henryfarrell + cybersecurity_class   565

The Internet Freedom Agenda: Not Dead, but Not Exactly Thriving Either | Council on Foreign Relations
They noted that the State Department never stopped its internet freedom work, though it was severely handicapped by the lack of attention from former Secretary of State Rex Tillerson and the hiring freeze he put in place (and just reversed by Secretary Pompeo). The Freedom Online Coalition, a partnership of thirty governments, continues to meet and issue statements. They pointed to continued interest in the strategy in Congress and a recent increase in funding. And they stressed the importance of other, non-governmental actors such as the Global Network Initiative. 
4 weeks ago by henryfarrell
Inside 'Project Indigo,' the quiet info-sharing program between banks and U.S. Cyber Command
A secret information-sharing agreement between the Financial Services Information Sharing and Analysis Center (FS-ISAC) and U.S. Cyber Command reveals the blurring line between the country’s public and private sectors as the U.S. government becomes increasingly receptive to launching offensive hacking operations.

The pilot program, codenamed “Project Indigo,” recently established a confidential information-sharing channel for a subunit of FS-ISAC known as the Financial Systemic Analysis & Resilience Center (FSARC). That subunit shares “scrubbed” cyberthreat data, including malware indicators, with the Fort Mead-based Cyber Command, according to current and former U.S. officials.

The broad purpose of Project Indigo is to help inform U.S. Cyber Command about nation-state hacking aimed at banks. In practice, this intelligence is independently evaluated and, if appropriate, Cyber Command responds under its own unique authorities.

It’s possible that a bank could tip off the military about a cyberattack against the financial industry, prompting Cyber Command to react and take action. That could include providing unique insight back to FSARC or even taking offensive measures to disrupt the attacker — such as retaliatory hacking — if it’s appropriate and the Pentagon approves it, according to current and former U.S. officials.

The program is currently organized in a fairly informal manner, but participants have been discussing a more formal arrangement. Eight financial institutions are involved in FSARC: Bank of America, BNY Mellon, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, State Street and Wells Fargo. Project Indigo also provides data to the Department of Homeland Security and U.S. Treasury. However, those agencies were already getting data from the banks that is narrowly leveraged for defensive measures.

In an emailed statement, a Cyber Command spokesperson acknowledged Project Indigo’s existence.

“The pilot began in 2017 with USCYBERCOM personnel receiving sector-specific exposure to risks facing critical financial payment systems, and observing exercises related to risk mitigation and recovery around realistic scenarios,” said Cyber Command spokesperson Col. Daniel King. “Later, two samples of anonymized cyber threat information were shared with USCYBERCOM to allow the government and its critical infrastructure partners the ability to jointly assess and address emerging threats.”

“No Personally identifiable Information (PII) was shared with USCYBERCOM as part of this effort,” King added.

The financial institutions that participate in the arrangement gave consent to FSARC to share the data with the U.S. government, a person familiar with the effort told CyberScoop. Sources spoke on the condition of anonymity due to the sensitive nature of the program.

In one recent case, FSARC gave Cyber Command a “combo of open-source derived IOCs [indicators of compromise] associated with DPRK [North Korea] and some observed,” one source said. “Open source” in this case means from outside a financial institution, while “observed” refers to internal data.

Under the agreement, financial institutions share data “considered not exclusive” to any one financial firm, a former U.S. official said. Another source familiar with the program said that it was challenged by the simple fact that the banks weren’t yet “interested in sharing at a level which would be truly useful [for Cyber Command].”

An October 2016 press release originally announcing FSARC explained that its mission is to “proactively identify, analyze, assess and coordinate activities to mitigate systemic risk to the U.S. financial system from current and emerging cyber security threats through focused operations and enhanced collaboration between participating firms, industry partners, and the U.S. government.”

That announcement specifically described “government partners” as Treasury, DHS and the Federal Bureau of Investigation, but it did not mention U.S. Cyber Command or the National Security Agency.

Wells Fargo, Bank of America and JPMorgan Chase did not respond to multiple requests for comment. The Office of the Direction of National Intelligence and NSA deferred to Cyber Command for comment.

It’s widely known that large financial institutions face a bevy of sophisticated cyberattacks from both nation states and well-equipped criminal groups. Organized as a private non-profit organization, the FS-ISAC sits at the center of this activity, collecting and sharing information between companies so they can be collectively informed about active cyberthreats.

The collected data can often be extremely sensitive. Not only does it contain malware indicators, but sometimes other sensitive information tied to the targeted institutions. As a result, the intelligence is usually both highly valuable for defenders and potentially dangerous if it’s ever made public.

