authenticity [3] [4] provided by these protocols are critical to allowing sensitive communications to occur. Without these systems, e- commerce, online banking, and business-to-business exchange of information would likely be far less frequent. Threat actors have also recognized the benefits of transport security, and they are increasingly turning to SSL to hide their activities. Advanced Persistent Threat (APT) attackers [5], botnets [6], and even commodity web attacks can leverage SSL encryption to evade detection. To counter these tactics, organizations are increasingly deploying security controls that intercept end- to-end encrypted channels. Web proxies, data loss prevention (DLP) systems, specialized threat detection solutions, and network intrusion prevention systems (NIPS) offer functionality to intercept, inspect, and filter encrypted traffic. Similar functionality is present in lawful intercept systems and solutions enabling the broad surveillance of encrypted communications by governments. Broadly classified as “SSL/TLS interception proxies,” these solutions act as a “man in the middle,” violating the end-to-end security promises of SSL. This type of interception comes at a cost. Intercepting SSL-encrypted connections sacrifices a degree of privacy and integrity for the benefit of content inspection, often at the risk of authenticity and endpoint validation. Implementers and designers of SSL interception proxies should consider these risks and understand how their systems operate in unusual circumstances.
    [Show full text]
  • Certificate Transparency: New Part of PKI Infrastructure
    Certificate transparency: New part of PKI infrastructure A presentation by Dmitry Belyavsky, TCI ENOG 7 Moscow, May 26-27, 2014 About PKI *) *) PKI (public-key infrastructure) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Check the server certificate The server certificate signed correctly by any of them? Many trusted CAs NO YES Everything seems to We warn the user be ok! DigiNotar case OCSP requests for the fake *.google.com certificate Source: FOX-IT, Interim Report, http://cryptome.org/0005/diginotar-insec.pdf PKI: extra trust Independent Trusted PKI source certificate DANE (RFC 6698) Certificate pinning Limited browsers support Mozilla Certificate Patrol, Chrome cache for Google certificates Certificate transparency (RFC 6962) Inspired by Google (Support in Chrome appeared) One of the authors - Ben Laurie (OpenSSL Founder) CA support – Comodo Certificate Transparency: how it works • Log accepts cert => SCT Client • Is SCT present and signed correctly? Client • Is SCT present and signed correctly? Auditor • Does log server behave correctly? Monitor • Any suspicious certs? Certificate Transparency: how it works Source: http://www.certificate-transparency.org Certificate Transparency how it works Source: http://www.certificate-transparency.org Certificate Transparency current state Google Chrome Support (33+) http://www.certificate-transparency.org/certificate-transparency-in-chrome Google Cert EV plan http://www.certificate-transparency.org/ev-ct-plan Certificate Transparency current state Open source code 2 pilot logs Certificate Transparency: protect from what? SAVE from MITM attack ü Warning from browser ü Site owner can watch logs for certs Do NOT SAVE from HEARTBLEED! Certificate transparency and Russian GOST crypto Russian GOST does not save from the MITM attack Algorithm SHA-256 >>> GOSTR34.11-2012 Key >>> GOST R 34.10-2012 Q&A Questions? Drop ‘em at: [email protected] .
