New York authorities said the warrants led to the indictments of firefighters, police officers, and civil servants on disability fraud charges. The Facebook data, which included user photos and videos, showed employees who claimed they were disabled performing a variety of activities, including fishing, martial arts, and even jet ski riding. – Ars Technica
The US military’s unmanned Predator and Reaper drones are continuing to fly remote missions overseas despite a computer virus that has infected their US-based cockpits.
Government officials are still investigating whether the virus is benign, and how it managed to infect the heavily protected computer systems at Creech Air Force Base in Nevada, where US military pilots remotely fly the planes on their missions over Iraq, Afghanistan and elsewhere.
“Something is going on, but it has not had any impact on the missions overseas,” said a source, who was not authorized to speak publicly.
Armed tactical unmanned planes have become an increasingly valuable tool used by the US military to track and attack individuals and small groups overseas, but the virus underscores the vulnerability of such systems to attacks on the computer networks used to fly them from great distances.
Rob Densmore, former US navy airman, told Al Jazeera that the infection was a common keystroke logging virus – which registers the keystrokes pilots use to control the unmanned drones from afar.
“It has to have a point of access, so we know that thumb drives – basically USB drives – are used to upload navigational information, guidance information to Predator and Reaper drones.
“And if there’s a way somehow that that information, or that thumb drive, can come into contact with a network or with the internet, that’s where the danger is because that basically means that information can be carried across from the Reaper drones.”
Government approach to security can be described as designing an unsinkable boat that has no doors between compartments and then, to make it usable, cutting a random and increasing number of undocumented holes between compartments.
The lesson of this story is that even (particularly?) computer security companies cannot put up with the inconvenience of standard security precautions.
Greg Hoglund’s nightmare began on Super Bowl Sunday. On Feb. 6 the high-tech entrepreneur was sitting in his home office, trying to get to the bottom of some unusual traffic he was seeing on the Internet. Two days earlier he’d noticed troubling activity hitting the website of HBGary Federal, the Sacramento startup he helped launch in 2009. He suspected some kind of hacker assault and had spent the weekend helping to shore up the company’s systems. A few hours before Green Bay kicked off to Pittsburgh, Hoglund logged into his corporate account on Google (GOOG)—and confirmed his fears.
He couldn’t get in. Someone had changed the password and locked him out of his own e-mail system.
He used Google mail – and several people had the administrator password.
WASHINGTON — Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.
So what are the lessons. First, “security by obscurity” is equivalent to “hope is a plan”
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.
And second : use standard protocols
Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren’t readily compatible, said people familiar with the matter.
An interesting paper appearing in ASPLOS proceedings provides a “deterministic” locking method
Kendo enforces a deterministic interleaving of lock acquisitions and specially declared non-protected reads through a novel dynamically load-balanced deterministic scheduling algorithm. The algorithm tracks the progress of each thread using performance counters to construct a deterministic logical time that is used to compute an interleaving of shared data accesses that is both deterministic and provides good load balancing. Kendo can run on today’s commodity hardware while incurring only a modest performance cost ( http://www.gigascale.org/pubs/1883/asplos073-olszewski.pdf)
There is similarly motivated work on Java going on at UIC: http://dpj.cs.uiuc.edu/DPJ/Home.html
Both works refer to Lee’s paperwhich I discussed earlier. Nondeterministic threading is a historical accident in computer engineering. Operating systems introduced time-sharing methods so single thread programs could be run in parallel during I/O delays and then so that multiple users could reasonably fairly share a processor and then so the OS and service programs could provide multiple services to a user at the price of slowing down user applications. Exposing this system to users has been a mixed blessing. Certainly in the controls world, non-determinism is a dangerous fault.
Goodness. The US blueprints for Marine1 show up in Iran.
“What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,” Boback said.
Tiversa also found sensitive financial information about the cost of the helicopter on that same computer, WPXI-TV reported.
Obama’s fighting hard to keep his Blackberry
President Barack Obama will have a beloved BlackBerry â€” and maybe a second, more secure smartphone-like device â€” with him in the White House.
The president has been adamant about continuing to use a BlackBerry, a smartphone with Internet and e-mail access, despite concerns that are likely making the National Security Agency as nervous as the Secret Service on Inauguration Day when Obama left his presidential limo twice to walk and wave to crowds along Pennsylvania Avenue. MSNBC