In an emailed statement, an FS-ISAC spokesperson said: “[Project Indigo] focuses on sharing cyberthreat intelligence related to key threats facing systemically important critical infrastructure operators, with the intention of protecting our financial institutions, their networks and their clients. No customer information has been shared with the U.S. Government under Project Indigo.”

While it’s common for businesses to voluntarily provide federal agencies with information about incidents in cyberspace, the 2013 Edward Snowden leaks chilled these types of relationships, especially between private companies and intelligence agencies. Cyber Command is not an intelligence unit, but it maintains a close relationship with the NSA, including sharing the same leader and building.

Jason Healey, a former intelligence officer and current senior research scholar at Columbia University’s School for International and Public Affairs, told CyberScoop he believed Project Indigo represented a pragmatic step forward.

“We need to be prepared for there to be a role, especially in time critical incidents, for Cyber Command to contribute so long as they are also coordinating with Treasury and [DHS],” said Healey.

Blurring government boundaries
Project Indigo raises questions about the existing hierarchy in government and whether decision-makers see a need for the military to be more integrated with the private sector on cybersecurity.

Over the last eight years, the Defense Department’s role in working with private companies on cybersecurity has fluctuated significantly.

During the Obama administration, the government took steps to make DHS the lead on public-private partnerships. This push was boosted in 2015, when Congress passed the Cybersecurity Information Sharing Act (CISA). The law gave certain liability protections to private companies whenever they shared cyberthreat data with the government through a portal managed by DHS.

The decision to embolden DHS with CISA came after there was a public outcry over privacy concerns. Just two years after the Snowden leaks, critics worried that the Defense Department would mishandle CISA.

A current U.S. official described Project Indigo as “classic mission creep,” a term used to describe when one agency oversteps its boundaries in regards to another agency’s program.

But experts contend that Cyber Command’s role will need to evolve if it’s to reach its full potential. Additionally, the military is already involved in other information sharing initiatives with the private sector.

In December, a Government Accountability Office (GAO) report called on the Defense Department, including Cyber Command, to clarify and further define how it interacts with companies and civilian agencies.

“DOD was supposed to develop [a] comprehensive plan for CYBERCOM to support civil authorities in responding to cyberattacks. DOD has rigorous requirements for what plans should look like, and this didn’t match,” Joseph Kirschbaum, director of GAO’s Defense Capabilities and Management office, previously told CyberScoop.

Congress is currently weighing what role Cyber Command should play in protecting private companies from hackers. In the past, members of the Senate Armed Service Committee have advocated for the military to be more involved.

Last summer, Lt. General Vincent Stewart, the current deputy commander of Cyber Command, said he would like the military to be able to reverse-engineer malware samples in order to create new hacking tools.

“Once we’ve isolated malware, I want to reengineer it and prep to use it against the same adversary who sought to use it against us,” Stewart described. The practice is already well known inside NSA, based on leaked classified documents.

Generally speaking, the military’s relationship with the banks is still evolving.

During the Cyber Command Strategy Conference earlier this year, a high ranking Cyber Command official remarked on stage that “if J.P. Morgan wants to meet us halfway, then that would mean us monitoring their networks [for malicious cyber activity],” according to two individuals who attended the February event.

The comment stunned some audience members, although former NSA Director Gen. Keith Alexander had said something very similar in 2013.
4 weeks ago by henryfarrell
Is Facebook’s Anti-Abuse System Broken? — Krebs on Security
Last week, Facebook deleted almost 120 groups totaling more than 300,000 members. The groups were mostly closed — requiring approval from group administrators before outsiders could view the day-to-day postings of group members.