    [Show full text]
  • Security Economics in the HTTPS Value Chain
    Security Economics in the HTTPS Value Chain Hadi Asghari*, Michel J.G. van Eeten*, Axel M. Arnbak+ & Nico A.N.M. van Eijk+1 * [email protected], [email protected] Delft University of Technology, Faculty of Technology Policy and Management + [email protected], [email protected] University van Amsterdam, Faculty of Law, Institute for Information Law Abstract. Even though we increasingly rely on HTTPS to secure Internet communications, several landmark incidents in recent years have illustrated that its security is deeply flawed. We present an extensive multi-disciplinary analysis that examines how the systemic vulnerabilities of the HTTPS authentication model could be addressed. We conceptualize the security issues from the perspective of the HTTPS value chain. We then discuss the breaches at several Certificate Authorities (CAs). Next, we explore the security incentives of CAs via the empirical analysis of the market for SSL certificates, based on the SSL Observatory dataset. This uncovers a surprising pattern: there is no race to the bottom. Rather, we find a highly concentrated market with very large price differences among suppliers and limited price competition. We explain this pattern and explore what it tells us about the security incentives of CAs, including how market leaders seem to benefit from the status quo. In light of these findings, we look at regulatory and technical proposals to address the systemic vulnerabilities in the HTTPS value chain, in particular the EU eSignatures proposal that seeks to strictly regulate HTTPS communications. Keywords: HTTPS, Cybersecurity, Internet Governance, Constitutional Values, E-Commerce, Value Chain Analysis, Security Economics, eSignatures Regulation, SSL, TLS, Digital Certificates, Certificate Authorities.
    [Show full text]
  • The State of SSL Security
    THE STATE OF SSL SECURITY SSL OF STATE THE White Paper The State of SSL Security Why Secure Sockets Layer Certificates Remain Vital to Online Safety The State of SSL Security: Why Secure Sockets Layer Certificates Remain Vital to Online Safety The State of SSL Security Contents What SSL is—and why it matters . .3 . Different levels of validation, different levels of trust . .4 . SSL under siege. 5 Emerging SSL trends: protecting the fragile trust ecosystem. 6 Why working with a trusted, industry-leading vendor is critical . 8. Conclusion . 9 The State of SSL Security: Why Secure Sockets Layer Certificates Remain Vital to Online Safety Without adequate security, online transactions—and the Internet as we know it— could not serve as a feasible platform for global commerce, transmission of data, or the sharing of reliable information. SSL security is the easiest, most cost-effective way to provide that strong protection. Yet high-profile SSL hacking incidents have filled the news headlines recently. Poor security practices by secure sockets layer (SSL) Certificate Authorities (CAs), coupled with persistent outcries from industry detractors that the CA model is no longer viable, caused the digital certificate to have a challenging year in 2011. But SSL itself is not the problem. Rather, the culprits tend to be weak validation, lax oversight of third-party authenticating entities, failure to use best practices to secure facilities, or other factors that are less a matter of the technology than of operator error. SSL itself is still critical to keeping online transactions safe. The real issue is that businesses considering SSL should remember that their choice of vendor matters—significantly.
    [Show full text]
  • Download Article (PDF)
    Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering (ICCSEE 2013) Trust in Cyberspace: New Information Security Paradigm R. Uzal, D. Riesco, G. Montejano N. Debnath Universidad Nacional de San Luis Department of Computer Science San Luis, Argentina Winona State University [email protected] USA {driesco, gmonte}@unsl.edu.ar [email protected] Abstract—This paper is about the differences between grids and infrastructure for destruction [3]. It is evident we traditional and new Information Security paradigms, the are facing new and very important changes in the traditional conceptual difference between “known computer viruses” and Information Security paradigm. Paradigm shift means a sophisticated Cyber Weapons, the existence of a Cyber fundamental change in an individual's or a society's view of Weapons “black market”, the differences between Cyber War, how things work in the cyberspace. For example, the shift Cyber Terrorism and Cyber Crime, the new Information from the geocentric to the heliocentric paradigm, from Security paradigm characteristics and the author’s conclusion “humors” to microbes as causes of disease, from heart to about the new Information Security paradigm to be faced. brain as the center of thinking and feeling [4]. Criminal Authors remark that recently discovered Cyber Weapons can hackers could detect some of those placed “military logic be easily described as one of the most complex IT threats ever bombs” and use them for criminal purposes. This is not a discovered. They are big and incredibly sophisticated. They pretty much redefine the notion of Information Security. theory. It is just a component of current and actual Considering the existence of a sort of Cyber Weapon black Information Security new scenarios.
    [Show full text]