I thought it is time to go back to the roots and write an article, how I used to write them in the beginning of www.herpig.de, as compilation of recent news, put under the umbrella of a connecting topic. I cannot deny the fact, that I really liked the wordplay in the heading, suggesting and announcing that I have just been invited as speaker for the ROOTCON 5 hacker and security conference in Cebu City, Philippines. Anyway, let’s start synthesizing this week’s developments: #Anti-Sec and its perception in Politics….
What happened the past few days? The Anti-Sec movement got hold of 10GB of data from various law enforcement agencies (‘Shooting Sheriff Saturday’) in the United States. While their IT was obviously confused and put the updated and hardened servers back online without deleting the backdoors, Anti-Sec used the opportunity to make the credit card holders who bought stuff there to make some donations to Anti-Sec friendly organizations. Another hacker found out, that he can hack his own medical equipment (what a surprise …even though it is still shocking what people with malicious intent can do with that opportunity). Also at the blackhat, the ‘Wireless Aerial Surveillance Platform’ (WASP) was presented. It can be used to ‘steal information from vulnerable Wi-Fi networks, initiate Denial-of-Service attacks and intercept mobile phone calls’. Neat.
So much to the dark side. What happened with out Jedi’s? First, the Department of Homeland Security figured out something important. ‘Now they know what Lulz are. #AntiSec’. Well, at least they now included it in their security bulletin. Furthermore, the RSA hack has been traced back to China – what a surprise. It was only a question of which national actor would have been hold liable for it: Iran, Russia or China. While the first one would have been very hard to believe, China is always a good scapegoat for hacks. Important memo: Never blame your own security. That would be to easy. Two other news are more interesting. The Defense Advanced Research Projects Agency launched the ‘Cyber Fast Track’ project. It basically ‘allows the Defense Department to easily fund projects for hackers and small security firms to help strengthen its cybersecurity efforts’. Neat. At the same time, the former CIA and NSA director Gen. Michael Hayden came up with the idea of digital mercenaries or a ‘digital blackwater’ for the United States. Because it worked so well with the analogue blackwater already? Ah, eh, shame on me, I mean XE. He basically suggest the use of private contractors to defend the national information infrastructure. Hayden said that ‘You think back long enough in history and there are times when the private sector was responsible for its own defence’. Okay, let us think back at that time. Mercenaries ruled Europe and not the other way around. The ‘country’ which could afford the best mercenaries one. Well, sometimes it was already enough to have enough money to pay the mercenaries of the opponent. Subsequently, they turned on their initial employer and you did not only get a troop of bloodthirsty pikemen but also the country of the opponent. Well, until another country paid off ‘your mercenaries’. That was before we had the notion of the nation-state. The nation-state came in in order to get rid of these mercenaries. States formed and raised taxes in order to be able to pay a standing army. Some efficient mercenary groups survived a bit longer but in the all they all vanished (well excluding those guys hanging around at the Vatican). Oh, now I also go back to the roots of the nation-state. My bad. Well, basically I think the idea is plain stupid. Something as valuable as the national security should not be put in the hands of some private contractors. Educate your own army, pay them enough to not want to leave you and integrate them into your system. First you have to realize that you are in DIRE NEED of cybersecurity specialists. Oh well, that you have done already since… last year.
To digest it: The blackhats are building wifi spy-drones, hack the executive of the state (well and medical equipment) and the national white hats shall be contracted privately and finally, after half-a year, put THE hacking movement of the year on their list of POTENTIAL threats. Well..what can I say? Can we please sell some more (@Germany) of our tanks, artillery and other useless crap and spend it for R&D and education? Pretty pretty please?