However, the titles, images and postings available on each group’s front page left little doubt about their true purpose: Selling everything from stolen credit cards, identities and hacked accounts to services that help automate things like spamming, phishing and denial-of-service attacks for hire.
8 weeks ago by henryfarrell
Margaret Roberts Dissertation
Fear, Friction, and Flooding: Methods of Online Information Control
Many scholars have speculated that censorship e↵orts will be ine↵ective in the information age,
where the possibility of accessing incriminating information about almost any political entity will
benefit the masses at the expense of the powerful. Others have speculated that while information
can now move instantly across borders, autocrats can still use fear and intimidation to encourage
citizens to keep quiet. This manuscript demonstrates that the deluge of information in fact still
benefits those in power by observing that the degree of accessibility of information is still determined
by organized groups and governments. Even though most information is possible to access,
as normal citizens get lost in the cacophony of information available to them, their consumption
of information is highly influenced by the costs of obtaining it. Much information is either disaggregated
online or somewhat inaccessible, and organized groups, with resources and incentives
to control this information, use information flooding and information friction as methods of controlling
the cost of information for consumers. I demonstrate in China that fear is not the primary
deterrent for the spread of information; instead, there are massively di↵erent political implications
of having certain information completely free and easy to obtain as compared to being available,
but slightly more dicult
to access.
cybersecurity_class  PDKL-Ninety-five 
february 2018 by henryfarrell
Anatomy of an online misinformation network
Massive amounts of fake news and conspiratorial content have spread
over social media before and after the 2016 US Presidential Elections despite
intense fact-checking efforts. How do the spread of misinformation
and fact-checking compete? What are the structural and dynamic characteristics
of the core of the misinformation diffusion network, and who are
its main purveyors? How to reduce the overall amount of misinformation?
To explore these questions we built Hoaxy, an open platform that enables
large-scale, systematic studies of how misinformation and fact-checking
spread and compete on Twitter. Hoaxy filters public tweets that include
links to unverified claims or fact-checking articles. We perform
decomposition on a diffusion network obtained from two million retweets
produced by several hundred thousand accounts over the six months before
the election. As we move from the periphery to the core of the network,
fact-checking nearly disappears, while social bots proliferate. The
number of users in the main core reaches equilibrium around the time of
the election, with limited churn and increasingly dense connections. We
conclude by quantifying how effectively the network can be disrupted by
penalizing the most central nodes. These findings provide a first look at
the anatomy of a massive online misinformation diffusion network.
PDKL-Ninety-five  cybersecurity_class 
january 2018 by henryfarrell
Examining Trolls and Polarization with a Retweet Network
This research examines the relationship between political homophily
and organized trolling efforts. This is accomplished by analyzing
how Russian troll accounts were retweeted on Twitter in the context
of the #BlackLivesMatter movement. This analysis shows that
these conversations were divided along political lines, and that
the examined trolling accounts systematically took advantage of
these divisions. The findings of this research can help us better
understand how to combat systematic trolling.
january 2018 by henryfarrell
Skyrocketing Bitcoin Fees Hit Carders in Wallet — Krebs on Security
“We have to take additionally a ‘Deposit fee’ from all users who deposit in Bitcoins. This is the amount we spent on transferring your funds to our suppliers. To compensate your costs, we are going to reduce our prices, including credit cards for all users and offer you the better bitcoin exchange rate.”

“The amount of the Deposit Fee depends on the load on the Bitcoin network. However, it stays the same regardless of the amount deposited. Deposits of 10$ and 1000$ attract the same deposit fee.”

“If the Bitcoin price continues increasing, this business is not going to be profitable for us anymore because all our revenue is going to be spent on the Bitcoin fees. We are no longer in possession of additional funds to improve the store.”
silkroad  cybersecurity_class 
december 2017 by henryfarrell
The Polarizing Effects of Online Partisan Criticism: Evidence from Two ExperimentsThe International Journal of Press/Politics - Elizabeth Suhay, Emily Bello-Pardo, Brianna Maurer, 2017
Affective and social political polarization—a dislike of political opponents and a desire to avoid their company—are increasingly salient and pervasive features of politics in many Western democracies, particularly the United States. One contributor to these related phenomena may be increasing exposure to online political disagreements in which ordinary citizens criticize, and sometimes explicitly demean, opponents. This article presents two experimental studies that assessed whether U.S. partisans’ attitudes became more prejudiced in favor of the in-party after exposure to online partisan criticism. In the first study, we draw on an online convenience sample to establish that partisan criticism that derogates political opponents increases affective polarization. In the second, we replicate these findings with a quasi-representative sample and extend the pattern of findings to social polarization. We conclude that online partisan criticism likely has contributed to rising affective and social polarization in recent years between Democrats and Republicans in the United States, and perhaps between partisan and ideological group members in other developed democracies as well. We close by discussing the troubling implications of these findings in light of continuing attempts by autocratic regimes and other actors to influence democratic elections via false identities on social media.
PDKL-Ninety-five  cybersecurity_class 
december 2017 by henryfarrell
Corrupting the Cyber-Commons: Social Media as a Tool of Autocratic Stability
Non-democratic regimes have increasingly moved beyond merely suppressing online discourse, and are shifting toward
proactively subverting and co-opting social media for their own purposes. Namely, social media is increasingly being used to
undermine the opposition, to shape the contours of public discussion, and to cheaply gather information about falsified public
preferences. Social media is thus becoming not merely an obstacle to autocratic rule but another potential tool of regime
durability. I lay out four mechanisms that link social media co-optation to autocratic resilience: 1) counter-mobilization,
2) discourse framing, 3) preference divulgence, and 4) elite coordination. I then detail the recent use of these tactics in mixed and
autocratic regimes, with a particular focus on Russia, China, and the Middle East. This rapid evolution of government social
media strategies has critical consequences for the future of electoral democracy and state-society relations.
cybersecurity_class  PDKL-Ninety-five 
december 2017 by henryfarrell
« earlier      
per page:    204080120160

Copy this bookmark: